Subscribe to Officer's Blog
Officer's BlogNavigation: officercia.eth
In today’s article, I’d want to draw your attention to some of my most time-consuming articles (there are 120+ already!), which I feel to be my best! Enjoy!Art by: Regul LionOpSec & SecurityOpSec Going SmartOpSec Going SmarterOpSec Going Smarter: Secure SmartphonesUnfolding Ancient Wisdom: How Ancient Stories Teach Modern Humans about Security and OpSecAn Open Letter to the Manufacturers and Designers of Crypto WalletsWould Stay Extra Vigilant Over the Holidays…Interview With a KyberSwap Hack...
Officer's BlogEssential Security Tactics to Implement After the Bybit Hack
Below, we outline key strategies, drawing from expert recommendations shared in the wake of the event.
Officer's BlogThe Worst OpSec Fails of 2025: Lessons from Darknet Busts and Whale Kidnappings
I'll break it down simple, like we're chatting over coffee, and throw in some real stories from the news.
>4.5K subscribers
Support Officer's Blog
Officer's BlogPer Aspera ad Astra: How to become a smart contract auditor & bugbounty-hunter
Subscribe to Officer's Blog
>4.5K subscribers
Support Officer's Blog
Officer's BlogPer Aspera ad Astra: How to become a smart contract auditor & bugbounty-hunter
Officer's BlogNavigation: officercia.eth
In today’s article, I’d want to draw your attention to some of my most time-consuming articles (there are 120+ already!), which I feel to be my best! Enjoy!Art by: Regul LionOpSec & SecurityOpSec Going SmartOpSec Going SmarterOpSec Going Smarter: Secure SmartphonesUnfolding Ancient Wisdom: How Ancient Stories Teach Modern Humans about Security and OpSecAn Open Letter to the Manufacturers and Designers of Crypto WalletsWould Stay Extra Vigilant Over the Holidays…Interview With a KyberSwap Hack...
Officer's BlogEssential Security Tactics to Implement After the Bybit Hack
Below, we outline key strategies, drawing from expert recommendations shared in the wake of the event.
Officer's BlogThe Worst OpSec Fails of 2025: Lessons from Darknet Busts and Whale Kidnappings
I'll break it down simple, like we're chatting over coffee, and throw in some real stories from the news.
Share Dialog
Share Dialog
• Smart contract auditor pathway
• All known smart contract-side and user-side attacks and vulnerabilities
• Join developer communities & chats
Just spotted an awesome retrospective on hacks, happened recently! Link wooded-meter-1d8.notion.site/0e85e02c5ed34df3855ea9f3ca40f53b?v=22e5e2c506ef4caeb40b4f78e23517ee More related resources: rekt.news newsletter.blockthreat.io cryptosec.info/defi-hacks defyield.xyz/rekt-database defillama.com/hacks www.chainabuse.com cryptoscamdb.org Vulnerabilities & exploits resources: github.com/sirhashalot/SCV-List github.com/KadenZipfel/smart-contract-attack-vectors github.com/securing/SCSVS swcregistry.io All known...
Use just about everything from my special compendium: telegra.ph/All-known-smart-contract-side-and-user-side-attacks-and-vulnerabilities-in-Web30--DeFi-03-31 and https://telegra.ph/Solidity-Catsheets-Pack-03-20 ❗️❗️❗️
Study: quillaudits.substack.com/p/openseas-official-discord-compromised and rekt.news
Separately, you'll need to study the audit checklists: t.me/officer_cia/177
twitter.com/0xBlasco/status/1500455598684618753 - these courses
Blockchain security framework - t.me/officer_cia/232
Tokenomics simulation tools t.me/officer_cia/69 and understand it (resources) t.me/officer_cia/89
smartcontractresearch.org/t/mitigations-against-flash-loan-enabled-attacks/615 and arxiv.org/abs/2003.03810
Tenderly.co alerts - officercia.medium.com/tenderly-app-a-swiss-pocketknife-for-the-web3-developer-89bb904bee46
Study medium.com/immunefi/hacking-the-blockchain-an-ultimate-guide-4f34b33c6e8b and wufflz.notion.site/Blockchain-security-guide-b26aec3d920e414d8a354618d3e36eb4
Reproduce DeFi hacked incidents using Foundry. Contribute to SunWeb3Sec/DeFiHackLabs development by creating an account on GitHub.
devansh.xyz/blockchain-security/2021/09/17/genesis-0x01.html
www.notonlyowner.com/learn/intro-security-hacking-smart-contracts-ethereum
arxiv.org/pdf/2106.10740.pdf - Threat Modeling
arxiv.org/pdf/2109.06836.pdf - User-Side Attacks
arxiv.org/pdf/2203.02662.pdf - Metaverse Security
github.com/xf97/JiuZhou - Bugs in Solidity
| Also check out: github.com/sigp/solidity-security-blog & graph.org/Solidity-Cheatsheets-Pack-03-20
blog.embarklabs.io/news/2020/01/30/dapp-frontend-security/index.html - DApp frontend security.
www.theseus.fi/bitstream/handle/10024/170724/Aboualy_Mahmoud_bachelor_thesis.pdf - Learning Best Practices from Web Applications to Avoid Similar Security Vulnerabilities in Decentralized Applications.
twitter.com/officer_cia/status/1422785502634196996 & twitter.com/officer_cia/status/1409537800022659074 - More about Oracle attacks
blog.euler.finance/uniswap-oracle-attack-simulator-42d18adf65af?gi=8ad59382eefb - UniV2 Oracle attack simulator.
github.com/KadenZipfel/smart-contract-attack-vectors - All known Smart Contract Attack Vectors
graph.org/NFT-security-01-28 - NFT security
graph.org/ETHSec-Tools-02-13 - All ETH security tools existing
www.phishfort.com/blog/web3-phishing-has-finally-arrived - Web3 phishing
bloom.co/blog/6-ways-a-site-can-attack-your-metamask/ - MetaMask targeted attacks.
newsletter.blockthreat.io - All hacks and security incidents in Web3 timeline.
mirror.xyz/0x8Df126302a7EA75E7013Ec8Ad6bFaC14DD84a5fF/Cxa5L18eGjr8y08VkELx9m61-yl1-h-oTT2z7SjNhuo moralis.io/how-to-build-a-cross-chain-bridge ...
swcregistry.io - Smart Contract Bug Database
arxiv.org/pdf/2105.06974.pdf - A Survey of Security Vulnerabilities in Ethereum Smart Contracts
www.researchgate.net/publication/353794368_SMART_CONTRACTS_VULNERABILITIES_AND_REAL_ATTACKS - General Overview
www.researchgate.net/publication/338926064_Smart_Contract_Attacks_and_Protections - General Overview
www.ndss-symposium.org/wp-content/uploads/NDSS2021posters_paper_2.pdf - Attacks on RPC
eprint.iacr.org/2021/1147.pdf - Automated Analysis of Economic Security in Smart Contracts
arxiv.org/abs/2003.03810 - Literally the best study about flash-loan attacks
github.com/felixnan88/fallback-attack - All about fallback attack
Jobs:
| Read: web3.smsunarto.com
Grants & DAOs:
Bounties:
blog.openzeppelin.com/follow-this-quality-checklist-before-an-audit-8cc6a0e44845/
ethereum.stackexchange.com/questions/8551/security-review-checklist-for-a-smart-contract/8593#8593
our.status.im/what-is-a-security-audit-when-you-should-get-one-and-how-to-prepare
Refer to the “Education” section of Tokenomics DAO for the most up to date resources/articles on tokenomics. Introductory Content All You Need to Know About Tokenomics Great starting point outlining...
If you want to support my work, you can send me a donation to the address:
0xB25C5E8fA1E53eEb9bE3421C59F6A66B786ED77A or officercia.eth — ETH, BSC, Polygon, Optimism, Zk, Fantom, etc
4AhpUrDtfVSWZMJcRMJkZoPwDSdVG6puYBE3ajQABQo6T533cVvx5vJRc5fX7sktJe67mXu1CcDmr7orn1CrGrqsT3ptfds - Monero XMR
• Smart contract auditor pathway
• All known smart contract-side and user-side attacks and vulnerabilities
• Join developer communities & chats
Just spotted an awesome retrospective on hacks, happened recently! Link wooded-meter-1d8.notion.site/0e85e02c5ed34df3855ea9f3ca40f53b?v=22e5e2c506ef4caeb40b4f78e23517ee More related resources: rekt.news newsletter.blockthreat.io cryptosec.info/defi-hacks defyield.xyz/rekt-database defillama.com/hacks www.chainabuse.com cryptoscamdb.org Vulnerabilities & exploits resources: github.com/sirhashalot/SCV-List github.com/KadenZipfel/smart-contract-attack-vectors github.com/securing/SCSVS swcregistry.io All known...
Use just about everything from my special compendium: telegra.ph/All-known-smart-contract-side-and-user-side-attacks-and-vulnerabilities-in-Web30--DeFi-03-31 and https://telegra.ph/Solidity-Catsheets-Pack-03-20 ❗️❗️❗️
Study: quillaudits.substack.com/p/openseas-official-discord-compromised and rekt.news
Separately, you'll need to study the audit checklists: t.me/officer_cia/177
twitter.com/0xBlasco/status/1500455598684618753 - these courses
Blockchain security framework - t.me/officer_cia/232
Tokenomics simulation tools t.me/officer_cia/69 and understand it (resources) t.me/officer_cia/89
smartcontractresearch.org/t/mitigations-against-flash-loan-enabled-attacks/615 and arxiv.org/abs/2003.03810
Tenderly.co alerts - officercia.medium.com/tenderly-app-a-swiss-pocketknife-for-the-web3-developer-89bb904bee46
Study medium.com/immunefi/hacking-the-blockchain-an-ultimate-guide-4f34b33c6e8b and wufflz.notion.site/Blockchain-security-guide-b26aec3d920e414d8a354618d3e36eb4
Reproduce DeFi hacked incidents using Foundry. Contribute to SunWeb3Sec/DeFiHackLabs development by creating an account on GitHub.
devansh.xyz/blockchain-security/2021/09/17/genesis-0x01.html
www.notonlyowner.com/learn/intro-security-hacking-smart-contracts-ethereum
arxiv.org/pdf/2106.10740.pdf - Threat Modeling
arxiv.org/pdf/2109.06836.pdf - User-Side Attacks
arxiv.org/pdf/2203.02662.pdf - Metaverse Security
github.com/xf97/JiuZhou - Bugs in Solidity
| Also check out: github.com/sigp/solidity-security-blog & graph.org/Solidity-Cheatsheets-Pack-03-20
blog.embarklabs.io/news/2020/01/30/dapp-frontend-security/index.html - DApp frontend security.
www.theseus.fi/bitstream/handle/10024/170724/Aboualy_Mahmoud_bachelor_thesis.pdf - Learning Best Practices from Web Applications to Avoid Similar Security Vulnerabilities in Decentralized Applications.
twitter.com/officer_cia/status/1422785502634196996 & twitter.com/officer_cia/status/1409537800022659074 - More about Oracle attacks
blog.euler.finance/uniswap-oracle-attack-simulator-42d18adf65af?gi=8ad59382eefb - UniV2 Oracle attack simulator.
github.com/KadenZipfel/smart-contract-attack-vectors - All known Smart Contract Attack Vectors
graph.org/NFT-security-01-28 - NFT security
graph.org/ETHSec-Tools-02-13 - All ETH security tools existing
www.phishfort.com/blog/web3-phishing-has-finally-arrived - Web3 phishing
bloom.co/blog/6-ways-a-site-can-attack-your-metamask/ - MetaMask targeted attacks.
newsletter.blockthreat.io - All hacks and security incidents in Web3 timeline.
mirror.xyz/0x8Df126302a7EA75E7013Ec8Ad6bFaC14DD84a5fF/Cxa5L18eGjr8y08VkELx9m61-yl1-h-oTT2z7SjNhuo moralis.io/how-to-build-a-cross-chain-bridge ...
swcregistry.io - Smart Contract Bug Database
arxiv.org/pdf/2105.06974.pdf - A Survey of Security Vulnerabilities in Ethereum Smart Contracts
www.researchgate.net/publication/353794368_SMART_CONTRACTS_VULNERABILITIES_AND_REAL_ATTACKS - General Overview
www.researchgate.net/publication/338926064_Smart_Contract_Attacks_and_Protections - General Overview
www.ndss-symposium.org/wp-content/uploads/NDSS2021posters_paper_2.pdf - Attacks on RPC
eprint.iacr.org/2021/1147.pdf - Automated Analysis of Economic Security in Smart Contracts
arxiv.org/abs/2003.03810 - Literally the best study about flash-loan attacks
github.com/felixnan88/fallback-attack - All about fallback attack
Jobs:
| Read: web3.smsunarto.com
Grants & DAOs:
Bounties:
blog.openzeppelin.com/follow-this-quality-checklist-before-an-audit-8cc6a0e44845/
ethereum.stackexchange.com/questions/8551/security-review-checklist-for-a-smart-contract/8593#8593
our.status.im/what-is-a-security-audit-when-you-should-get-one-and-how-to-prepare
Refer to the “Education” section of Tokenomics DAO for the most up to date resources/articles on tokenomics. Introductory Content All You Need to Know About Tokenomics Great starting point outlining...
If you want to support my work, you can send me a donation to the address:
0xB25C5E8fA1E53eEb9bE3421C59F6A66B786ED77A or officercia.eth — ETH, BSC, Polygon, Optimism, Zk, Fantom, etc
4AhpUrDtfVSWZMJcRMJkZoPwDSdVG6puYBE3ajQABQo6T533cVvx5vJRc5fX7sktJe67mXu1CcDmr7orn1CrGrqsT3ptfds - Monero XMR
Study very carefully github.com/Rari-Capital/solcurity and cmichel.io/how-to-become-a-smart-contract-auditor and pentacle.xyz/projects/security
The internal security of the project - docs.google.com/document/d/1-_0Wlwch_vtkPM4F-SdEXLjQYaYT7KoPlU2rjt7tkLQ/edit
And you can also study github.com/0xsanny/solsec
All audit/security tools - telegra.ph/ETHSec-Tools-02-13, github.com/nascentxyz/simple-security-toolkit
Check resources here t.me/cryptooffensive
OpSec Principles - graph.org/Key-principles-of-storing-crypto-cold-wallet-attacks-defense-methods-best-practices--Bonus-04-23 github.com/undergroundwires/privacy.sexy , web.archive.org/web/20220302223645/https://anonymousplanet.org/guide.html
Forensics/Research in Crypto: t.me/officer_cia/236 mirror.xyz/officercia.eth/BFzv17UwH6QG4q711NAljtSiP8eKR17daLjTdmAgbHw
All TX analysis tools list graph.org/TX-Analysis-tools-04-19
Honeypot detection tools graph.org/A-Short-List-of-the-Rug-Checker-Tools-04-09
Bugs and vulnerabilities that exist in Web2 and Web3 - www.theseus.fi/bitstream/handle/10024/170724/Aboualy_Mahmoud_bachelor_thesis.pdf
All about MEV - t.me/officer_cia/146
Be sure to study defieducation.substack.com/p/how-to-read-smart-contracts-part?s=r and blog.trustlook.com/understand-evm-bytecode-part-1/ and all the posts by these Authors
start.me/p/QRg5ad/officercia - peruse my Awesome Blogs section and Sec section (on the right side, just below the defi map-tree)
telegra.ph/Article-08-08 - frontend security
NFT security telegra.ph/NFT-security-01-28
Explore hack cases newsletter.blockthreat.io
Study github.com/emilianobonassi/security-toolkit and www.smartcontractresearch.org/t/research-summary-a-systematic-literature-review-of-blockchain-cyber-security/1299
Attack Vectors - github.com/sirhashalot/SCV-List github.com/KadenZipfel/smart-contract-attack-vectors swcregistry.io
Study the Framework securing.github.io/SCSVS/SCSVS_v1.1.pdf and github.com/securing/SCSVS
Read posts on Medium by Mudit Gupta, Immunefi and BlockSec team, also twitter.com/officer_cia/status/1519371437068505089 all 4 threads, arxiv.org/pdf/2106.10740.pdf and arxiv.org/pdf/2109.06836.pdf
github.com/freight-chain/defi-sec & github.com/freight-trust/defi-threat - DeFi Threats List
arxiv.org/pdf/2103.02873.pdf - Hunting For DeFi Attacks on Blockchain
defi-sandwi.ch & pub.tik.ee.ethz.ch/students/2021-FS/BA-2021-07.pdf - A tool to check whether a transaction is susceptible to sandwich attacks and to find a suitable order split was released on.
gasgauge.github.io, arxiv.org/pdf/2112.14771.pdf - A security analysis tool for smart contract out-of-gas vulnerabilities
Tutela.xyz - tornado cash pool analyzer.
github.com/OffcierCia/DeFi-Developer-Road-Map#security--safety - CIA compilation of reads.
library.dedaub.com - Smart Contract Library
github.com/christoftorres/ConFuzzius - a Fuzzer
Study very carefully github.com/Rari-Capital/solcurity and cmichel.io/how-to-become-a-smart-contract-auditor and pentacle.xyz/projects/security
The internal security of the project - docs.google.com/document/d/1-_0Wlwch_vtkPM4F-SdEXLjQYaYT7KoPlU2rjt7tkLQ/edit
And you can also study github.com/0xsanny/solsec
All audit/security tools - telegra.ph/ETHSec-Tools-02-13, github.com/nascentxyz/simple-security-toolkit
Check resources here t.me/cryptooffensive
OpSec Principles - graph.org/Key-principles-of-storing-crypto-cold-wallet-attacks-defense-methods-best-practices--Bonus-04-23 github.com/undergroundwires/privacy.sexy , web.archive.org/web/20220302223645/https://anonymousplanet.org/guide.html
Forensics/Research in Crypto: t.me/officer_cia/236 mirror.xyz/officercia.eth/BFzv17UwH6QG4q711NAljtSiP8eKR17daLjTdmAgbHw
All TX analysis tools list graph.org/TX-Analysis-tools-04-19
Honeypot detection tools graph.org/A-Short-List-of-the-Rug-Checker-Tools-04-09
Bugs and vulnerabilities that exist in Web2 and Web3 - www.theseus.fi/bitstream/handle/10024/170724/Aboualy_Mahmoud_bachelor_thesis.pdf
All about MEV - t.me/officer_cia/146
Be sure to study defieducation.substack.com/p/how-to-read-smart-contracts-part?s=r and blog.trustlook.com/understand-evm-bytecode-part-1/ and all the posts by these Authors
start.me/p/QRg5ad/officercia - peruse my Awesome Blogs section and Sec section (on the right side, just below the defi map-tree)
telegra.ph/Article-08-08 - frontend security
NFT security telegra.ph/NFT-security-01-28
Explore hack cases newsletter.blockthreat.io
Study github.com/emilianobonassi/security-toolkit and www.smartcontractresearch.org/t/research-summary-a-systematic-literature-review-of-blockchain-cyber-security/1299
Attack Vectors - github.com/sirhashalot/SCV-List github.com/KadenZipfel/smart-contract-attack-vectors swcregistry.io
Study the Framework securing.github.io/SCSVS/SCSVS_v1.1.pdf and github.com/securing/SCSVS
Read posts on Medium by Mudit Gupta, Immunefi and BlockSec team, also twitter.com/officer_cia/status/1519371437068505089 all 4 threads, arxiv.org/pdf/2106.10740.pdf and arxiv.org/pdf/2109.06836.pdf
github.com/freight-chain/defi-sec & github.com/freight-trust/defi-threat - DeFi Threats List
arxiv.org/pdf/2103.02873.pdf - Hunting For DeFi Attacks on Blockchain
defi-sandwi.ch & pub.tik.ee.ethz.ch/students/2021-FS/BA-2021-07.pdf - A tool to check whether a transaction is susceptible to sandwich attacks and to find a suitable order split was released on.
gasgauge.github.io, arxiv.org/pdf/2112.14771.pdf - A security analysis tool for smart contract out-of-gas vulnerabilities
Tutela.xyz - tornado cash pool analyzer.
github.com/OffcierCia/DeFi-Developer-Road-Map#security--safety - CIA compilation of reads.
library.dedaub.com - Smart Contract Library
github.com/christoftorres/ConFuzzius - a Fuzzer
No comments yet