EVM Security
Awesome EVM Security ¶
EVM stands for "Ethereum Virtual Machine". The EVM powers the Ethereum mainnet, but also Layer 2 protocols, sidechains, and EVM-compatible chains.
This list is an overview of the EVM ecosystem from an information security management perspective.
Guides¶
- CryptoSec.info - Information to help beginners learn how to protect their funds against hackers and scammers.
- Simplified Roadmap for Blockchain Security - Covers all rudimentary topics that one needs to know in order to get into the field of Blockchain Security.
- How to become a smart contract auditor - Frequently asked questions that are related to auditing and auditors can get their first job.
Governance¶
- A beginner's guide to DAOs - Gives a high level overview of what DAOs are, why they are interesting and some of their use cases.
- Deep DAO - Lists, ranks and analyzes top DAOs across multiple metrics.
- SAFT Agreements - A commercial instrument used to convey rights in tokens prior to the development of the tokens' functionality.
- Voting Options in DAOs - Voting Options in DAOs.
- The Wyoming DAO bill - A thread about Wyoming DAOs .
- It Takes a Cryptonetwork - Prime's Strategy for DAO to DAO Relations.
- DAOs, Democracy and Governance - A paper by Ralph Merkle about DAOs.
Architecture¶
- Shelling Out: The Origins of Money - Illustrates the value of collectibles in reducing social transaction costs.
- Foundations of Cryptoeconomic Systems - This paper explores why the term "cryptoeconomics" is context dependent and proposes complementary micro, meso and macro definitions of the term.
- Towards a Practice of Token Engineering - How do we design tokenized ecosystems, their incentives and how do we analyze or verify them?
- A Crash Course in Mechanism Design for Cryptoeconomic Applications - Introduces the basic concepts of mechanism design, and gives a taste for their usefulness in the cryptocurrency world.
- WTF Is QF - A simple explanation of quadratic funding.
- Bonding Curves Explained - What bonding curves are and their potential applications.
Standards¶
- DeFi Safety - Best practices security score reviews.
- DASP Top 10 of 2018 - Decentralized Application Security Project Top 10 vulnerabilities.
- IVSCS - Immunefi Vulnerability Severity Classification System.
- Smart Contract Security Verification Standard - A free 14-part checklist created to standardize the security of smart contracts for developers, architects, security reviewers and vendors.
- Secureth guidelines - Aid you in formulating your own software engineering process by giving a complete picture of all the different concerns and expectations in your software projects.
- CryptoCurrency Security Standard (CCSS) - A set of requirements for all information systems that make use of cryptocurrencies, including exchanges, web applications, and cryptocurrency storage solutions.
- The Solcurity Standard - Opinionated security and code quality standard for Solidity smart contracts.
System Assets¶
- Security Considerations in the Solidity documentation - Lists some pitfalls and general security recommendations.
- Ethereum 2.0 Specifications Security Audit Report - Security Audit Report of the Eth2.0 spec by Least Authority.
- Getting Deep Into EVM - An Ultimate, In-depth Explanation of How EVM Works.
- Ethereum EVM illustrated - Exploring some mental models and implementations.
- Ethereum Blockspace: Who Gets What and Why - Ethereum blockspace market structure.
- What Is Uniswap and How Does It Work? - What Uniswap is, how it works, and how you can swap tokens on it simply with an Ethereum wallet.
- Scaling EVM (Ethereum Virtual Machine) - How fast and far can the EVM based blockchain architecture still take us.
- L2Beat - Transparent and verifiable insights into emerging layer two (L2) technologies.
- The Non-Fungible Token Bible - Everything you need to know about NFTs.
- KEVM - A formal model of the EVM in the K framework.
Threats¶
- Blockchain Graveyard - A list of all massive security breaches or thefts involving blockchains.
- List of Bitcoin Heists - Research on prior Bitcoin-related thefts.
- Blockchain Threat Intelligence - The latest in blockchain, DeFi and cryptocurrency threat intelligence, vulnerabilities, security tools, and events.
- Rekt News - Investigative journalism, creative commentary, and incident analysis.
- DeFiYield's REKT db - Database of Crypto Hacks, Exploit, Scam.
- CryptoScamDB - Keeping track of cryptocurrency scams in an open-source database.
- Mudit Gupta's Twitter threads - Early analysis and educational content on Twitter.
- Flash Boys 2.0 Paper - Frontrunning in Decentralized Exchanges, Miner Extractable Value, and Consensus Instability.
- MEV-explore - Help the community understand and quantify the significance of "Dark Forest activities" and their impact on the Ethereum network.
- Flashloan monitor - Dashboard that helps you monitor flashloan transactions.
- Known Attacks - A list of known attacks which you should be aware of, from Consensys.
- Solidity Security - Comprehensive list of known attack vectors and common anti-patterns.
Vulnerabilities¶
- SWC Registry - Smart Contract Weakness Classification and Test Cases.
- 246 Findings - 246 Findings From Trail of Bits Smart Contract Audits.
- A Survey of Security Vulnerabilities in Ethereum Smart Contracts - Explains eight vulnerabilities that are specific to the application level of blockchain technology by analyzing the past exploitation case scenarios of these security vulnerabilities.
- List of Security Vulnerabilities - A comprehensive list of common smart contract security vulnerabilities, compiled from various sources.
- List of Known Bugs - A JSON-formatted list of some of the known security-relevant bugs in the Solidity compiler.
Controls¶
- Simple Security Toolkit - Opinionated recommendations that the team at Nascent find to be appropriate, particularly for teams developing and managing early versions of a protocol.
- Gnosis Safe - Multi-sig. Require multiple team members to confirm every transaction in order to execute it, which helps prevent unauthorized access to company crypto.
- List of DeFi auditors - List of DeFi auditors maintained by DeFiSafety.
- State of DeFi Audits - Article taking a look at the auditing space and its importance in onboarding users by properly securing new DeFi protocols.
- Building Secure Contracts - Trail of Bits' guidelines and best practices on how to write secure smart contracts.
- Solidity Patterns - A compilation of patterns and best practices for the smart contract programming language Solidity.
- Security Pattern for Ethereum and Solidity - Google Sheets Checklists.
- Solidity Best Practices for Smart Contract Security - Pro tips from Consensys to ensure your Ethereum smart contracts are fortified.
- CERtified - Top 100 exchanges by Cybersecurity rating.
- Smart Contract Security Registry - An effort to identify deployed contracts instances given their chain and address, by listing the project they belong to.
- Forta - Community-based runtime security network for smart contracts.
Ecosystem¶
- People to follow on Twitter - Twitter list to an overview of the web3 ecosystem and security people.
- Videos to watch on YouTube - YouTube playlist of web3 security videos.
Footnotes¶
See Also¶
Other Awesome Lists:
- Awesome BlockSec CTF - Blockchain security Capture the Flag (CTF) competitions.
- Awesome Buggy ERC20 Tokens - Vulnerabilities in ERC20 Smart Contracts With Tokens Affected.
- Awesome Cryptoeconomics - Cryptoeconomic research and learning materials.
- Awesome Zero-Knowledge Proofs (ZKP) - A curated list of awesome things related to learning Zero-Knowledge Proofs (ZKP).
- Officer CIA's Ultimate DeFi Research Base - Curated DeFI & Blockchain research papers and tools.
- Awesome MEV resources