🪙 Web3 Security

General

• GitHub - shanzson/Smart-Contract-Auditor-Tools-and-Techniques: This repo contains a comprehensive list of smart contract auditor tools and techniques that can be utilized by both smart contract auditors and blockchain developers for developing secure smart contracts
• GitHub - ImmuneBytes-Security-Audit/Blockchain-Attack-Vectors: A framework that references, categorizes, and mitigates blockchain attack vectors.
• Smart Contracts \ red.anthropic.com

Methodology

• [Offbeat on X: “Ever hit a wall while auditing code? That massive codebase staring back, refusing to reveal its crits? You’re not alone, breaking down complex code often leads to epic mental blocks. But here’s the hack: visualization techniques can help break that block. 🧵A thread https://t.co/J1kMKRYrdp” / X](https://x.com/offbeatblog_eth/status/195997822664803159

Tips

• 𝗩𝗶𝗰𝘁𝗼𝗿_𝗧𝗵𝗲𝗢𝗿𝗮𝗰𝗹𝗲 🛡️ on X: “If I were starting blockchain security from scratch, here’s the roadmap I’d follow. I wasted a lot of time early on because I didn’t know where to begin or what actually mattered. If I could start over, I’d do things in this order:” / X
• Dacian on X: “In private audits sometimes I comment out a few important lines like token transfers, then re-run the test suite. If all test still pass, this indicates the test suite doesn’t validate important state changes & there are likely many bugs to be found. https://t.co/y9KedYNpAA” / X
• phil on X: “Auditing Step By Step: Part 1” / X
• phil on X: “Finding Ways To Break Smart Contracts (Auditing: Part 2)” / X

Core Concepts

• solidity 1024 call stack depth - Ethereum Stack Exchange
• Understanding Solidity’s Storage Layout And How To Access State Variables | by Eugenio Pacelli Flores Voitier | Medium
• Web3 Security Auditor’s 2024 Rewind
• Zokyo Auditing Tutorials | Zokyo Auditing Tutorials
• EIP-150 and the 63/64 Rule for Gas | By RareSkills – RareSkills
• What is selfdestruct in Solidity?
• Introduction — EVM from Scratch

Labs

• DeFiHackLabs/DeFiHackLabs-Ethereum-Web3-Security-BootCamp
• SunWeb3Sec/DeFiHackLabs: Reproduce DeFi hacked incidents using Foundry.
• Damn Vulnerable DeFi
• MiloTruck/evm-ctf-challenges: CTF challenges made by MiloTruck
• ONLYPWNER
• Cyfrin/sc-exploits-minimized: A repo to showcase web3 hacks
• zksecurity/zkbugs: Reproduce ZKP vulnerabilities

Write-Ups

• GreyCTF 2025 - Chovid99’s Blog write-up
• Blockchain Writeup - Codegate Finals 2025 :: teddyctf write-up
• ChainLight Web3 Hack Postmortem 2024 V1.0.pdf

AMM

• Cracks in the Code: Understanding the Vulnerabilities of AMM Pro… — millie AMM
• Uniswap V2 — Protocol Understanding | by Ben | CoinsBench
• Uniswap V3 Development Book - Uniswap V3 Development Book

Cross-Chain

• Quillhash/Cross-chain-Attacks

General Attacks

• Predicting Random Numbers in Ethereum Smart Contracts | by Arseniy Reutov | Positive Web3
• ERC-4626 Inflation Attack and How to Mitigate It. | by Favorite_blockchain_lady | CoinsBench
• SWC-114 - Smart Contract Weakness Classification (SWC)
• SWC-130 - Smart Contract Weakness Classification (SWC)
• SWC-134 - Smart Contract Weakness Classification (SWC)
• EEA EthTrust Security Levels Specification v-after-2 Editor’s Draft
• SlowMist: A Brief Analysis of the Security Risk of Uninitialized Storage Pointers in Solidity (Released in 2018) | by SlowMist | Medium
• Overflowing the ENS Registrar

EVM Attacks

• coinspect/learn-evm-attacks: 🚀 Try the Learn EVM Explorer we just launched!!!