Open bbaudry opened 2 years ago
Sigstore empowers software developers to securely sign software artifacts such as release files, container images, binaries, bill of material manifests and more. Signing materials are then stored in a tamper-resistant public log.
Ultimate Web3 Security Practices https://github.com/arunimshukla/Best-DeFi-Security-Practices
Smart Invoice is a platform that provides web3 freelancers with cryptocurrency invoicing, escrow, and arbitration. https://smartinvoice.xyz/
Provable identities https://book.keybase.io/guides/proof-integration-guide
SpruceID is an ecosystem of open source tools to enable user-controlled identity anywhere. https://www.spruceid.com/
BSB: Bringing Safe Browsing to Blockchain Platform https://link.springer.com/chapter/10.1007/978-3-031-23020-2_30
Multisig wallets
Example in Bitcoin: https://github.com/bitcoin/bitcoin/blob/master/doc/multisig-tutorial.md
Example in EVM: https://github.com/paxosglobal/simple-multisig/ (incl. audits) (see also Gnosis Safe)
social recovery wallets: https://vitalik.ca/general/2021/01/11/recovery.html
Securing Deployed Smart Contracts and DeFi With Distributed TEE Cluster https://www.computer.org/csdl/journal/td/5555/01/09999528/1JrMCRVDdDy
multi-party computation (MPC) wallets: https://zengo.com/mpc-wallet/ https://halborn.com/what-is-an-mpc-wallet/ https://www.alchemy.com/overviews/mpc-wallet
Smart contract best practices by consensys https://consensys.github.io/smart-contract-best-practices/
OpenSCV: An Open Hierarchical Taxonomy for Smart Contract Vulnerabilities. http://arxiv.org/abs/2303.14523
Vulnerability classification https://swcregistry.io/ https://www.dasp.co/
Sabre is a security analysis tool for smart contracts written in Solidity.
VRust: Automated Vulnerability Detection for Solana Smart Contracts CCS 22 https://dl.acm.org/doi/abs/10.1145/3548606.3560552
Semgrep rules for smart contracts https://github.com/Decurity/semgrep-smart-contracts
OpenZeppelin Defender provides a security operations (SecOps) platform for Ethereum with built-in best practices.
Admin Automate and secure all your smart contract administration. Relay Build with private and secure transaction infrastructure. Sentinel Monitor smart contracts and send notifications. Autotask Create automated scripts to call your smart contracts.
automatic synthesis of adversarial smart contracts
The Blockchain Imitation Game, Usenix 2023 https://www.usenix.org/system/files/sec23fall-prepub-331-qin.pdf
Cerberus Channels: Incentivizing Watchtowers for Bitcoin https://link.springer.com/chapter/10.1007/978-3-030-51280-4_19
pyrometer: a tool for analyzing the security and parameters of a solidity smart contract https://github.com/nascentxyz/pyrometer
Robbery on DevOps: Understanding and Mitigating Illicit Cryptomining on Continuous Integration Service Platforms https://dl.acm.org/doi/pdf/10.1145/3062341.3062363?theme=2019
blockchain CTF from go-outside-labs/blockchains-auditing
Gap between theory and practice: an empirical study of security patches in solidity https://dl.acm.org/doi/pdf/10.1145/3377811.3380424
TxPhishScope: Towards Detecting and Understanding Transaction-based Phishing on Ethereum https://yajin.org/papers/ccs23_phishing.pdf
SourceP: Detecting Ponzi Schemes on Ethereum with Source Code. http://arxiv.org/abs/2306.01665
List of resources:
https://users.encs.concordia.ca/~clark/academic.php