Skip to content

🕶 A high-level overview of the EVM security ecosystem

License

Notifications You must be signed in to change notification settings

kareniel/awesome-evm-security

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

85 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Awesome EVM Security Awesome

Awesome EVM Security

EVM stands for "Ethereum Virtual Machine". The EVM powers the Ethereum mainnet, but also Layer 2 protocols, sidechains, and EVM-compatible chains.

This list is an overview of the EVM ecosystem from an information security management perspective.

Contents

Guides

Governance

Architecture

Standards

  • DeFi Safety - Best practices security score reviews.
  • DASP Top 10 of 2018 - Decentralized Application Security Project Top 10 vulnerabilities.
  • IVSCS - Immunefi Vulnerability Severity Classification System.
  • Smart Contract Security Verification Standard - A free 14-part checklist created to standardize the security of smart contracts for developers, architects, security reviewers and vendors.
  • Secureth guidelines - Aid you in formulating your own software engineering process by giving a complete picture of all the different concerns and expectations in your software projects.
  • CryptoCurrency Security Standard (CCSS) - A set of requirements for all information systems that make use of cryptocurrencies, including exchanges, web applications, and cryptocurrency storage solutions.
  • The Solcurity Standard - Opinionated security and code quality standard for Solidity smart contracts.

System Assets

Threats

  • Blockchain Graveyard - A list of all massive security breaches or thefts involving blockchains.
  • List of Bitcoin Heists - Research on prior Bitcoin-related thefts.
  • Blockchain Threat Intelligence - The latest in blockchain, DeFi and cryptocurrency threat intelligence, vulnerabilities, security tools, and events.
  • Rekt News - Investigative journalism, creative commentary, and incident analysis.
  • DeFiYield's REKT db - Database of Crypto Hacks, Exploit, Scam.
  • CryptoScamDB - Keeping track of cryptocurrency scams in an open-source database.
  • Mudit Gupta's Twitter threads - Early analysis and educational content on Twitter.
  • Flash Boys 2.0 Paper - Frontrunning in Decentralized Exchanges, Miner Extractable Value, and Consensus Instability.
  • MEV-explore - Help the community understand and quantify the significance of "Dark Forest activities" and their impact on the Ethereum network.
  • Flashloan monitor - Dashboard that helps you monitor flashloan transactions.
  • Known Attacks - A list of known attacks which you should be aware of, from Consensys.
  • Solidity Security - Comprehensive list of known attack vectors and common anti-patterns.

Vulnerabilities

Controls

  • Simple Security Toolkit - Opinionated recommendations that the team at Nascent find to be appropriate, particularly for teams developing and managing early versions of a protocol.
  • Gnosis Safe - Multi-sig. Require multiple team members to confirm every transaction in order to execute it, which helps prevent unauthorized access to company crypto.
  • List of DeFi auditors - List of DeFi auditors maintained by DeFiSafety.
  • State of DeFi Audits - Article taking a look at the auditing space and its importance in onboarding users by properly securing new DeFi protocols.
  • Building Secure Contracts - Trail of Bits' guidelines and best practices on how to write secure smart contracts.
  • Solidity Patterns - A compilation of patterns and best practices for the smart contract programming language Solidity.
  • Security Pattern for Ethereum and Solidity - Google Sheets Checklists.
  • Solidity Best Practices for Smart Contract Security - Pro tips from Consensys to ensure your Ethereum smart contracts are fortified.
  • CERtified - Top 100 exchanges by Cybersecurity rating.
  • Smart Contract Security Registry - An effort to identify deployed contracts instances given their chain and address, by listing the project they belong to.
  • Forta - Community-based runtime security network for smart contracts.

Ecosystem

Footnotes

See Also

Other Awesome Lists: