TradMod
awesome-audits-checklists

A curated list of smart contracts security audits checklists and resources.

Last updated Jul 7, 2026
325
Stars
59
Forks
1
Issues
0
Stars/day
Attention Score
88
Language breakdown
No language data available.
โ–ธ Files click to expand
README

Awesome Audits Checklists

NOTE: All the resources in this repo are for educational purposes only and have been curated especially for developers and auditors. Developers should use them to build more secure applications. Auditors should benefit from these resources as well, using them to learn and secure systems but they should not rely solely on checklists. Auditors should always adapt checklists to their specific context and prioritize a deep understanding of systems and security principles over rigid reliance on lists. This repository is a community effort, a collection of humble contributions from security researchers around the world. Thanks and respect to everyone who shares their knowledge to help make blockchain applications safer for all.

Table of Contents

1. General Smart Contracts Security & Audit Checklists

A comprehensive checklist covering all essential aspects of smart contract security. An actionable checklist for auditing and reviewing Solidity smart contracts. A general-purpose checklist for smart contract audits, covering common vulnerabilities. A standardized framework for verifying the security of smart contracts. An in-depth article on smart contract security concepts and best practices. Curated list of audit checklists of different auditors. Tips and steps to prepare your project for a successful smart contract audit. A toolkit of scripts, resources and checklists for enhancing security during smart contract development. Video guide covering security best practices for implementing and managing multi-signature wallets and governance systems. Guidelines for submitting effective and complete bug reports. A checklist focused on preventing hacks in DeFi protocols. A Checklist to follow when protocols get hacked and handle smart contracts hack crisis. This is a must watch and practical measures to take for every Web3 founders, developers & researchers.

2. ERC Standards & Edge Cases

ERC20

A list of unusual or non-standard ERC20 token implementations.

ERC721

Examples of non-standard and quirky ERC721 contracts. A Twitter thread discussing ERC721-specific security issues.

ERC4626

A checklist for auditing ERC4626 (tokenized vault) contracts. A Twitter thread highlighting rounding errors in ERC4626 implementations. Biggest ERC4626 checklist. More than 350 direct vulnerabilities, many pitfalls, integration errors and more.

ERC4337 & Account Abstraction

Security checklist for ERC4337 (account abstraction) contracts.

3. Core Blockchain, Node & Infra

A comprehensive security engineer's guide to reviewing core blockchain nodes, covering systematic approaches to conducting thorough security reviews of blockchain node implementations like Reth. Twitter thread covering general blockchain security considerations and best practices.

3. Bridges, Interoperability & Multichain

A checklist for securing interoperability protocols LyerZero, CCIP, Wormhole etc and cross-chain solutions. A repository with resources and tools for auditing multichain protocols. Checklist for auditing the security of cross-chain bridges. Repository documenting various blockchain bridge vulnerabilities and security considerations for cross-chain bridge implementations. Encyclopedia entry covering LayerZero protocol security research, vulnerabilities, and integration considerations.

4. DeFi Protocols

A checklist for auditing AMM smart contracts. An in-depth article on security considerations and audit tips for Automated Market Maker protocols. Checklist for auditing Collateralized Debt Positions. Common Vulnerabilities in Liquity v2 forks & Considerations to safely deploy Liquity V2. Checklist for auditing LSD protocols. Security analysis and best practices for liquid staking derivatives. An article on security considerations for liquid restaking tokens (LRTs). Analysis of vulnerabilities in DeFi liquidation mechanisms. Security issues and risks in concentrated liquidity managers. Explanation of slippage attacks in DeFi and how to prevent them. Discussion of errors caused by precision loss in smart contracts.

5. Protocols Integration Security

A detailed checklist for auditing the security of Across V3 cross-chain messaging protocol integrations. A detailed checklist for auditing the security of LayerZero V2 cross-chain messaging protocol integrations. A comprehensive audit checklist for Wormhole bridge integrations, highlighting key risks and best practices. A thorough checklist for reviewing and securing Chainlink CCIP (Cross-Chain Interoperability Protocol) implementations. Twitter thread detailing bugs found in Berachain's oracle implementation. Secruity Checklist for for Stargate V2 contracts integrations.

UniswapV4 Hooks Integration Guides

This guide outlines some key considerations when designing a UniswapV4 hook to suit your specific needs. A detailed presentation on Uniswap V4's architecture and the main security threats and best practices when building custom hooks. A technical walkthrough of Uniswap V4 hooks, including how to build, test, and secure custom hooks. An article outlining the main audit considerations, attack vectors, and recommendations for Uniswap V4 hook integrations. A breakdown of the new security challenges and mitigation strategies for Uniswap V4 and its hooks. A blog post analyzing the unique security risks introduced by hooks in Uniswap V4 and how to address them. Comprehensive security research and analysis of Uniswap V3 and V4 protocols, covering integration risks and security considerations.

6. Proxies & Upgradability

Video explaining common patterns for upgradable smart contracts. Twitter thread discussing upgradability and proxy contract security. Article analyzing the security of UUPS proxy pattern in Solidity.

7. Signature Attacks

In-depth explanation of signature replay attacks in smart contracts. A beginner-friendly guide to Ethereum signatures and their security implications. General overview of replay attack vectors and prevention.

8. Governance

Analysis of attacks and vulnerabilities in DAO governance mechanisms. Common vulnerabilities in protocol governance and DAOs, covering reentrancy, insider threats, flash loan voting, proposal execution issues, and other governance-specific attack vectors.

9. Chains Specific Security

A repository with resources and tools for auditing multichain protocols.

Solana

A comprehensive hitchhiker's guide to Solana program security covering common vulnerabilities, attack vectors, and mitigation strategies for intermediate/advanced developers building on Solana. Best practices for securing Solana smart contracts. Potential security pitfalls and best practices for secure implementation of the new Solana SPL token extensions. Examples of security issues in Solana contracts. Advanced security topics for Solana developers.

Arbitrum

Arbitrum Security pitfalls and integration guide.

Algorand

Security pitfalls and real-world issues in Algorand contracts.

Starknet (Cairo)

Examples of vulnerabilities in Starknet (Cairo) contracts.

Cosmos

Security issues and case studies in Cosmos contracts.

Substrate

Security analysis of Substrate-based smart contracts.

Ton

Security vulnerabilities in TON smart contracts. Checklist for Auditing TON Smart Contracts

Tron

A guide to common bugs and integration pitfalls in Tron Contracts.

Blast

A guide to common bugs and integration pitfalls in Blast.

Near

Near smart contracts security considerations list

Binance Chain

Top 15 security recommendations for BNB Chain developers covering vulnerability patterns, exploit defenses, and secure engineering practices specific to BNB Chain development.

Hyperliquid

Implementation and Security Pitfalls of LST on Hyperliquid.

10. Wallets Security

A practical checklist covering best practices for securing Web3 wallets. A comprehensive checklist for auditing and securing various types of crypto wallets. An article exploring security considerations for account abstraction. Audit checklist for account abstraction wallets. A checklist outlining key steps and best practices for assessing the security of crypto wallets. A practical checklist covering best practices for securing Web3 wallets and wallet security assessment methodologies.

11. Other/Uncategorized

Twitter thread detailing oracle-specific security considerations and vulnerabilities. Comprehensive guide to common vulnerabilities in oracles and pricing feeds, covering spot pricing attacks, homegrown oracle issues, time delays, gas congestion, and price manipulation techniques. A curated list of gas-saving techniques and best practices for Solidity smart contract development. Academic paper reviewing the state of smart contract security as of 2020. Article on past attacks and vulnerabilities involving Chainlink oracles. Official documentation on the security model of Chainlink's Verifiable Random Function. A comprehensive database of known smart contract vulnerabilities, each with a unique identifier and detailed description. Security risks and pitfalls when using inline assembly in Solidity. DevSecOps best practices and standards for Solidity development. Best practices on how to implement secure standard operation procedures for multisigs. Analysis of security pitfalls when using CREATE, CREATE2, and EXTCODESIZE opcodes in smart contract development. Video discussion on security implications and considerations for EIP-7702 implementation.

Support

If you want to support this repo and its contributors, you can do it on the Terminal. Thanks!

Contribution

If you'd like to contribute reach out on X, or Simply create a PR anon :)
๐Ÿ”— More in this category

ยฉ 2026 GitRepoTrend ยท TradMod/awesome-audits-checklists ยท Updated daily from GitHub