saeidshirazi
Awesome-Smart-Contract-Security

A curated list of Smart Contract Security materials and resources For Researchers

Last updated Jul 8, 2026
897
Stars
159
Forks
1
Issues
+4
Stars/day
Attention Score
97
Language breakdown
No language data available.
Files click to expand
README

Awesome-Smart-Contract-Security awesome

Screenshot

Table of Contents

* Visualization * Verification * Linters * BugHunting * Reverse Engineering - Security Journal list

Blogs

Papers

Books

* Fundamentals of Smart Contract Security * Hands-On Smart Contract Development with Solidity and Ethereum * Mastering Ethereum

Security Journal list

  • IEEE Transactions on Information Forensics and Security [[web]](http://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=10206)
  • Computer & Security[[web]](http://www.elsevier.com/wps/find/journaldescription.cws_home/405877/description#description)
  • IET Information Security[[web]](http://www.ietdl.org/IET-IFS)
  • ACM Transactions on Information and System Security[[web]](http://tissec.acm.org/)
  • International Journal of Information Security[[web]](https://www.springer.com/journal/10207)
  • Security and Communication Networks[[web]](http://www.wiley.com/bw/journal.asp?ref=1939-0114)
  • IEEE Security & Privacy[[web]](https://www.computer.org/csdl/magazine/sp)
  • IEEE Transactions on Dependable and Secure Computing [[web]](http://www.computer.org/tdsc/)
  • Security and Communication Networks[[web]](http://onlinelibrary.wiley.com/journal/10.1002/(ISSN)1939-0122)
  • Computer Fraud & Security[[web]](http://www.elsevierscitech.com/nl/cfs/home.asp )

Trainings

Tools

Visualization

  • ethereum-graph-debugger - A graphical EVM debugger. Displays the entire program control flow graph.
  • Slither - Slither can map method visibility and modifiers, state variables that are read and written, calls, and can print the inheritance graph of a smart contract
  • Solgraph - Generates DOT graphs with function control flow of a solidity contract
  • Surya - Generates various visual outputs of function call graphs
  • sol-function-profiler - Solidity contract function profiler

Verification

  • KEVM - K Semantics of the Ethereum Virtual Machine (EVM)
  • Manticore - Symbolic execution tool for EVM

Linters

  • Remix - Browser-based Solidity IDE with linting features
  • SmarrtCheck - A linter for Solidity and Vyper that checks code for security issues and bad practices.
  • Solhint - Linter for both security and style-guide validations. It strictly adheres to the Solidity Style Guide.
  • Solium - Linter for both security and style-guide validations. Does not strictly adhere to the Solidity Style Guide.

BugHunting

  • Web3 Decoder - Web3 Decoder is a Burp Suite Extension that helps to analyze what is going on with the operations involving smart contracts of the web3
  • Echidna - Fuzzer for Ethereum smart contracts. Uses property testing to generate malicious inputs that break smart contracts.
  • Manticore - Symbolic execution tool for Ethereum smart contracts that includes detectors for common security flaws
  • Mythril OSS - Open-source security analysis tool for Ethereum smart contracts built around detector modules
  • Securify v2.0 - Static analysis tool from ChainSecurity
  • Slither - Static analysis framework, written in Python, with detectors for many common Solidity issues
  • Octopus - : Blockchain Smart Contracts (BTC/ETH/NEO/EOS)
  • L3X - AI-driven Smart Contract Static Analyzer

Runtime Monitoring & Scam Detection

These tools complement static analysis by watching contracts post-deployment for honeypots, rug pulls, and adversarial deployer patterns. Most are free to use.

  • GoPlus - Token security API covering 30+ chains with honeypot, ownership, and trading risk checks.
  • HoneyBadger - Honeypot detector for Ethereum smart contracts (academic, EVM bytecode).
  • Honeypot.is - Quick honeypot test for ERC-20 tokens by simulating buy/sell.
  • RektRadar - Real-time Ethereum scam detector with mempool monitoring, deployer graph analysis, and factory pattern detection. Catches rug pulls mid-broadcast and flags honeypots before liquidity is added.
  • TokenSniffer - Automated scam detection, auditing, and metrics for ERC-20 tokens.
  • Sharpe Rug Check - Token risk scanner for EVM and Solana assets, covering liquidity, holder, ownership, authority, and honeypot signals
  • ContractScan - Free client-side smart contract security scanner. Detects proxies, honeypots, rug pulls, and 11 vulnerability patterns across 6 EVM chains. Works in browser, no signup needed.

Reverse Engineering

  • abi-decompiler - EVM reverse engineering helper utility
  • ethereum-dasm - EVM disassembler with static and dynamic analysis abilities, including function signature lookup
  • Ethersplay - Visual disassembler for EVM bytecode built on Binary Ninja
  • evmlab - Utilities for interacting with the Ethereum virtual machine
  • IDA-EVM - IDA plugin to view EVM instructions
  • Panoramix - Ethereum decompiler
  • pyevmasm - EVM assembler and disassembler with a CLI and a Python API
  • Rattle - EVM binary static analysis framework. Produces SSA representations of EVM code.
  • Solidity Bytes32 Converter Online - Convert Solidity bytes32 to utf8 string or integers and vice versa.
  • Online Solidity ABI Encoder - Online Solidity ABI Encoder to encode smart contract arguments, and also perform read and write operations on the blockchain.
  • Ethereum Unit Converter - Online tool to convert the different ethereum denominations (wei, gwei, ether).

Labs

Capture the Flag and Wargames

Talks

| Title | Conference | Year | | --- | --- | --- | |6th Workshop on Trusted Smart Contracts | WTSC 2022 | 2022| |Smart Contract Security: a Practitioners’ Perspective | ICSE 2021 |2021| | Predicting Random Numbers in Ethereum Smart Contracts | OWASP AppSec | 2018 | | Blockchain Autopsies - Analyzing Smart Contract Deaths | Blackhat USA | 2018 | | Rattle - an EVM binary analysis framework | reCON | 2018 | | Blackhat Ethereum | CanSecWest | 2018 | | Smashing Ethereum Smart Contracts for Fun and Profit | HITB Amsterdam | 2018 | | Automatic Bug Finding for the Blockchain | EkoParty | 2017 |

Misc

Podcasts

Cheat Sheets

Checklists

Bug Bounty & Writeups

Bug Bounty/Audit Platforms & Project

Web3 Security Tools

  • MetaVision CVE Oracle - Web3 vulnerability scanner. 355k+ CVEs from NVD, specialized in Ethereum/Solidity/DeFi. Wallet fraud + rug pull detection (ChainAware). API: POST /cve {"keyword": "solidity"}

© 2026 GitRepoTrend · saeidshirazi/Awesome-Smart-Contract-Security · Updated daily from GitHub