It is a collection of awesome software, libraries, documents, books, resources, and cool stuff about web3 security.
Thanks to all contributors. You're awesome. This wouldn't be possible without you! The goal is to build a categorized, community-driven collection of very well-known resources.
List links and description
- abi-decompiler - The purpose of abi-decompiler is to implement a simple tools to recover ABI of EVM smart contracts, including function names.
- DeDaub - The Dedaub decompiler takes Ethereum Virtual Machine (EVM) bytecode and produces more readable Solidity-like code.
- Panoramix -This is an EVM decompiler.
- BSCheck - Free Binance Smart Chain token analyzer
- QuillCheck - Safeguard your web3 investments with our AI Agent. Uncover honeypots, understand token permissions, and get comprehensive market insights. Shield yourself from rugpulls and scam tokens. DYOR here!
- Rugscreen - Catches rugpulls before you lose money.
- TokenSniffer - Automated scam detection, auditing, and metrics
- Rug PUll Detector - Find the smart contract of the token and copy solidity code
- Brownie - Brownie is a Python-based development and testing framework for smart contracts targeting the Ethereum Virtual Machine.
- Ethereum Security Box - This repository contains scripts to create a Docker container preinstalled and preconfigured with all of Trail of Bits’ Ethereum security tools.
- Foundry - Foundry is a blazing fast, portable and modular toolkit for Ethereum application development written in Rust.
- Hardhat - Hardhat is a development environment for Ethereum software
- Manticore - Manticore is a symbolic execution tool for the analysis of smart contracts and binaries.
- Mythril - Mythril is a security analysis tool for EVM bytecode
- Mythx - Create a MythX account, link your Ethereum address, and generate API keys
- Octopus - Octopus is a security analysis framework for WebAssembly module and Blockchain Smart Contract.
- Scribble - A Solidity runtime verification tool for property-based testing.
- Security2 - Securify 2.0 is a security scanner for Ethereum smart contracts supported by the Ethereum Foundation and ChainSecurity.
- Slither - Slither is a Solidity & Vyper static analysis framework written in Python3
- Surya - Surya is an utility tool for smart contract systems. It provides a number of visual outputs and information about the contracts' structure.
- SmartCheck - SmartCheck is an extensible static analysis tool for discovering vulnerabilities and other code issues in Ethereum smart contracts written in the Solidity programming language.
- Truffle Suite - The most comprehensive suite of tools for smart contract development
- ZIION - ZIION is the first open-source, end-to-end, pre-compiled, multi-architecture, multi-protocol blockchain security testing and development solution
- ChainFuzz - ChainFuzz requires a truffle project with correct migration files to fuzz a project.
- Echidna - Echidna is a Haskell program designed for fuzzing/property-based testing of Ethereum smart contracts.
- Foundry - Foundry is a blazing fast, portable and modular toolkit for Ethereum application development written in Rust.
- ETH-Toolbox - EthToolbox v1.1 is a set of useful tools for Ethereum developers.
- dethcode - View source of deployed Ethereum smart contracts in VS Code
- Hacken Proof - Expert web3 bug bounty and crowdsourced audit platform
- Immunefi - Web3's bug bounty platform
- blocksec-ctfs - A curated list of blockchain security Wargames, Challenges, and Capture the Flag (CTF) competitions and solution writeups.
- Capture the Ether - the game of Ethereum smart contract security
- ciphershastra - A place where you can enhance your Security Skills by solving and learning from CTF-like challenges.
- Damn Vulnerable DeFi - The training ground for security researchers, developers and educators to dive into smart contract security.
- Hack the TON - Hack the TON is a TON based wargame inspired by The Ethernaut, played in the TON Virtual Machine.
- The Ethernaut - The Ethernaut is a Web3/Solidity based wargame inspired by overthewire.org
- Remix Ethereum - No more words. Everybody knows Remix
- Rust Playground - The Rust Playground
- ERC 20 - The ERC-20 introduces a standard for Fungible Tokens, in other words, they have a property that makes each Token be exactly the same (in type and value) as another Token.
- OWASP Smart Contract - The OWASP Smart Contract Top 10 is a standard awareness document that intends to provide Web3 developers and security teams with insight into the top 10 vulnerabilities found in smart contracts.
- Chainlist - Helping users connect to EVM powered networks
- REKT - Rekt News is a leading online platform offering timely and concise information on decentralized finance (DeFi), blockchain, and the cryptocurrency industry
- Smart Contract Security Chapter - Chapter 9 from Ethereum book.