Controls

• Simple Security Toolkit (⭐586) - Opinionated recommendations that the team at Nascent find to be appropriate, particularly for teams developing and managing early versions of a protocol.

Guides

• CryptoSec.info - Information to help beginners learn how to protect their funds against hackers and scammers.

• Simplified Roadmap for Blockchain Security - Covers all rudimentary topics that one needs to know in order to get into the field of Blockchain Security.

• How to become a smart contract auditor - Frequently asked questions that are related to auditing and auditors can get their first job.

Governance

• A beginner's guide to DAOs - Gives a high level overview of what DAOs are, why they are interesting and some of their use cases.

• Deep DAO - Lists, ranks and analyzes top DAOs across multiple metrics.

• SAFT Agreements - A commercial instrument used to convey rights in tokens prior to the development of the tokens' functionality.

• Voting Options in DAOs - Voting Options in DAOs.

• The Wyoming DAO bill - A thread about Wyoming DAOs .

• It Takes a Cryptonetwork - Prime's Strategy for DAO to DAO Relations.

• DAOs, Democracy and Governance - A paper by Ralph Merkle about DAOs.

Architecture

• Shelling Out: The Origins of Money - Illustrates the value of collectibles in reducing social transaction costs.

• A Crash Course in Mechanism Design for Cryptoeconomic Applications - Introduces the basic concepts of mechanism design, and gives a taste for their usefulness in the cryptocurrency world.

• WTF Is QF - A simple explanation of quadratic funding.

Standards

• DeFi Safety - Best practices security score reviews.

• DASP Top 10 of 2018 - Decentralized Application Security Project Top 10 vulnerabilities.

• IVSCS - Immunefi Vulnerability Severity Classification System.

• Smart Contract Security Verification Standard - A free 14-part checklist created to standardize the security of smart contracts for developers, architects, security reviewers and vendors.

• Secureth guidelines - Aid you in formulating your own software engineering process by giving a complete picture of all the different concerns and expectations in your software projects.

• CryptoCurrency Security Standard (CCSS) - A set of requirements for all information systems that make use of cryptocurrencies, including exchanges, web applications, and cryptocurrency storage solutions.

• The Solcurity Standard (⭐972) - Opinionated security and code quality standard for Solidity smart contracts.

System Assets

• Security Considerations in the Solidity documentation - Lists some pitfalls and general security recommendations.

• Ethereum 2.0 Specifications Security Audit Report - Security Audit Report of the Eth2.0 spec by Least Authority.

• Getting Deep Into EVM - An Ultimate, In-depth Explanation of How EVM Works.

• Ethereum EVM illustrated - Exploring some mental models and implementations.

• Ethereum Blockspace: Who Gets What and Why - Ethereum blockspace market structure.

• What Is Uniswap and How Does It Work? - What Uniswap is, how it works, and how you can swap tokens on it simply with an Ethereum wallet.

• Scaling EVM (Ethereum Virtual Machine) - How fast and far can the EVM based blockchain architecture still take us.

• L2Beat - Transparent and verifiable insights into emerging layer two (L2) technologies.

• The Non-Fungible Token Bible - Everything you need to know about NFTs.

• KEVM (⭐377) - A formal model of the EVM in the K framework.

Threats

• List of Bitcoin Heists - Research on prior Bitcoin-related thefts.

• Rekt News - Investigative journalism, creative commentary, and incident analysis.

• DeFiYield's REKT db - Database of Crypto Hacks, Exploit, Scam.

• CryptoScamDB - Keeping track of cryptocurrency scams in an open-source database.

• Mudit Gupta's Twitter threads - Early analysis and educational content on Twitter.

• Flash Boys 2.0 Paper - Frontrunning in Decentralized Exchanges, Miner Extractable Value, and Consensus Instability.

• MEV-explore - Help the community understand and quantify the significance of "Dark Forest activities" and their impact on the Ethereum network.

• Flashloan monitor - Dashboard that helps you monitor flashloan transactions.

• Known Attacks - A list of known attacks which you should be aware of, from Consensys.

• Solidity Security - Comprehensive list of known attack vectors and common anti-patterns.

Vulnerabilities

• SWC Registry - Smart Contract Weakness Classification and Test Cases.

• 246 Findings - 246 Findings From Trail of Bits Smart Contract Audits.

• A Survey of Security Vulnerabilities in Ethereum Smart Contracts - Explains eight vulnerabilities that are specific to the application level of blockchain technology by analyzing the past exploitation case scenarios of these security vulnerabilities.

• List of Security Vulnerabilities (⭐535) - A comprehensive list of common smart contract security vulnerabilities, compiled from various sources.

• List of Known Bugs - A JSON-formatted list of some of the known security-relevant bugs in the Solidity compiler.

Controls

• Gnosis Safe - Multi-sig. Require multiple team members to confirm every transaction in order to execute it, which helps prevent unauthorized access to company crypto.

• List of DeFi auditors - List of DeFi auditors maintained by DeFiSafety.

• State of DeFi Audits - Article taking a look at the auditing space and its importance in onboarding users by properly securing new DeFi protocols.

• Building Secure Contracts (⭐1.2k) - Trail of Bits' guidelines and best practices on how to write secure smart contracts.

• Solidity Patterns - A compilation of patterns and best practices for the smart contract programming language Solidity.

• Security Pattern for Ethereum and Solidity - Google Sheets Checklists.

• Solidity Best Practices for Smart Contract Security - Pro tips from Consensys to ensure your Ethereum smart contracts are fortified.

• CERtified - Top 100 exchanges by Cybersecurity rating.

• Forta - Community-based runtime security network for smart contracts.

Ecosystem

• People to follow on Twitter - Twitter list to an overview of the web3 ecosystem and security people.

• Videos to watch on YouTube - YouTube playlist of web3 security videos.

Footnotes / See Also

• Awesome BlockSec CTF (⭐7) - Blockchain security Capture the Flag (CTF) competitions.

• Awesome Buggy ERC20 Tokens (⭐494) - Vulnerabilities in ERC20 Smart Contracts With Tokens Affected.

• Awesome Cryptoeconomics (⭐1.5k) - Cryptoeconomic research and learning materials.

• Awesome Zero-Knowledge Proofs (ZKP) (⭐3k) - A curated list of awesome things related to learning Zero-Knowledge Proofs (ZKP).

• Officer CIA's Ultimate DeFi Research Base (⭐929) - Curated DeFI & Blockchain research papers and tools.

Footnotes / See Also

• Awesome MEV resources (⭐696)

Architecture

• Foundations of Cryptoeconomic Systems - This paper explores why the term "cryptoeconomics" is context dependent and proposes complementary micro, meso and macro definitions of the term.

• Towards a Practice of Token Engineering - How do we design tokenized ecosystems, their incentives and how do we analyze or verify them?

• Bonding Curves Explained - What bonding curves are and their potential applications.

Controls

• Smart Contract Security Registry (⭐82) - An effort to identify deployed contracts instances given their chain and address, by listing the project they belong to.

Threats

• Blockchain Graveyard - A list of all massive security breaches or thefts involving blockchains.

• Blockchain Threat Intelligence - The latest in blockchain, DeFi and cryptocurrency threat intelligence, vulnerabilities, security tools, and events.