Introduction to smart contract security and hacking in Ethereum
Here you'll find resources and complementary educational material to start your journey in security and hacking of smart contracts in Ethereum.
Even if you don't want to build smart contracts, but rather break them, you'll need to understand the basics of programming, the EVM and the Ethereum network. So prior to getting into the security rabbit-hole, you can start with the basics of Ethereum here.
- 📚 Books
- 💡 Challenges
- 🛠 Tools
- 🔬 Explorers
- 📜 Reports
- 💥 Vulnerabilities, common attacks and best practices
- 📰 Newsletters
- 👥 Forums and groups
- 💰 Bug Bounties
- 🗂 Additional resources
- Chapter 9 of Mastering Ethereum (I actually highly recommend reading the entire book)
These challenges will help you learn about Ethereum, Solidity, the EVM, DeFi and other cool stuff about this ecosystem. Everything while you hack vulnerable implementation of contracts. If you're not fond of reading, but rather learn by doing, START HERE.
In order of difficulty and necessary knowledge:
- Vulnerability detection
- Transaction analysis
- Contract visualization
- IDE plugins
Vulnerabilities, common attacks and best practices
Take into account that these lists include vulnerabilities and attacks that are relatively basic. They're still pretty much valid, even after all these years. Still, this is definitely not everything there's to learn. To stay up-to-date with the latest type of attacks and vulnerabilities (which can be more complex and interesting), I highly recommend reading newsletters and public reports.
- Reports by OpenZeppelin
- Reports by ConsenSys Diligence
- Reports by Trail of Bits
- Bug Bounty reports by Immunefi
- Security incidents published by Blocksec
- Writeups published by the Origin Protocol team
- Blockchain Threat Intelligence (disclaimer: I'm a fan)
- Week In Ethereum News --> Usually has a dedicated section for security stuff