EVM Security

repo: kareniel/awesome-evm-security
category: Security

Awesome EVM Security

EVM stands for "Ethereum Virtual Machine". The EVM powers the Ethereum mainnet, but also Layer 2 protocols, sidechains, and EVM-compatible chains.

This list is an overview of the EVM ecosystem from an information security management perspective.

CryptoSec.info - Information to help beginners learn how to protect their funds against hackers and scammers.
Simplified Roadmap for Blockchain Security - Covers all rudimentary topics that one needs to know in order to get into the field of Blockchain Security.
How to become a smart contract auditor - Frequently asked questions that are related to auditing and auditors can get their first job.

A beginner's guide to DAOs - Gives a high level overview of what DAOs are, why they are interesting and some of their use cases.
Deep DAO - Lists, ranks and analyzes top DAOs across multiple metrics.
SAFT Agreements - A commercial instrument used to convey rights in tokens prior to the development of the tokens' functionality.
Voting Options in DAOs - Voting Options in DAOs.
The Wyoming DAO bill - A thread about Wyoming DAOs .
It Takes a Cryptonetwork - Prime's Strategy for DAO to DAO Relations.
DAOs, Democracy and Governance - A paper by Ralph Merkle about DAOs.

Shelling Out: The Origins of Money - Illustrates the value of collectibles in reducing social transaction costs.
Foundations of Cryptoeconomic Systems - This paper explores why the term "cryptoeconomics" is context dependent and proposes complementary micro, meso and macro definitions of the term.
Towards a Practice of Token Engineering - How do we design tokenized ecosystems, their incentives and how do we analyze or verify them?
A Crash Course in Mechanism Design for Cryptoeconomic Applications - Introduces the basic concepts of mechanism design, and gives a taste for their usefulness in the cryptocurrency world.
WTF Is QF - A simple explanation of quadratic funding.
Bonding Curves Explained - What bonding curves are and their potential applications.

DeFi Safety - Best practices security score reviews.
DASP Top 10 of 2018 - Decentralized Application Security Project Top 10 vulnerabilities.
IVSCS - Immunefi Vulnerability Severity Classification System.
[Smart Contract Security Verification Standard](https://securing.github.io/SCSVS/) - A free 14-part checklist created to standardize the security of smart contracts for developers, architects, security reviewers and vendors.
Secureth guidelines - Aid you in formulating your own software engineering process by giving a complete picture of all the different concerns and expectations in your software projects.
[CryptoCurrency Security Standard (CCSS)](https://cryptoconsortium.github.io/CCSS/) - A set of requirements for all information systems that make use of cryptocurrencies, including exchanges, web applications, and cryptocurrency storage solutions.
The Solcurity Standard - Opinionated security and code quality standard for Solidity smart contracts.

Security Considerations in the Solidity documentation - Lists some pitfalls and general security recommendations.
[Ethereum 2.0 Specifications Security Audit Report](https://leastauthority.com/static/publications/LeastAuthority-Ethereum-2.0-Specifications-Audit-Report.pdf) - Security Audit Report of the Eth2.0 spec by Least Authority.
Getting Deep Into EVM - An Ultimate, In-depth Explanation of How EVM Works.
Ethereum EVM illustrated - Exploring some mental models and implementations.
Ethereum Blockspace: Who Gets What and Why - Ethereum blockspace market structure.
What Is Uniswap and How Does It Work? - What Uniswap is, how it works, and how you can swap tokens on it simply with an Ethereum wallet.
Scaling EVM (Ethereum Virtual Machine) - How fast and far can the EVM based blockchain architecture still take us.
L2Beat - Transparent and verifiable insights into emerging layer two (L2) technologies.
The Non-Fungible Token Bible - Everything you need to know about NFTs.
KEVM - A formal model of the EVM in the K framework.

Blockchain Graveyard - A list of all massive security breaches or thefts involving blockchains.
[List of Bitcoin Heists](https://bitcointalk.org/index.php?topic=576337) - Research on prior Bitcoin-related thefts.
Blockchain Threat Intelligence - The latest in blockchain, DeFi and cryptocurrency threat intelligence, vulnerabilities, security tools, and events.
Rekt News - Investigative journalism, creative commentary, and incident analysis.
DeFiYield's REKT db - Database of Crypto Hacks, Exploit, Scam.
CryptoScamDB - Keeping track of cryptocurrency scams in an open-source database.
Mudit Gupta's Twitter threads - Early analysis and educational content on Twitter.
Flash Boys 2.0 Paper - Frontrunning in Decentralized Exchanges, Miner Extractable Value, and Consensus Instability.
MEV-explore - Help the community understand and quantify the significance of "Dark Forest activities" and their impact on the Ethereum network.
Flashloan monitor - Dashboard that helps you monitor flashloan transactions.
Known Attacks - A list of known attacks which you should be aware of, from Consensys.
Solidity Security - Comprehensive list of known attack vectors and common anti-patterns.

SWC Registry - Smart Contract Weakness Classification and Test Cases.
246 Findings - 246 Findings From Trail of Bits Smart Contract Audits.
[A Survey of Security Vulnerabilities in Ethereum Smart Contracts](https://arxiv.org/pdf/2105.06974.pdf) - Explains eight vulnerabilities that are specific to the application level of blockchain technology by analyzing the past exploitation case scenarios of these security vulnerabilities.
[List of Security Vulnerabilities](https://github.com/runtimeverification/verified-smart-contracts/wiki/List-of-Security-Vulnerabilities) - A comprehensive list of common smart contract security vulnerabilities, compiled from various sources.
List of Known Bugs - A JSON-formatted list of some of the known security-relevant bugs in the Solidity compiler.

[Simple Security Toolkit](https://github.com/nascentxyz/simple-security-toolkit) - Opinionated recommendations that the team at Nascent find to be appropriate, particularly for teams developing and managing early versions of a protocol.
Gnosis Safe - Multi-sig. Require multiple team members to confirm every transaction in order to execute it, which helps prevent unauthorized access to company crypto.
List of DeFi auditors - List of DeFi auditors maintained by DeFiSafety.
State of DeFi Audits - Article taking a look at the auditing space and its importance in onboarding users by properly securing new DeFi protocols.
Building Secure Contracts - Trail of Bits' guidelines and best practices on how to write secure smart contracts.
Solidity Patterns - A compilation of patterns and best practices for the smart contract programming language Solidity.
[Security Pattern for Ethereum and Solidity](https://docs.google.com/spreadsheets/d/1PF4QZudW6Z7EV4hqQfwPo3A43AVqPrsuzzzey5yRYcs/edit#gid=0) - Google Sheets Checklists.
Solidity Best Practices for Smart Contract Security - Pro tips from Consensys to ensure your Ethereum smart contracts are fortified.
CERtified - Top 100 exchanges by Cybersecurity rating.
[Smart Contract Security Registry](https://github.com/ethereum-lists/contracts) - An effort to identify deployed contracts instances given their chain and address, by listing the project they belong to.
Forta - Community-based runtime security network for smart contracts.

People to follow on Twitter - Twitter list to an overview of the web3 ecosystem and security people.
Videos to watch on YouTube - YouTube playlist of web3 security videos.