🚀 Web3 Security Resources Hub

Welcome to the Web3 Security Resources Hub! This repository is your one-stop destination for all things related to Web3 security. Whether you're a beginner looking to dive into smart contract auditing, a developer seeking best practices, or a security enthusiast wanting to stay updated with the latest trends and vulnerabilities, you'll find valuable resources here.

📚 Table of Contents

1. 🌐 Roadmaps & Learning Paths
2. 🔍 Audit Company Analysis
3. 🛠 Smart Contract Programming Best Practices
4. 📄 Audit Reports
5. 📰 Blogs, News & Newsletters
6. 🔒 Formal Verification Tools
7. ✅ Security Checklists
8. 🧰 Security Tools & Frameworks
9. 🏆 CTFs & Challenges
10. 💥 Exploit Repositories
11. 💸 DeFi Security
12. 🔐 Zero-Knowledge Proofs (ZKPs)
13. 🔗 Proxy Security
14. 🔎 Vulnerabilities & Attack Vectors
15. 🧑‍💻 Developer Resources
16. 📈 Job Boards
17. 📄 Academic Papers
18. 👨‍💻 Sway Language Security Audit
19. 💡 Contribution
20. 📫 Contact

🌟 Featured Resources

Here are some standout resources to get you started:

• Mastering Ethereum Book on GitHub

  • Ethereum Book
  • Awesome Ethereum Security

• Web3 Security Libraries

  • Immunefi Team Web3 Security Library
  • Quillhash Solidity Attack Vectors

• Smart Contract Exploits & Analysis

  • DeFi Hack Analysis 2023 PDF
  • SlowMist Learning Roadmap

🌐 Roadmaps & Learning Paths

A structured approach to mastering Web3 security.

• Simplified Roadmap for Blockchain Security
  • Quillhash Auditor Roadmap
  • RazzorSec Auditor's Roadmap
  • Complete Roadmap to Smart Contract Auditing in 2022
  • How to Become a Smart Contract Auditor
  • Awesome Web3 Security
  • Smart Contract Auditor Coggle Diagram
  • Ethereum Security Road Map
  • Blockchain Security Guide
  • Knowledge Sharing - Blockchain Security
  • Awesome Smart Contract Security
  • SlowMist Learning Roadmap for Auditors
  • Smart Contract Resources
  • Blockchain Security Library
  • Blockchain Best Developer Roadmap
  • Full Solidity Course by Patrick

🔍 Audit Company Analysis

Insights and analyses of various audit companies in the Web3 space.

• Audit Companies Analysis on Twitter
• OfficerCia Mirror on Audit Companies

🛠 Smart Contract Programming Best Practices

Guidelines and patterns to write secure smart contracts.

• Solidity Patterns
• Consensys Smart Contract Best Practices

📄 Audit Reports

Comprehensive audit reports from leading security firms.

• Spearbit
  • Spearbit Audit Reports
• ConsenSys Diligence
  • ConsenSys Audit Reports
• Quill Audits
  • Quillhash Audit Reports
• Comprehensive Audit Lists
  • Blockchain Security Audit List

📰 Blogs, News & Newsletters

Stay updated with the latest trends, vulnerabilities, analyses, and curated newsletters in Web3 security.

• Blogs & News

  • CertiK Resources
  • Quillhash Blog
  • REKT News
  • Secureum Substack
  • Immunefi Medium
  • Numen Cyber Blog
  • Fairyproof Substack
  • Jim Park's Cybersec Bookmarks
  • Chainabuse
  • CryptoScamDB
  • Quill Audits Hackerboard

• Newsletters

  • Web3 Security Newsletter
  • Latest Web3 Security News and Resources Hub

🔒 Formal Verification Tools

Tools and resources for formally verifying smart contracts to ensure their correctness and security.

• Awesome Web3 Formal Verification
• Zellic on Formal Verification
• Invariant Testing in Solidity
• Cyfrin on Formal Verification & Symbolic Execution
• Quill Audits on Testing and Formal Verification
• Verified Smart Contracts by Runtime Verification

✅ Security Checklists

Essential checklists to ensure comprehensive security audits and best practices.

• Smart Contract Security Checklist
  • The Ultimate 100-Point Checklist
  • Web3 Security Checklist on LinkedIn
  • Decurity Audit Checklists
  • Audit Crew's Audit Hero
  • Cryptofinlabs Audit Checklist
  • OpenZeppelin Audit Readiness Guide
  • Spearbit Bridge Security Checklist
  • 0xPrinc Checks While Hacks
  • SCV List
  • TechnoGeek01 Solidity Gas Optimizations
  • ERC-4337 Security Checklist
  • Web3Sec Smart Contract Audit Checklist

🧰 Security Tools & Frameworks

A collection of tools and frameworks to aid in Web3 security assessments and audits.

• Web3 Security Tools by Quillhash
• SmartBugs Automated Framework
• Smart Contract Auditor Tools & Techniques
• AuditBase (Paid)
• Ackee-Blockchain Tests IPO
• C4udit Smart Contract Vulnerability Scanner
• Regast Public
• Foundry Cheatsheet
• Solidity Memory Optimization
• Solidity-Attack-Vectors by Quillhash
• Transmissions11 Solcurity
• Smart Contract Security Verification Standard (SCSVS)
• Simple Security Toolkit by NascentXYZ
• Web3Sec Security Tools Collection

🏆 CTFs & Challenges

Engage in Capture The Flag (CTF) competitions and challenges to sharpen your Web3 security skills.

• Ethernaut All CTF Challenges in One Video
• BlockThreat CTF Collection
• MinaMao CTF Blockchain Challenges
• Paradigm CTF Write-Ups
• Capture The Ether
• StarkNet Challenges
• Code4rena & Sherlock CTF Reports
• CTF Dragonfly
• NodeGuardians CTF
• Solidity Riddles
• HackMD CTF Solutions
• My CTF Challenges

💥 Exploit Repositories

Learn from past exploits and understand how vulnerabilities are exploited in real-world scenarios.

• Smart Contract Exploits Minimized
• Serial Coder's Solidity Security by Example
• Rohan's Web3 Security
• Immunefi Bug Bounty Writeups
• DeFi Hack Labs by SunWeb3Sec
• All Things Reentrancy
• Solidity Security by Serial Coder

💸 DeFi Security

Resources focused on the security aspects of Decentralized Finance (DeFi).

• Path - The Ultimate Guide to DeFi Hacking
• Deep Dive into DeFi
• DefiSecurity Best Practices
• Defi MOOC
• Defi Vunerable Labs by SunWeb3Sec
• Top 10 DeFi Security Practices by Arunim Shukla
• Lending & Borrowing DeFi Platforms Vulnerabilities
• TokenInsight DeFi Market Analysis

🔐 Zero-Knowledge Proofs (ZKPs)

Explore the intricacies and security aspects of Zero-Knowledge Proofs in Web3.

• Awesome ZK by Ventali
• ZK Bug Tracker by 0xPARC
• Common ZK Vulnerabilities
• ZKM Newsletter August 2023
• ZK Weekly Resources by Nirlin
• Demystifying ZKPs with Porter Adams
• ZK Security Reviews
• Learn ZK by 0xPARC
• ZK Sync YouTube Playlist
• ZK Crypto Library Bugs
• Common Bugs & Attacks Using ZKP

🔗 Proxy Security

Guidelines to secure proxy contracts in smart contract development.

• Security Guide for Proxies
• AuditZK: Tornado Cash Example

🔎 Vulnerabilities & Attack Vectors

Understand common vulnerabilities and attack vectors in smart contracts and blockchain systems.

• Smart Contract Attack Vectors by Quillhash
• SigmaPrime Solidity Security Blog
• Runtime Verification's Vulnerabilities List
• YAcademy Common Web3 Security Issues
• Harendra Shakya's Attack Vectors
• Abarbatei's Attack Vectors on Twitter
• Algorithm for Vulnerable Pattern Detection
• Audit Hero - Bug Search
• Vulnerable Smart Contract Patterns Registry
• Public Registry of Known Bugs & Attacks
• Top 10 Hacking Techniques of 2022
• List of Known Solidity Compiler Bugs
• Smart Contract Security Best Practices
• Code4rena Report Categorized

🧑‍💻 Developer Resources

Essential tools and libraries for Web3 developers focusing on security.

• YUL by Example
• Solidity in Foundry
• Foundry YUL Puzzles
• Solidity Notes by Chinmay Farkya
• EVM Playground
• EVM Learning Resources
• Awesome EVM Security
• EVM Book by 0xKitsune
• Awesome Ethereum Virtual Machine
• Blockchain Development Resources
• EVM Mastery by Quillhash
• Learn Cairo Language
• WTF Cairo
• Foundry Cheatsheet
• Ethereum Technical Specification

📈 Job Boards

Find the latest job opportunities in Web3 security.

• Web3 Security Job Board
• AuditJobs
• Web3 Security Careers

📄 Academic Papers

Research papers and academic resources on smart contract security and blockchain vulnerabilities.

• Top-10 Vulnerabilities in Substrate-based Blockchains
• Rust Security Research Paper
• Academic Smart Contract Papers Collection
• MEV Conundrum Research
• Smart Contract Attack Vector Detection

🔐 Sway Language Security & Audit Resources

The Sway language is a domain-specific language for the Fuel network. It is built to ensure smart contract security, and here are some key resources for learning and mastering Sway from a security auditing perspective.

• Introduction to Sway Language Security Audit – An in-depth introduction to the security audits of Sway language in the Fuel ecosystem.

• Mastering Sway Analyzer – An essential guide to using the Sway Analyzer to enhance smart contract security.

• Sway Standards - Security Information (SRC-11) – Official documentation on security standards for Sway language in Fuel Network.

• Top 5 Bugs from the Fuel Attackathon – A breakdown of the most significant security bugs discovered during the ImmuneFi Fuel Attackathon, providing insights into potential vulnerabilities in Sway-based projects.

• Rewrite the Uniswap V2 DeX using Sway on Fuel

• how to create and test a simple SRC20 contract in Sway

• Fuel Network Academy, ImmuneFi Attackathon

💡 Contribution

We welcome contributions from the community! If you have valuable resources to add or improvements to suggest, feel free to raise a Pull Request (PR).

1. Fork the repository.
2. Create a new branch (git checkout -b feature/YourFeature).
3. Commit your changes (git commit -m 'Add some feature').
4. Push to the branch (git push origin feature/YourFeature).
5. Open a Pull Request.

📫 Contact

Feel free to reach out with any questions or suggestions!

• Twitter: Raiders
• LinkedIn: Chirag Agrawal
• Schedule a 1on1 Mentorship Session: Book a Time

Thank you for visiting the Web3 Security Resources Hub! Happy learning and secure coding! 🛡️✨

This repository is maintained by Raiders. If you find any broken links or have suggestions for improvement, please let us know!