From 83f91d8d918d44585e8583517d04095827610f93 Mon Sep 17 00:00:00 2001 From: Sleepy <92123154+morphean-sec@users.noreply.github.com> Date: Tue, 25 Jan 2022 20:49:31 +0300 Subject: [PATCH 1/8] Add several new communities Added discord servers for Secureum, SkidsDAO, Spearbit, Immunefi. --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 1b09747..cce2d69 100644 --- a/README.md +++ b/README.md @@ -162,6 +162,10 @@ Join Trail of Bits for a free Ethereum Office Hours session by [reserving a slot * [Enterprise Ethereum Alliance Security Task Force](https://entethalliance.org/working-groups/) * [Empire Hacking Slack](https://empireslacking.herokuapp.com/) #ethereum +* [SkidsDAO discord](https://discord.gg/NHNRUKMCz2) - DAO founded to onboard and train web3 hackers whilst funding projects pushing Ethereum innovation via an inbuilt charity staking system. Facilitates open, accountable audits with exploit insurance and bug bounties through it's decentralized protocol, Fides. +* [Secureum discord](https://discord.gg/7sSTQATM6h) - Founded by 0xRajeev(former Trail of Bits security researcher) to educate the Ethereum ecosystem on smart contract auditing and security. Holds monthly RACE and CARE programmes free of charge for aspiring auditors with NFTs as proof of participation and on-chain rep. +* [Spearbit discord](https://discord.gg/qdYWpHJpnH) - DAO founded by freelance blockchain security researchers to provide an avenue for auditors to perform freelance work without worrying about legality issues. +* [Immunefi discord](https://discord.gg/JPfXR8qFYZ) - Community discord for the Immunefi DeFi bug bounty platform. Hacker meetups are occasionally held. At the time of this writing, samczsun and the Ethernaut have been featured guests. ## Other Awesome Lists From aa950fa6c03a2f21ec7faae8a802a5e1e61fcea2 Mon Sep 17 00:00:00 2001 From: Sleepy <92123154+morphean-sec@users.noreply.github.com> Date: Tue, 25 Jan 2022 21:20:11 +0300 Subject: [PATCH 2/8] Updated CTFs and blog posts Added Paradigm CTF, Damn Vulnerable DeFi, Cipher Shastra and Hacking the Blockchain: An Ultimate Guide. --- README.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index cce2d69..291cd7b 100644 --- a/README.md +++ b/README.md @@ -2,8 +2,6 @@ A curated list of awesome Ethereum security references, guidance, tools, and more. -Join Trail of Bits for a free Ethereum Office Hours session by [reserving a slot on Calendly](https://calendly.com/dan-trailofbits/ethereum-office-hours). An engineer from Trail of Bits will assist you in applying advanced security (tools)[#tools] and practices to your smart contract code. - ## Contents * [Learning](#learning) @@ -45,10 +43,15 @@ Join Trail of Bits for a free Ethereum Office Hours session by [reserving a slot ### Capture the Flag and Wargames +It is recommended to finish these in order. Capture the Ether and Ethernaut can be swapped out for either. + * [Capture the Ether](https://capturetheether.com/) * [Ethernaut](https://ethernaut.zeppelin.solutions/) * [EtherHack](https://etherhack.positive.com/) * [SI Blockchain CTF](https://blockchain-ctf.securityinnovation.com/) +* [Cipher Shastra](https://ciphershastra.com/index.html) +* [Damn Vulnerable DeFi](https://www.damnvulnerabledefi.xyz/) +* [Paradigm CTF 2021](https://github.com/paradigm-operations/paradigm-ctf-2021/) #### Writeups @@ -70,7 +73,7 @@ Join Trail of Bits for a free Ethereum Office Hours session by [reserving a slot * [SmartDec blog](https://blog.smartdec.net/) - Company blog about security issues and practices within blockchain ecosystem ### Notable blog posts - +* [Hacking the Blockchain: Ethereum](https://medium.com/immunefi/hacking-the-blockchain-an-ultimate-guide-4f34b33c6e8b) * [Contract upgrade anti-patterns](https://blog.trailofbits.com/2018/09/05/contract-upgrade-anti-patterns/) * [How the winner got Fomo3D prize — A Detailed Explanation](https://medium.com/coinmonks/how-the-winner-got-fomo3d-prize-a-detailed-explanation-b30a69b7813f) * [How to debug Solidity Smart Contracts with Tenderly and Truffle](https://medium.com/tenderly/how-to-debug-solidity-smart-contracts-with-tenderly-and-truffle-da995cfe098f) @@ -162,7 +165,7 @@ Join Trail of Bits for a free Ethereum Office Hours session by [reserving a slot * [Enterprise Ethereum Alliance Security Task Force](https://entethalliance.org/working-groups/) * [Empire Hacking Slack](https://empireslacking.herokuapp.com/) #ethereum -* [SkidsDAO discord](https://discord.gg/NHNRUKMCz2) - DAO founded to onboard and train web3 hackers whilst funding projects pushing Ethereum innovation via an inbuilt charity staking system. Facilitates open, accountable audits with exploit insurance and bug bounties through it's decentralized protocol, Fides. +* [SkidsDAO discord](https://discord.gg/NHNRUKMCz2) - DAO founded by [Sleepy](https://twitter.com/morphean_sec) to onboard and train web3 hackers whilst funding projects pushing Ethereum innovation via an inbuilt charity staking system. Facilitates open, accountable audits with exploit insurance and bug bounties through it's decentralized protocol, Fides. * [Secureum discord](https://discord.gg/7sSTQATM6h) - Founded by 0xRajeev(former Trail of Bits security researcher) to educate the Ethereum ecosystem on smart contract auditing and security. Holds monthly RACE and CARE programmes free of charge for aspiring auditors with NFTs as proof of participation and on-chain rep. * [Spearbit discord](https://discord.gg/qdYWpHJpnH) - DAO founded by freelance blockchain security researchers to provide an avenue for auditors to perform freelance work without worrying about legality issues. * [Immunefi discord](https://discord.gg/JPfXR8qFYZ) - Community discord for the Immunefi DeFi bug bounty platform. Hacker meetups are occasionally held. At the time of this writing, samczsun and the Ethernaut have been featured guests. From c00af3994dad17728404bb1474776e5c8182379f Mon Sep 17 00:00:00 2001 From: Sleepy <92123154+morphean-sec@users.noreply.github.com> Date: Tue, 25 Jan 2022 21:25:24 +0300 Subject: [PATCH 3/8] Update README.md Added clarification on maintainers. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 291cd7b..1bd7776 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Awesome Ethereum Security [![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=flat-square)](http://makeapullrequest.com) -A curated list of awesome Ethereum security references, guidance, tools, and more. +A curated list of awesome Ethereum security references, guidance, tools, and more. Originally maintained by Trail of Bits. Updated and maintained by [Sleepy](https://twitter.com/morphean_sec) ## Contents From e9bd9fda1ed379a90d2a390482299f28391e84ab Mon Sep 17 00:00:00 2001 From: Sleepy <92123154+morphean-sec@users.noreply.github.com> Date: Tue, 25 Jan 2022 21:50:06 +0300 Subject: [PATCH 4/8] Added ConsenSys blog --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 1bd7776..b827a82 100644 --- a/README.md +++ b/README.md @@ -69,6 +69,7 @@ It is recommended to finish these in order. Capture the Ether and Ethernaut can * [Hacking Distributed](http://hackingdistributed.com/) - Emin Gün Sirer, professor in Cornell Tech’s IC3 lab focused on blockchain security. * [Phil Does Security](https://pdaian.com/blog/) - Phil Daian, grad student behind KEVM, Hydra, and other Ethereum academic projects * [Trail of Bits](https://blog.trailofbits.com/) - Cybersecurity R&D firm with a blockchain security practice +* [ConsenSys](https://consensys.net/blog/) - Blockchain software technology company with a well respected blockchain security team * [Martin Holst Swende](http://swende.se/) - Martin Swende, programmer and appsec consultant * [SmartDec blog](https://blog.smartdec.net/) - Company blog about security issues and practices within blockchain ecosystem From e8a6e1f64112a9914c48adacbb2e389dc440ebd2 Mon Sep 17 00:00:00 2001 From: Sleepy <92123154+morphean-sec@users.noreply.github.com> Date: Tue, 25 Jan 2022 21:57:28 +0300 Subject: [PATCH 5/8] Blogs update Added Secureum, Immunefi and ConsenSys blogs. --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index b827a82..509884b 100644 --- a/README.md +++ b/README.md @@ -70,6 +70,8 @@ It is recommended to finish these in order. Capture the Ether and Ethernaut can * [Phil Does Security](https://pdaian.com/blog/) - Phil Daian, grad student behind KEVM, Hydra, and other Ethereum academic projects * [Trail of Bits](https://blog.trailofbits.com/) - Cybersecurity R&D firm with a blockchain security practice * [ConsenSys](https://consensys.net/blog/) - Blockchain software technology company with a well respected blockchain security team +* [Immunefi](https://medium.com/immunefi) - DeFi bug bounty platform. Release post-mortems/write ups of critical vulns and guides +* [Secureum](https://secureum.substack.com/) - Initiative to educate smart contract security auditors. Releases publications on audit techniques and best practices * [Martin Holst Swende](http://swende.se/) - Martin Swende, programmer and appsec consultant * [SmartDec blog](https://blog.smartdec.net/) - Company blog about security issues and practices within blockchain ecosystem From 20c8b33c9138d54eac1ff91d2661f00ace90e998 Mon Sep 17 00:00:00 2001 From: Sleepy <92123154+morphean-sec@users.noreply.github.com> Date: Fri, 28 Jan 2022 00:10:10 +0300 Subject: [PATCH 6/8] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 509884b..50e52e5 100644 --- a/README.md +++ b/README.md @@ -34,6 +34,7 @@ A curated list of awesome Ethereum security references, guidance, tools, and mor * [Decentralized Application Security Project](https://www.dasp.co/) * [Solidity Security Considerations](https://solidity.readthedocs.io/en/latest/security-considerations.html) * [Solidity v0.5.0 Breaking Changes](https://solidity.readthedocs.io/en/latest/050-breaking-changes.html) +* [Solcurity](https://github.com/Rari-Capital/solcurity) ### Insecurity references From 385c9a189d90417fc53a76e089ecfc58d8c017ec Mon Sep 17 00:00:00 2001 From: Sleepy <92123154+morphean-sec@users.noreply.github.com> Date: Mon, 21 Feb 2022 14:18:30 +0300 Subject: [PATCH 7/8] Update README.md --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 50e52e5..0b9be1d 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,8 @@ # Awesome Ethereum Security [![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=flat-square)](http://makeapullrequest.com) -A curated list of awesome Ethereum security references, guidance, tools, and more. Originally maintained by Trail of Bits. Updated and maintained by [Sleepy](https://twitter.com/morphean_sec) +A curated list of awesome Ethereum security references, guidance, tools, and more. + +Join Trail of Bits for a free Ethereum Office Hours session by reserving a slot on Calendly. An engineer from Trail of Bits will assist you in applying advanced security (tools)[#tools] and practices to your smart contract code. ## Contents From d5447e286db465f13475afbd5b601a5741457f4c Mon Sep 17 00:00:00 2001 From: Sleepy <92123154+morphean-sec@users.noreply.github.com> Date: Mon, 21 Feb 2022 14:35:09 +0300 Subject: [PATCH 8/8] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0b9be1d..0f22efa 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ A curated list of awesome Ethereum security references, guidance, tools, and more. -Join Trail of Bits for a free Ethereum Office Hours session by reserving a slot on Calendly. An engineer from Trail of Bits will assist you in applying advanced security (tools)[#tools] and practices to your smart contract code. +Join Trail of Bits for a free Ethereum Office Hours session by [reserving a slot on Calendly](https://calendly.com/dan-trailofbits/ethereum-office-hours). An engineer from Trail of Bits will assist you in applying advanced security (tools)[#tools] and practices to your smart contract code. ## Contents