Tips for Solidity Code Auditors
Gaining the most elusive of tips. Add your input and let’s collect them all!
General Tips Suggestions
-
Did you know that you can utilize VSCode on your iPad ( preferably with a Magic Keyboard) using the Blink App ? If not, watch the following video ! I hope you find this tip useful in your work!
-
Clone any project, then upload extension into vscode , 2nd link -> add key from sourcegraph , select the contract and the AI analyzes the structure of your project for you! Check out this example !
-
Try auditwizard.io - revolutionize your workflow today!
-
Check out pre-built security properties for commonly forked DeFi protocols.
-
MEV / Sandwich / Front-run Back-run: Compilation advanced info.
-
Try Slither Detectors by Pessimistic.io check out SolCurity .
-
Give a try: Pyrometer Sporalyzer .
-
Explore Web3 with full confidence guarded by Web3Antivirus security browser extension learn evm attacks !
-
Try using obsidian.md for notes! check out Audit Quality !
-
Check out R.xyz ( link! ) and apply for a closed beta ( here )!
-
Follow my own blog Hexens' blog !
-
This project was created to support Code4rena Bot Races with useful stats and tools. Read more about it here try 4naly3er !
-
Bot Racing: The Rise of Web3 Bots. Code4Rena Bot Racing explained !
-
Check out GasBad which is an open-source project that evaluates gas efficiency in Solidity libraries!
-
Try out this tool - it scans constructor of solidity smart contract for checks to zero address.
-
DeFi Common Fork Bugs List .
-
Try using Semgrep rules for smart contracts based on DeFi exploits!
-
Complete this set of tasks check out this curated list of web3Security materials and resources For Pentesters and Bug Hunters!
-
Let's break down such a concept as mind-mapping - study this list check out AuditorsRoadmap mind-map!
-
How To Learn Fast?
Tools Services
-
sol2uml
-
tx2uml
-
EVM - Draw link
-
openchain.xyz
-
Vscode Solidity Inspector
-
EVM Slot Reader
-
heimdall-rs
-
EVM Bench
-
Function Selector Miner
-
explorer.swiss-knife.xyz
-
Solhunt
-
Solsec
-
Gas Gauge
-
ityfuzz
-
evmdiff.com
-
contract-diff.xyz
-
x48.tools/diff
-
bytegraph.xyz
-
lcov-parse
-
EVM cfg
-
Check external calls in a contract
-
evm.storage
-
contractreader.io
-
Tatum Explorer
-
cadcad.org
-
With this tool you can search across a half million git repos!
-
Hardhat Gas Reporter
-
Get Ethereum block number by a given date.
-
Hardhat plugin for exporting the contract storage layout.
-
Allowing smart contract developers to do simulation driven development via an EVM emulator.
-
Memory Strux
-
tecommons.org
-
Octopus
-
Solidity rlp Encode
-
Dune to CSV
-
Duneanalytics Tools
-
machinations.io
-
tenderly.co
-
impersonator.xyz
-
A 4-hr smart contract fuzzer speed run.
-
Fuzzing cryptographic libraries. Magic bug printer go brrrr.
Useful Resources — by officercia.eth
-
Navigation Page
-
BalancerV1 Integration Tips
-
Meta-Transactions: General Overview
-
CurveV1 Integration Tips
-
Auditing Projects on the NEAR Blockchain: From Zero to Hero
-
Reentrancy Attacks on Smart Contracts Distilled
-
Gas Gauge: Pressure Control
-
Short Types in Solidity: Rare Tricks Uncovered
-
Fuzzing Solidity Smart Contracts with Echidna: Die-Hard Level Tips
-
Slither: An Auditor’s Cornucopia
-
Per Aspera ad Astra: How to become a smart contract auditor bugbounty-hunter
-
Tenderly App — a Swiss Pocketknife for the Web3 developer
-
Convex Finance DeFi Integration Tips
-
Auditing Tips for NFT Projects
-
AAVE V3 DeFi Integration Tips
-
AAVE V3 DeFi Integration: Specifications
-
Slitherin Timeline 2.0
-
Compound v2 DeFi Integration: Specifications
-
Compound v2 DeFi Integration Tips
-
Oracles, Entropy Chainlink VRF Secure Integration Tips
-
Chainlink VRF Secure Integration Tips: Specifications
-
Auditor’s Notes: Semantic Grep Solidity
-
Price Reward Manipulation Attacks Distilled
-
Read-only Reentrancy: In-Depth
-
Web3 Security Distilled
-
Arbitrum: Basic Features, Technical Details and Differences from Ethereum
-
AMM (Automatic Market Makers) Integration Tips
-
Web3 Security Distilled 2.0
-
Auditor’s Notes: Semantic Grep Solidity 2.0
-
Auditor’s Notes: ERC20 Integration Tips
-
Auditor’s Advice: Math, Solidity Gas Optimizations | Part 1/3
-
Auditor’s Advice: Solidity Checklist Reentrancy Attack | Part 2/3
-
Auditor’s Advice: EVM Limitations Assembly Auditing Tips | Part 3/3
-
Auditor’s Notes: Initializing, Proxy, Oracles Multi-Chain
-
Auditor’s Notes: Tokens, EIP-712 Meta-Transactions
-
Remediate Web3: R.xyz
-
Arbitrary Calls New Slitherin Detector Release
Awesome GitHub Lists
-
DeFi Developer Road Map
-
Awesome On-Chain Forensic HandBook
-
Ultimate DeFi Blockchain Research Base
-
The Atypical OSINT Guide
Additional Resources
-
MVP for OpSec
-
The ultimate framework to best secure your Dapp and optimize the money spent on security reviews.
-
Zk Proofs Explained
-
On Bitcon Custody...
-
Join my TG folder!
-
All About Tenderly Sandbox
-
Vault Math - How much shares to mint? How much token to withdraw?
-
Foundry Cheatsheet
-
Yet Another Audit DB
-
Template repository intended to ease fuzzing components of Solidity projects, especially libraries.
-
An interactive Solidity shell with lightweight session recording and remote compiler support.
-
Gas Numbers Every Solidity Dev Should Know!
-
This repository contains projects implementing both low-level and high-level concepts of Solidity in an incremental learning pattern!
-
Learn how to build on Ethereum; the superpowers and the gotchas.
-
This is a course for hackers, programmers, and software engineers who learn by doing!
-
Smart Contracts Security by Ethereum.org
-
Re-entrancy Attack Patterns List
-
This project aims to curate a comprehensive list of independently hosted bug bounty programs within the Web3 ecosystem that offer substantial rewards, with payouts ranging into six figures.
-
To learn common smart contract vulnerabilities using Foundry!
-
The difference between Auditor and Security Researcher
-
This Repository contains list of Common NFT Attack Vectors.
-
NFT Attacks List
-
Single-command flamegraph profiling Tool
-
High Severity Findings List
-
An Ethers.js compatible signer that connects to AWS KMS.
-
Ethereum EVM illustrated
-
Blockchain dark forest selfguard handbook. Master these, master the security of your cryptocurrency.
-
Smart Contract Security Verification Standard
-
Immunefi PoC Templates
-
Foundry Forge Coverage
-
Audit Techniques Tools 101
-
State of the art of detection evasion, for web3 malware.
-
EEA EthTrust Security Levels Specification v1
-
Flash Crash for Cash: Cyber Threats in Decentralized Finance
-
This repo contains a comprehensive list of smart contract auditor tools and techniques that can be utilized by both smart contract auditors and blockchain developers for developing secure smart contracts
-
Robust, open-source contract verification for the EVM.
-
Roadmap for Web3/Smart Contract Hacking | 2022
-
Information about web3 security and programming tutorials/tools
-
What happens when you send 1 DAI
-
How to Read Smart Contracts
-
Bytes032 Blog
-
Pentacle Security List
-
list of FREE resources to make Web3 accessible to everyone.
-
How to understand EVM byte code...
-
Awesome Blogs Explanation
Front-end Security
-
Frontend Security, Web2 vs Web3 Bugs
-
Scroll Workshop Rust House
-
DApp Frontend Security
-
MVP for OpSec
Work…?
-
Web3 Security Distilled 2.0
-
Crypto Jobs List - Main
-
web3.smsunarto.com
-
hexens.io/careers
-
2023 Global Crypto Events Hackathons
-
Check out R.xyz ( link! ) and apply for a closed beta ( here )!
-
Crypto Telegram Discord Channels Chats
-
Jobsincrypto
-
CryptoJobsList
-
Jobs TG Folder
-
LobsterHR
-
DeveloperDAO
-
LidoGrants
-
GitCoin
-
anonfriendly.com
-
Web3grants
-
hackathons.live
-
hackenproof.com
-
bbscope
-
immunefi.com
-
code4rena.com
-
sherlock.xyz
-
spearbit.com
-
Web3SecurityDAO
-
WHITE HAT DAO
-
Hats.Finance
-
crypto-jobs-fyi.github.io
-
auditjobs.xyz
-
intropia.io/hire
-
solodit.xyz
-
www.jobstash.xyz
-
frontrunnrs.xyz
-
www.jobprotocol.xyz
Support
The best thing is to support me directly by donating to my address on Ethereum Main-net or any of the compatible networks or to any address from the list below:
-
0xB25C5E8fA1E53eEb9bE3421C59F6A66B786ED77A — ERC20 ETH officercia.eth
-
17Ydx9m7vrhnx4XjZPuGPMqrhw3sDviNTU — BTC
-
4AhpUrDtfVSWZMJcRMJkZoPwDSdVG6puYBE3ajQABQo6T533cVvx5vJRc5fX7sktJe67mXu1CcDmr7orn1CrGrqsT3ptfds — Monero/XMR
-
You can also support me by minting one of my Mirror articles NFTs !
Thank you!
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Notice on Trading and Pre Market Delivery time Update for MAJOR/USDT
As per requested by the project, Bitget will change the trading time of MAJOR/USDT to 28 November 2024, 08:00 (UTC),and the pre market delivery time to 28 November 2024, 20:00 (UTC). Thank you for your understanding on this matter. Disclaimer Cryptocurrencies are subjected to high market risk and v
SUI’s Blockchain Has Been Down for an Hour
BNB breaks above $630
MicroStrategy's Bitcoin holdings now have a floating profit of over $16 billion