secure smart contracts and programmable society

[bbaudry]

List of resources:

• https://github.com/crytic/building-secure-contracts
• https://github.com/arunimshukla/Best-DeFi-Security-Practices

https://users.encs.concordia.ca/~clark/academic.php

[monperrus]

Sigstore empowers software developers to securely sign software artifacts such as release files, container images, binaries, bill of material manifests and more. Signing materials are then stored in a tamper-resistant public log.

https://docs.sigstore.dev/

[monperrus]

https://github.com/crytic/building-secure-contracts

[monperrus]

Ultimate Web3 Security Practices https://github.com/arunimshukla/Best-DeFi-Security-Practices

[monperrus]

Smart Invoice is a platform that provides web3 freelancers with cryptocurrency invoicing, escrow, and arbitration. https://smartinvoice.xyz/

[monperrus]

Provable identities https://book.keybase.io/guides/proof-integration-guide

[monperrus]

SpruceID is an ecosystem of open source tools to enable user-controlled identity anywhere. https://www.spruceid.com/

[monperrus]

• Not so smart contracts: examples of smart contract common issues. :
• Algorand issues
• Cairo issues
• Cosmos issues
• Substrate issues

[monperrus]

BSB: Bringing Safe Browsing to Blockchain Platform https://link.springer.com/chapter/10.1007/978-3-031-23020-2_30

[monperrus]

Multisig wallets

Example in Bitcoin: https://github.com/bitcoin/bitcoin/blob/master/doc/multisig-tutorial.md

Example in EVM: https://github.com/paxosglobal/simple-multisig/ (incl. audits) (see also Gnosis Safe)

[monperrus]

social recovery wallets: https://vitalik.ca/general/2021/01/11/recovery.html

[monperrus]

Securing Deployed Smart Contracts and DeFi With Distributed TEE Cluster https://www.computer.org/csdl/journal/td/5555/01/09999528/1JrMCRVDdDy

[monperrus]

multi-party computation (MPC) wallets: https://zengo.com/mpc-wallet/ https://halborn.com/what-is-an-mpc-wallet/ https://www.alchemy.com/overviews/mpc-wallet

[monperrus]

Smart contract best practices by consensys https://consensys.github.io/smart-contract-best-practices/

[bbaudry]

OpenSCV: An Open Hierarchical Taxonomy for Smart Contract Vulnerabilities. http://arxiv.org/abs/2303.14523

[monperrus]

https://github.com/kadenzipfel/smart-contract-vulnerabilities

[monperrus]

https://github.com/sigp/solidity-security-blog

[monperrus]

Vulnerability classification https://swcregistry.io/ https://www.dasp.co/

[monperrus]

Sabre is a security analysis tool for smart contracts written in Solidity.

https://github.com/muellerberndt/sabre

[monperrus]

VRust: Automated Vulnerability Detection for Solana Smart Contracts CCS 22 https://dl.acm.org/doi/abs/10.1145/3548606.3560552

[monperrus]

Semgrep rules for smart contracts https://github.com/Decurity/semgrep-smart-contracts

[monperrus]

OpenZeppelin Defender provides a security operations (SecOps) platform for Ethereum with built-in best practices.

Admin Automate and secure all your smart contract administration. Relay Build with private and secure transaction infrastructure. Sentinel Monitor smart contracts and send notifications. Autotask Create automated scripts to call your smart contracts.

https://docs.openzeppelin.com/defender/

[bbaudry]

automatic synthesis of adversarial smart contracts

The Blockchain Imitation Game, Usenix 2023 https://www.usenix.org/system/files/sec23fall-prepub-331-qin.pdf

[bbaudry]

Cerberus Channels: Incentivizing Watchtowers for Bitcoin https://link.springer.com/chapter/10.1007/978-3-030-51280-4_19

[monperrus]

pyrometer: a tool for analyzing the security and parameters of a solidity smart contract https://github.com/nascentxyz/pyrometer

[bbaudry]

Robbery on DevOps: Understanding and Mitigating Illicit Cryptomining on Continuous Integration Service Platforms https://dl.acm.org/doi/pdf/10.1145/3062341.3062363?theme=2019

[bbaudry]

VulHunter: Hunting Vulnerable Smart Contracts at EVM bytecode-level via Multiple Instance Learning

[monperrus]

blockchain CTF from go-outside-labs/blockchains-auditing

• curta ctf, particularly horsefacts.eth's ♄ 🝡🝟 ☉ ♡
• Capture the Ether
• the ethernaut
• Paradigm CTF 2022 and Paradigm CTF 2021
• Damn vulnerable DeFi
• A collection of EVM puzzles
• Gamefication vault
• Cipher Shastra
• Etherhack
• DeFiHack.xyz
• w3b s3c
• Crypto blacklist
• Vyper Punk
• more blockchain ctfs
• list of blockchain CTF competitions
• ghosts of epochs past

[bbaudry]

Gap between theory and practice: an empirical study of security patches in solidity https://dl.acm.org/doi/pdf/10.1145/3377811.3380424

[monperrus]

TxPhishScope: Towards Detecting and Understanding Transaction-based Phishing on Ethereum https://yajin.org/papers/ccs23_phishing.pdf

[bbaudry]

SourceP: Detecting Ponzi Schemes on Ethereum with Source Code. http://arxiv.org/abs/2306.01665