Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

secure smart contracts and programmable society #7

Open
bbaudry opened this issue Sep 27, 2022 · 30 comments
Open

secure smart contracts and programmable society #7

bbaudry opened this issue Sep 27, 2022 · 30 comments

Comments

@bbaudry
Copy link
Collaborator

bbaudry commented Sep 27, 2022
edited by monperrus
Loading

List of resources:

https://users.encs.concordia.ca/~clark/academic.php
@monperrus
Copy link
Member

Sigstore empowers software developers to securely sign software artifacts such as release files, container images, binaries, bill of material manifests and more. Signing materials are then stored in a tamper-resistant public log.

https://docs.sigstore.dev/

@monperrus
Copy link
Member

https://github.com/crytic/building-secure-contracts

@monperrus
Copy link
Member

Ultimate Web3 Security Practices
https://github.com/arunimshukla/Best-DeFi-Security-Practices

@monperrus
Copy link
Member

Smart Invoice is a platform that provides web3 freelancers with cryptocurrency invoicing, escrow, and arbitration.
https://smartinvoice.xyz/

@monperrus
Copy link
Member

Provable identities
https://book.keybase.io/guides/proof-integration-guide

@monperrus
Copy link
Member

SpruceID is an ecosystem of open source tools to enable user-controlled identity anywhere.
https://www.spruceid.com/

@monperrus
Copy link
Member

@monperrus
Copy link
Member

BSB: Bringing Safe Browsing to Blockchain Platform
https://link.springer.com/chapter/10.1007/978-3-031-23020-2_30

@monperrus
Copy link
Member

Multisig wallets

Example in Bitcoin: https://github.com/bitcoin/bitcoin/blob/master/doc/multisig-tutorial.md

Example in EVM: https://github.com/paxosglobal/simple-multisig/ (incl. audits) (see also Gnosis Safe)

@monperrus
Copy link
Member

social recovery wallets: https://vitalik.ca/general/2021/01/11/recovery.html

@monperrus
Copy link
Member

Securing Deployed Smart Contracts and DeFi With Distributed TEE Cluster
https://www.computer.org/csdl/journal/td/5555/01/09999528/1JrMCRVDdDy

@monperrus
Copy link
Member

multi-party computation (MPC) wallets:
https://zengo.com/mpc-wallet/
https://halborn.com/what-is-an-mpc-wallet/
https://www.alchemy.com/overviews/mpc-wallet

@monperrus
Copy link
Member

Smart contract best practices by consensys https://consensys.github.io/smart-contract-best-practices/

@bbaudry
Copy link
Collaborator Author

bbaudry commented Apr 11, 2023

OpenSCV: An Open Hierarchical Taxonomy for Smart Contract Vulnerabilities.
http://arxiv.org/abs/2303.14523

@monperrus monperrus changed the title secure programmable society secure smart contracts and programmable society May 2, 2023
@monperrus
Copy link
Member

https://github.com/kadenzipfel/smart-contract-vulnerabilities

@monperrus
Copy link
Member

https://github.com/sigp/solidity-security-blog

@monperrus
Copy link
Member

Vulnerability classification
https://swcregistry.io/
https://www.dasp.co/

@monperrus
Copy link
Member

Sabre is a security analysis tool for smart contracts written in Solidity.

https://github.com/muellerberndt/sabre

@monperrus
Copy link
Member

VRust: Automated Vulnerability Detection for Solana Smart Contracts CCS 22
https://dl.acm.org/doi/abs/10.1145/3548606.3560552

@monperrus
Copy link
Member

Semgrep rules for smart contracts
https://github.com/Decurity/semgrep-smart-contracts

@monperrus
Copy link
Member

OpenZeppelin Defender provides a security operations (SecOps) platform for Ethereum with built-in best practices.

Admin Automate and secure all your smart contract administration.
Relay Build with private and secure transaction infrastructure.
Sentinel Monitor smart contracts and send notifications.
Autotask Create automated scripts to call your smart contracts.

https://docs.openzeppelin.com/defender/

@bbaudry
Copy link
Collaborator Author

bbaudry commented Jun 3, 2023

automatic synthesis of adversarial smart contracts

The Blockchain Imitation Game, Usenix 2023
https://www.usenix.org/system/files/sec23fall-prepub-331-qin.pdf

@bbaudry
Copy link
Collaborator Author

bbaudry commented Jun 12, 2023

Cerberus Channels: Incentivizing Watchtowers for Bitcoin
https://link.springer.com/chapter/10.1007/978-3-030-51280-4_19

@monperrus
Copy link
Member

pyrometer: a tool for analyzing the security and parameters of a solidity smart contract
https://github.com/nascentxyz/pyrometer

@bbaudry
Copy link
Collaborator Author

bbaudry commented Sep 6, 2023

Robbery on DevOps: Understanding and Mitigating Illicit Cryptomining on Continuous Integration Service Platforms
https://dl.acm.org/doi/pdf/10.1145/3062341.3062363?theme=2019

@bbaudry
Copy link
Collaborator Author

bbaudry commented Sep 29, 2023

VulHunter: Hunting Vulnerable Smart Contracts at EVM bytecode-level via Multiple Instance Learning

@monperrus
Copy link
Member

blockchain CTF from go-outside-labs/blockchains-auditing

@bbaudry
Copy link
Collaborator Author

bbaudry commented Nov 1, 2023

Gap between theory and practice: an empirical study of security patches in solidity
https://dl.acm.org/doi/pdf/10.1145/3377811.3380424

@monperrus
Copy link
Member

TxPhishScope: Towards Detecting and Understanding Transaction-based Phishing on Ethereum
https://yajin.org/papers/ccs23_phishing.pdf

@bbaudry
Copy link
Collaborator Author

bbaudry commented Jan 5, 2024

SourceP: Detecting Ponzi Schemes on Ethereum with Source Code.
http://arxiv.org/abs/2306.01665

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@monperrus @bbaudry