Introduction to smart contract security and hacking in Ethereum
Here you'll find resources and complementary educational material to start your journey in security and hacking of smart contracts in Ethereum.
Even if you don't want to build smart contracts, but rather break them, you'll need to understand the basics of programming, the EVM and the Ethereum network. So prior to getting into the security rabbit-hole, you can start with the basics of Ethereum here.
- 📚 Books
- 💡 Challenges
- 🛠 Tools
- 🔬 Explorers
- 📜 Reports
- 💥 Vulnerabilities, common attacks and best practices
- 📰 Newsletters
- 👥 Forums, groups and bootcamps
- 💰 Bug Bounties
- 🏦 Auditing firms
- 🗂 Additional resources
- Chapter 9 of Mastering Ethereum (I actually highly recommend reading the entire book)
These challenges will help you learn about Ethereum, Solidity, the EVM, DeFi and other cool stuff about this ecosystem. Everything while you hack vulnerable implementation of contracts. If you're not fond of reading, but rather learn by doing, START HERE.
- Vulnerability detection
- Transaction analysis
- Contract visualization
- IDE plugins
Vulnerabilities, common attacks and best practices
Take into account that these lists include vulnerabilities and attacks that are relatively basic. They're still pretty much valid, even after all these years. Still, this is definitely not everything there's to learn. To stay up-to-date with the latest type of attacks and vulnerabilities (which can be more complex and interesting), I highly recommend reading newsletters and public reports.
- ConsenSys: Known Attacks
- SWC Registry
- SCSVS Checklist
- OpenZeppelin Defender Advisor
- Simple security toolkit by Nascent
- Report database by Solodit
- Reports by OpenZeppelin, ConsenSys Diligence, Trail of Bits, Sigma Prime, Spearbit.
- Bug Bounty reports by Immunefi
- Contests reports at Code4rena
- Writeups published by the Origin Protocol team
- Blockchain Threat Intelligence
- Week In Ethereum News --> Usually has a dedicated section for security stuff