Subscribe to Officer's Blog
>4.5K subscribers
• Smart contract auditor pathway
• All known smart contract-side and user-side attacks and vulnerabilities
• Join developer communities & chats
Just spotted an awesome retrospective on hacks, happened recently! Link wooded-meter-1d8.notion.site/0e85e02c5ed34df3855ea9f3ca40f53b?v=22e5e2c506ef4caeb40b4f78e23517ee More related resources: rekt.news newsletter.blockthreat.io cryptosec.info/defi-hacks defyield.xyz/rekt-database defillama.com/hacks www.chainabuse.com cryptoscamdb.org Vulnerabilities & exploits resources: github.com/sirhashalot/SCV-List github.com/KadenZipfel/smart-contract-attack-vectors github.com/securing/SCSVS swcregistry.io All known...
Use just about everything from my special compendium: telegra.ph/All-known-smart-contract-side-and-user-side-attacks-and-vulnerabilities-in-Web30--DeFi-03-31 and https://telegra.ph/Solidity-Catsheets-Pack-03-20 ❗️❗️❗️
Study: quillaudits.substack.com/p/openseas-official-discord-compromised and rekt.news
Separately, you'll need to study the audit checklists: t.me/officer_cia/177
twitter.com/0xBlasco/status/1500455598684618753 - these courses
Blockchain security framework - t.me/officer_cia/232
Tokenomics simulation tools t.me/officer_cia/69 and understand it (resources) t.me/officer_cia/89
smartcontractresearch.org/t/mitigations-against-flash-loan-enabled-attacks/615 and arxiv.org/abs/2003.03810
Tenderly.co alerts - officercia.medium.com/tenderly-app-a-swiss-pocketknife-for-the-web3-developer-89bb904bee46
Study medium.com/immunefi/hacking-the-blockchain-an-ultimate-guide-4f34b33c6e8b and wufflz.notion.site/Blockchain-security-guide-b26aec3d920e414d8a354618d3e36eb4
Reproduce DeFi hacked incidents using Foundry. Contribute to SunWeb3Sec/DeFiHackLabs development by creating an account on GitHub.
devansh.xyz/blockchain-security/2021/09/17/genesis-0x01.html
www.notonlyowner.com/learn/intro-security-hacking-smart-contracts-ethereum
arxiv.org/pdf/2106.10740.pdf - Threat Modeling
arxiv.org/pdf/2109.06836.pdf - User-Side Attacks
arxiv.org/pdf/2203.02662.pdf - Metaverse Security
github.com/xf97/JiuZhou - Bugs in Solidity
| Also check out: github.com/sigp/solidity-security-blog & graph.org/Solidity-Cheatsheets-Pack-03-20
blog.embarklabs.io/news/2020/01/30/dapp-frontend-security/index.html - DApp frontend security.
www.theseus.fi/bitstream/handle/10024/170724/Aboualy_Mahmoud_bachelor_thesis.pdf - Learning Best Practices from Web Applications to Avoid Similar Security Vulnerabilities in Decentralized Applications.
twitter.com/officer_cia/status/1422785502634196996 & twitter.com/officer_cia/status/1409537800022659074 - More about Oracle attacks
blog.euler.finance/uniswap-oracle-attack-simulator-42d18adf65af?gi=8ad59382eefb - UniV2 Oracle attack simulator.
github.com/KadenZipfel/smart-contract-attack-vectors - All known Smart Contract Attack Vectors
graph.org/NFT-security-01-28 - NFT security
graph.org/ETHSec-Tools-02-13 - All ETH security tools existing
www.phishfort.com/blog/web3-phishing-has-finally-arrived - Web3 phishing
bloom.co/blog/6-ways-a-site-can-attack-your-metamask/ - MetaMask targeted attacks.
newsletter.blockthreat.io - All hacks and security incidents in Web3 timeline.
mirror.xyz/0x8Df126302a7EA75E7013Ec8Ad6bFaC14DD84a5fF/Cxa5L18eGjr8y08VkELx9m61-yl1-h-oTT2z7SjNhuo moralis.io/how-to-build-a-cross-chain-bridge ...
swcregistry.io - Smart Contract Bug Database
arxiv.org/pdf/2105.06974.pdf - A Survey of Security Vulnerabilities in Ethereum Smart Contracts
www.researchgate.net/publication/353794368_SMART_CONTRACTS_VULNERABILITIES_AND_REAL_ATTACKS - General Overview
www.researchgate.net/publication/338926064_Smart_Contract_Attacks_and_Protections - General Overview
www.ndss-symposium.org/wp-content/uploads/NDSS2021posters_paper_2.pdf - Attacks on RPC
eprint.iacr.org/2021/1147.pdf - Automated Analysis of Economic Security in Smart Contracts
arxiv.org/abs/2003.03810 - Literally the best study about flash-loan attacks
github.com/felixnan88/fallback-attack - All about fallback attack
Jobs:
| Read: web3.smsunarto.com
Grants & DAOs:
Bounties:
blog.openzeppelin.com/follow-this-quality-checklist-before-an-audit-8cc6a0e44845/
ethereum.stackexchange.com/questions/8551/security-review-checklist-for-a-smart-contract/8593#8593
our.status.im/what-is-a-security-audit-when-you-should-get-one-and-how-to-prepare
Refer to the “Education” section of Tokenomics DAO for the most up to date resources/articles on tokenomics. Introductory Content All You Need to Know About Tokenomics Great starting point outlining...
If you want to support my work, you can send me a donation to the address:
0xB25C5E8fA1E53eEb9bE3421C59F6A66B786ED77A or officercia.eth — ETH, BSC, Polygon, Optimism, Zk, Fantom, etc
4AhpUrDtfVSWZMJcRMJkZoPwDSdVG6puYBE3ajQABQo6T533cVvx5vJRc5fX7sktJe67mXu1CcDmr7orn1CrGrqsT3ptfds - Monero XMR
Study very carefully github.com/Rari-Capital/solcurity and cmichel.io/how-to-become-a-smart-contract-auditor and pentacle.xyz/projects/security
The internal security of the project - docs.google.com/document/d/1-_0Wlwch_vtkPM4F-SdEXLjQYaYT7KoPlU2rjt7tkLQ/edit
And you can also study github.com/0xsanny/solsec
All audit/security tools - telegra.ph/ETHSec-Tools-02-13, github.com/nascentxyz/simple-security-toolkit
Check resources here t.me/cryptooffensive
OpSec Principles - graph.org/Key-principles-of-storing-crypto-cold-wallet-attacks-defense-methods-best-practices--Bonus-04-23 github.com/undergroundwires/privacy.sexy , web.archive.org/web/20220302223645/https://anonymousplanet.org/guide.html
Forensics/Research in Crypto: t.me/officer_cia/236 mirror.xyz/officercia.eth/BFzv17UwH6QG4q711NAljtSiP8eKR17daLjTdmAgbHw
All TX analysis tools list graph.org/TX-Analysis-tools-04-19
Honeypot detection tools graph.org/A-Short-List-of-the-Rug-Checker-Tools-04-09
Bugs and vulnerabilities that exist in Web2 and Web3 - www.theseus.fi/bitstream/handle/10024/170724/Aboualy_Mahmoud_bachelor_thesis.pdf
All about MEV - t.me/officer_cia/146
Be sure to study defieducation.substack.com/p/how-to-read-smart-contracts-part?s=r and blog.trustlook.com/understand-evm-bytecode-part-1/ and all the posts by these Authors
start.me/p/QRg5ad/officercia - peruse my Awesome Blogs section and Sec section (on the right side, just below the defi map-tree)
telegra.ph/Article-08-08 - frontend security
NFT security telegra.ph/NFT-security-01-28
Explore hack cases newsletter.blockthreat.io
Study github.com/emilianobonassi/security-toolkit and www.smartcontractresearch.org/t/research-summary-a-systematic-literature-review-of-blockchain-cyber-security/1299
Attack Vectors - github.com/sirhashalot/SCV-List github.com/KadenZipfel/smart-contract-attack-vectors swcregistry.io
Study the Framework securing.github.io/SCSVS/SCSVS_v1.1.pdf and github.com/securing/SCSVS
Read posts on Medium by Mudit Gupta, Immunefi and BlockSec team, also twitter.com/officer_cia/status/1519371437068505089 all 4 threads, arxiv.org/pdf/2106.10740.pdf and arxiv.org/pdf/2109.06836.pdf
github.com/freight-chain/defi-sec & github.com/freight-trust/defi-threat - DeFi Threats List
arxiv.org/pdf/2103.02873.pdf - Hunting For DeFi Attacks on Blockchain
defi-sandwi.ch & pub.tik.ee.ethz.ch/students/2021-FS/BA-2021-07.pdf - A tool to check whether a transaction is susceptible to sandwich attacks and to find a suitable order split was released on.
gasgauge.github.io, arxiv.org/pdf/2112.14771.pdf - A security analysis tool for smart contract out-of-gas vulnerabilities
Tutela.xyz - tornado cash pool analyzer.
github.com/OffcierCia/DeFi-Developer-Road-Map#security--safety - CIA compilation of reads.
library.dedaub.com - Smart Contract Library
github.com/christoftorres/ConFuzzius - a Fuzzer
Officer's Blog
350
No comments yet