Tag
#smart-contract-security
82 repositories
Repos
A curated list of smart contract attack vectors
Curated Web3 security learning hub for smart contract auditors and protocol teams: roadmaps, audit tools, public reports, fuzzing, formal verification, AI-assisted workflows, offchain security, incident response, and launch checklists.
Ethereum Commonwealth Security Department conducted over 400 security audits since 2018. Not even a single contract that we audited was hacked. You can access our audit reports in the ISSUES of this repo. We are accepting new audit requests.
AI Agent Skills for Smart Contract Auditing to generate triaged, industry grade report findings, code locations, pocs, attacker story flow graphs and more
18 Claude Code skill files for smart contract security — built from 2,749 Immunefi reports, 681 DeFiHack reproductions, and real hunt experience
Scout is an extensible open-source tool intended to assist Stellar Soroban smart contract developers and auditors detect common security issues and deviations from best practices.
The purpose of this repo is to list all the related Research Papers focused on Smart-contracts security topics. As well as listing all the encountered smart-contracts defects with a summary description. 🛡️
A curated list of awesome web3 formal verification resources -- including tools, tutorials, articles and more.
This repo contains anti-hack checklists, which will help projects to build and develop secure DeFi applications. If you find anything missing or want to update existing resources, you can create a pull request and contribute to the project.
Go-to compilation of smart contract proxy information, for discerning devs and auditors
Your go-to resource for all things Smart Contract Security. Featuring guidelines, best practices, and in-depth articles. Sections include: Vulnerabilities (SWC, OWASP Top 10), Learning Resources (Papers, Blogs, Courses), Tools & Libraries, and Architecture (Smart Contract Platforms, Languages). Stay secure with the latest updates!
🛡️ Ghosts is a free smart contract security study and revision platform. Initially based solely on previous Secureum Races to wit we use all of the previous race content and simulate an engaging, incentivized learning platform for aspiring smart contract security researchers.
A practical, research-friendly toolkit demonstrating how Python can read, parse, and analyze Solidity smart contracts using feature-engineering techniques. Extracts structural and security-relevant signals from Solidity code, detects risky patterns, builds interpretable features, and forms the basis for heuristic or ML-driven security analysis.
A deep research study introducing the concept of Economic DNA Repair for smart contracts, designing self-correcting tokenomics that detect anomalies, repair unstable parameters, rebalance incentives, and restore economic equilibrium. Explores adaptive rewards, automated governance, liquidity healing, and resilience in decentralized systems.
A secure, minimalistic ERC20 token faucet with per-address cooldown enforcement. Designed for testnets, demos, QA automation, and educational Solidity environments. Provides configurable drip amounts, adjustable cooldown timings, owner-controlled management, transparent event logs, and a fully dependency-free implementation.
An awesome list of gas optimization techniques for smart contracts, with their relevant Proof of Concepts tested using Foundry.
Your go-to resource for all things Smart Contract Security. Featuring guidelines, best practices, and in-depth articles. Sections include: Vulnerabilities (SWC, OWASP Top 10), Learning Resources (Papers, Blogs, Courses), Tools & Libraries, and Architecture (Smart Contract Platforms, Languages). Stay secure with the latest updates!
Bytecode Truth, Not Source is a deep technical exploration of why smart-contract source code cannot be trusted as the ground truth for security. This repository shows how compiler optimizations, hidden assembly, proxies, and unreachable logic make verified Solidity misleading, and why only EVM bytecode reveals actual on-chain behavior.
EtherAuthority secures web3 including: DeFi, NFT, DAO, Metaverse, Gaming, DEX, Launchpad, L1 Blockchain, Escrow, Cross-chain Bridge, and many more.
AI prompts for web3 security researchers — bug bounties, private audits, and contests
Casino Heist is a playground for learning Solidity smart contracts security, we have it ready for you to play at https://casinoheist.enuma-labs.xyz
A research-grade framework for extracting, classifying, and analyzing the “genetic” behavior of smart contract tokens. Identifies economic traits, supply mutations, fee patterns, permission risks, upgradeability vectors, and scam species using a structured gene taxonomy with risk scoring, HTML reports, and token comparison tools.
Free honeypot token scanner for Ethereum, Polygon & Arbitrum. Detect scam tokens before you buy. Instant analysis of smart contracts using 13 specialized patterns. No API keys, no limits, 100% free. Built with Next.js 16 & Cloudflare Workers.
Unified knowledge base of Soroban common vulnerabilities and best practices
Echidna, Etheno, and HardHat template for fuzzing complex systems.
Original TheDAO reworked by a team of security experts to act as a core governance system for Callisto.
AI agent safety layer for crypto transactions - blocks honeypots, blacklists, and rug pulls before they happen
This is my full smart contract security portfolio including smart contract audits and bug bounties.
A GameChanger Wallet Dapp introducing support for Helios Smart Contracts with dapp protocol running hosted on-chain on Cardano using GCFS
Getting into web3 - Blockchains | Smart Contracts | NFTs | Stablecoins | DAOs | Upgradable Contracts | Security and Auditing
Structural trust analysis for infrastructure code. 9 targets, 7 conservation laws, 19K+ lines of analysis. Synthesis Hackathon 2026.
Decentralized Raffle System is an Ethereum-based smart contract developed in Solidity that enables users to purchase raffle tickets. Organizers can randomly draw a winner, who can then withdraw the total collected Ether.
⚡️ SolderX – Melt Imports. Solder Solidity. Flatten Everything 🔥
AI-powered smart contract security agent that scans Solidity code for vulnerabilities like reentrancy, overflow, and access control issues. Integrates with Slither and Mythril for static analysis, then uses LLMs to explain findings and suggest fixes. Built with Python, LangChain, and Web3 tools.
Modular Yield Aggregator with Strategy Isolation, Rebalancer Automation, Full Test Coverage
Pure Yul exploits for OpenZeppelin's Ethernaut. No Solidity overhead. A deep dive into low-level EVM security and memory management
Evidence-backed Solana audit skill for Claude Code and Agent Skills: report-backed taxonomy, workflows, checklists, and public finding corpus for Anchor and native Solana security reviews.
Agent-native Solana security infrastructure for pre-deployment, pre-integration, and capital-risk evaluation.
Cross-Contract Reentrancy PoC, a Foundry-based Solidity demo exploiting timing mismatch in DeFi Vault and ICOGov mint flow. Inspired by Inspex.
Solidera is a smart contract security toolkit that analyzes Solidity code for security vulnerabilities, gas optimization, and style compliance.
The repository contains solutions to Smart Contract Security challenges. These solutions are aimed at addressing and mitigating potential security vulnerabilities in smart contracts, enhancing the overall security and robustness of blockchain-based applications.
A curated collection of real-world smart contract vulnerabilities with exploit simulations, designed to demonstrate how attacks work and how to prevent them.
A demo showing how we can replicate exploit transactions from one EVM-compatible blockchain to another EVM-compatible blockchain
Portfolio showcasing my smart contract security audits, identifying vulnerabilities and offering mitigation strategies.
Reusable Kani verification primitives and harnesses for Solana programs.
Sample project interacting with smart contracts via ApeWorX, adapting freeCodeCamp's Brownie-based "Solidity, Blockchain, and Smart Contract Course – Beginner to Expert Python Tutorial" course
Benchmark suite for smart contract vulnerability detection tools across 7 categories: static analysis, symbolic execution, fuzzing, formal verification, ML/DL, LLM agents, and hybrid. Evaluates Slither, Mythril, GPTScan & more on accuracy, coverage, and scalability. Supports review paper.
Implementing security patterns to Smart Contracts
An automated audit of an NFT marketplace contract with Slither, Echidna and Solhint
A Python-based tool for downloading Solidity smart contracts from blockchain explorers (Etherscan, BscScan, PolygonScan, Arbiscan) and performing automated vulnerability analysis using Slither.
A comprehensive resource for developers, auditors, and blockchain enthusiasts to smart the art of securing smart contracts
Vault shares can be inflated by donating ERC20 token to the vault.
A Web3/Blockchain security tool for analyzing, monitoring, and validating smart contract timelocks. Designed for DeFi protocols, auditors, and blockchain developers.
Ethernaut solutions and detailed write-ups in Foundry.
"Damn Vulnerable Defi" CTF solutions using Foundry
Solution of Mr Steal Yo Crypto challenges using Foundry
Official JS SDK for AgentShield — Smart contract security protocol for autonomous AI agents. Verify contracts, monitor wallets, block threats.
MCP Server for AgentShield — Smart contract verification, wallet monitoring & threat detection for AI agents. Works with Claude, Cursor, and any MCP client.
Zero custody AI firewall for autonomous trading agents. ERC-7579 module with ERC-7715 session keys (SmartSessions). Agents get scoped on-chain ETH budgets and session keys, never private keys. Every trade intent is forensically audited by a Chainlink CRE oracle running dual-model AI consensus (GPT-4o + Llama-3) before capital moves.
My set of contracts and solutions for the Ethernaut CTF by OpenZeppelin, serving as a reference for smart contract security and Solidity exploit techniques.
Ruta de aprendizaje estructurada (11 semanas) para auditoría de smart contracts. Desde fundamentos de Blockchain y Solidity hasta análisis de vulnerabilidades, verificación formal y reporting. Incluye bibliografía, ejercicios prácticos y enlaces a plataformas como Cyfrin Updraft o Ethernaut.
Approval workflow for upgradeable smart contract changes.
My attempt at Ethernaut CTF solutions. Written using Foundry.
Solidity libraries demo (Foundry) — reusable protocol logic and using-for pattern.
Smart contract security patterns: exploit → fix → invariant, with Foundry tests and gas analysis.
Security analysis and PoCs for critical vulnerabilities found in Panoptic protocol (rounding errors, logic flaws).
Human-in-the-loop multi-agent system for smart contract security auditing. Combines LLM-powered analysis, Slither integration, and specialized agents for reentrancy, overflow, and access control detection. Auto-generates Foundry fuzz tests and markdown audit reports.
The open-source Slither for Anchor — autonomous AI security agent that finds logic vulnerabilities in Solana programs, then proves them on the runtime. Built by Claude Code
A Solana Anchor security laboratory featuring 5 modules on common vulnerabilities: Account Ownership, Signer Verification, Arithmetic Safety, Type Cosplaying, and Re-initialization. Includes side-by-side 'Vulnerable' vs 'Secure' implementations.