Gaining the most elusive of tips. Add your input and let’s collect them all!
General Tips & Suggestions
-
Did you know that you can utilize VSCode on your iPad (preferably with a Magic Keyboard) using the Blink App? If not, watch the following video! I hope you find this tip useful in your work!
-
Clone any project, then upload extension into vscode, 2nd link -> add key from sourcegraph, select the contract and the AI analyzes the structure of your project for you! Check out this example!
-
Try auditwizard.io - revolutionize your workflow today!
-
Check out pre-built security properties for commonly forked DeFi protocols.
-
MEV / Sandwich / Front-run & Back-run: Compilation & advanced info.
-
Try Slither Detectors by Pessimistic.io & check out SolCurity.
-
Give a try: Pyrometer & Sporalyzer.
-
Explore Web3 with full confidence guarded by Web3Antivirus security browser extension & learn evm attacks!
-
Try using obsidian.md for notes! & check out Audit Quality!
-
Follow my own blog & Hexens' blog!
-
This project was created to support Code4rena Bot Races with useful stats and tools. Read more about it here & try 4naly3er!
-
Bot Racing: The Rise of Web3 Bots. & Code4Rena Bot Racing explained!
-
Check out GasBad which is an open-source project that evaluates gas efficiency in Solidity libraries!
-
Try out this tool - it scans constructor of solidity smart contract for checks to zero address.
-
Try using Semgrep rules for smart contracts based on DeFi exploits!
-
Complete this set of tasks & check out this curated list of web3Security materials and resources For Pentesters and Bug Hunters!
-
Let's break down such a concept as mind-mapping - study this list & check out AuditorsRoadmap mind-map!
Tools & Services
-
With this tool you can search across a half million git repos!
-
Allowing smart contract developers to do simulation driven development via an EVM emulator.
-
Fuzzing cryptographic libraries. Magic bug printer go brrrr.
Useful Resources — by officercia.eth
-
Fuzzing Solidity Smart Contracts with Echidna: Die-Hard Level Tips
-
Per Aspera ad Astra: How to become a smart contract auditor & bugbounty-hunter
-
Arbitrum: Basic Features, Technical Details and Differences from Ethereum
-
Auditor’s Advice: Math, Solidity & Gas Optimizations | Part 1/3
-
Auditor’s Advice: Solidity Checklist & Reentrancy Attack | Part 2/3
-
Auditor’s Advice: EVM Limitations & Assembly Auditing Tips | Part 3/3
Awesome GitHub Lists
https://t.me/officercia?source=post_page-----2e085aa54742--------------------------------
Additional Resources
-
The ultimate framework to best secure your Dapp and optimize the money spent on security reviews.
-
Vault Math - How much shares to mint? How much token to withdraw?
-
Template repository intended to ease fuzzing components of Solidity projects, especially libraries.
-
An interactive Solidity shell with lightweight session recording and remote compiler support.
-
Learn how to build on Ethereum; the superpowers and the gotchas.
-
This is a course for hackers, programmers, and software engineers who learn by doing!
-
To learn common smart contract vulnerabilities using Foundry!
-
Blockchain dark forest selfguard handbook. Master these, master the security of your cryptocurrency.
-
Flash Crash for Cash: Cyber Threats in Decentralized Finance
-
Information about web3 security and programming tutorials/tools
Front-end Security
Work…?
Support
The best thing is to support me directly by donating to my address on Ethereum Main-net or any of the compatible networks or to any address from the list below:
-
0xB25C5E8fA1E53eEb9bE3421C59F6A66B786ED77A — ERC20 & ETH officercia.eth
-
4AhpUrDtfVSWZMJcRMJkZoPwDSdVG6puYBE3ajQABQo6T533cVvx5vJRc5fX7sktJe67mXu1CcDmr7orn1CrGrqsT3ptfds — Monero/XMR
-
You can also support me by minting one of my Mirror articles NFTs!