Introduction
Etherscan
- A block explorer analysis tool
- Lets you view any and all transcations on the blockchain
- Available for both the mainnet and testnet
Remix
- A Browser based IDE for Solidity
Primitive Datatypes in Solidity
- int : integer (signed integer)
- uint : unsigned integer (uint8, uint16, uint256=unint)
- bool : Boolean (true or false)
- address : Ethereum Address
Variables in Solidity
-
Local Variables
- Declared inside a function
- Not stored on the blockchain
-
State Variables
- Declared outside a function
- Stored on the blockchain
-
Global variables
- It provides information about the blockchain
- e.g msg.sender, msg.value, msg.data, block.timestamp
Simple addition program using solidity
pragma solidity ^0.8.0;
contract MyContract {
unint public number1; //state variable
function myFunction() public {
unint num; //local variable
}
function newFunction() public return (uint, address) {
uint num1 = 12;
uint num2 = 13;
number1 = num1 + num2;
address myAddress = msg.sender; //global variable
return (number1, myAddress);
}
}
View and pure
Constructor
Mapping
Blockchain Forensics Tool
Blockchain Explorers:
- Etherscan
- btc.com
- Bscscan
- Polygonscan
- Universal Explorers
Smart contract Decompilers
Browser Extensions:
Rug Checker Tools
- Rug Pull Finder
- bscheck
- rugscreen
- QuillCheck
- poocoin’s rugcheck
- tokensniffer
- rugpulldetector
- rugdoc honeypot checker
Txn Visualization Tools
- MistTrack
- ethtx.info
- Front-running explorer
- Phalcon BlockSec
- Bitquery Explorer
- Tx eth samczsun
- Tenderly
- Socketscan
- 3D VR blockchain visualization
- eigenphi.io
- nansen.ai
- Officer CIA’s Investigation tools list
Toke Flow Visualizer:
Miscellaneous tools
Common Vulnerabilities in Smart Contracts
Price Oracle Manipulation
Message call with hardcoded gas amount
Hash Collisions with multiple variable length arguments
DoS with Block Gas List
Insufficient Gas Griefing
Missing protection against Signature Replay Attacks
Lack of Proper Signature verification
Weak Sources of Randomness from chain attributes
Signature Malleability
Authorization through tx.origin
Recentrancy
Code with no effects
Unencrypted Privated Data On-Chain
Integer Overflow and Underflow
Floating Pragma
Unchecked Call Return Value
Unprotected SELFDESTRUCT Instruction
State Variable Default Visibility
Unintialized Storage pointer
Use of Deprecated Solidity Functions
DoS with Failed Call
Blogs & Reports
- Immunefi Medium
- Openzeppelin Blogs
- QuillAudits Blogs
- Solidity Scan Blogs
- Beosin
- Neptune Mutual
- BlockSec
- CertiK
- mouse-run
CTFs Platform | Web3
- Capture the Ether
- The Ethernaut
- Damn Vulnerable DeFi
- Security Innovation Blockchain CTF
- GOAT Casino
- Paradigm CTF
- Blocksec CTFs
- ciphershastra CTF
- DeFiVulnLabs
- QuillCTF
- Vulnmachines - Blockchain hacking
Bug Hunting Platform | Web3
Smart Contract and Audit Reports | Web3
- Chainsulting
- Code4rena Audit Reports
- Consensys Audit Reports
- QuillAudits Audit Reports
- Spearbit Audit Reports
- iskdrews
- Sherlock
- Avastars Smart Contract Audit Public Report
- KubixSquare audit
- lemonade-audits
- Techrate
- interfinetwork
- Decentraland audit
- Tech-Audit
- Sifchain
- Complete List of Security Audit Reports
Smart Contract Auditing Tools
Testing Frameworks:
Fuzzers::
VS Code Extensions
- Solidity Visual Developer
- Slither VSC
- Inline Bookmarks
- Solidity Metrics
- EthOver
- GraphViz Interactive Preview
- Mythx VSC
- Remix VSC
Linters and Formatters:
Visualization Tools:
Dynamics Analysis & Static Analysis:
- Slither
- MythX
- Mythril
- Manticore
- securify2
- Eth Security Toolbox
- smartcheck
- solidityscan.com
- Fuzzinglab’s Octopus
Auditing Books and Guides:
- The Auditors Book
- Solodit.xyz
- Audit Hero
- Solidity Attack Vectors
- Audit Checklist
- Awesome Solidity Gas Optimizations
- Secureum Blogs
- Diligence - Smart Contract Best Practices
- Blockchain Hacking QuickStart Guide
- How to Become a Smart Contract Auditor by Cmichel