Awesome EVM Security
EVM stands for “Ethereum Virtual Machine”. The EVM powers the Ethereum mainnet, but also Layer 2 protocols, sidechains, and EVM-compatible chains.
This list is an overview of the EVM ecosystem from an information security management perspective.
Contents
Guides
Governance
Architecture
Standards
-
DeFi Safety - Best practices security score reviews.
-
DASP Top 10 of 2018 - Decentralized Application Security Project Top 10 vulnerabilities.
-
IVSCS - Immunefi Vulnerability Severity Classification System.
-
Smart Contract Security Verification Standard - A free 14-part checklist created to standardize the security of smart contracts for developers, architects, security reviewers and vendors.
-
Secureth guidelines - Aid you in formulating your own software engineering process by giving a complete picture of all the different concerns and expectations in your software projects.
-
CryptoCurrency Security Standard (CCSS) - A set of requirements for all information systems that make use of cryptocurrencies, including exchanges, web applications, and cryptocurrency storage solutions.
-
The Solcurity Standard - Opinionated security and code quality standard for Solidity smart contracts.
System Assets
Threats
-
Blockchain Graveyard - A list of all massive security breaches or thefts involving blockchains.
-
List of Bitcoin Heists - Research on prior Bitcoin-related thefts.
-
Blockchain Threat Intelligence - The latest in blockchain, DeFi and cryptocurrency threat intelligence, vulnerabilities, security tools, and events.
-
Rekt News - Investigative journalism, creative commentary, and incident analysis.
-
DeFiYield’s REKT db - Database of Crypto Hacks, Exploit, Scam.
-
CryptoScamDB - Keeping track of cryptocurrency scams in an open-source database.
-
Mudit Gupta’s Twitter threads - Early analysis and educational content on Twitter.
-
Flash Boys 2.0 Paper - Frontrunning in Decentralized Exchanges, Miner Extractable Value, and Consensus Instability.
-
MEV-explore - Help the community understand and quantify the significance of “Dark Forest activities” and their impact on the Ethereum network.
-
Flashloan monitor - Dashboard that helps you monitor flashloan transactions.
-
Known Attacks - A list of known attacks which you should be aware of, from Consensys.
-
Solidity Security - Comprehensive list of known attack vectors and common anti-patterns.
Vulnerabilities
Controls
-
Simple Security Toolkit - Opinionated recommendations that the team at Nascent find to be appropriate, particularly for teams developing and managing early versions of a protocol.
-
Gnosis Safe - Multi-sig. Require multiple team members to confirm every transaction in order to execute it, which helps prevent unauthorized access to company crypto.
-
List of DeFi auditors - List of DeFi auditors maintained by DeFiSafety.
-
State of DeFi Audits - Article taking a look at the auditing space and its importance in onboarding users by properly securing new DeFi protocols.
-
Building Secure Contracts - Trail of Bits’ guidelines and best practices on how to write secure smart contracts.
-
Solidity Patterns - A compilation of patterns and best practices for the smart contract programming language Solidity.
-
Security Pattern for Ethereum and Solidity - Google Sheets Checklists.
-
Solidity Best Practices for Smart Contract Security - Pro tips from Consensys to ensure your Ethereum smart contracts are fortified.
-
CERtified - Top 100 exchanges by Cybersecurity rating.
-
Smart Contract Security Registry - An effort to identify deployed contracts instances given their chain and address, by listing the project they belong to.
-
Forta - Community-based runtime security network for smart contracts.
Ecosystem
See Also
Other Awesome Lists: