# `awesome-web3-security`[![Awesome](https://awesome.re/badge.svg)](https://awesome.re) [![GitHub license](https://img.shields.io/github/license/gmh5225/awesome-web3-security)](https://github.com/gmh5225/awesome-web3-security/blob/main/LICENSE) A curated list of Web3 Security materials and resources for Pentesters and Bug Hunters. ``` If you find that some links are not working, you can simply replace the username with gmh5225. Or you can send an issue for me. ``` > Show respect to all the projects below, perfect works of art :saluting_face: ## How to contribute? - https://github.com/HyunCafe/contribute-practice - https://docs.github.com/en/get-started/quickstart/contributing-to-projects ## Skills for AI Agents This repository provides skills that can be used with AI agents and coding assistants such as [Cursor](https://www.cursor.com/), [OpenClaw](https://docs.openclaw.ai/), [Claude Code](https://docs.anthropic.com/en/docs/claude-code), [Codex CLI](https://github.com/openai/codex), and other compatible tools. Install skills to get specialized knowledge about Web3 security topics. **[View on learn-skills.dev](https://learn-skills.dev/skills/gmh5225/awesome-web3-security)** **Installation:** ```bash npx skills add https://github.com/gmh5225/awesome-web3-security --skill ``` **Available Skills:** | Skill | Description | |-------|-------------| | `mev-security` | MEV concepts, common attacks, and mitigations | | `awesome-web3-security-overview` | Understanding and contributing to this resource list | | `smart-contract-security` | EVM/Solidity smart contract security | | `solana-security` | Solana/Sealevel security research | | `web3-security-tooling` | Security tooling (analyzers, fuzzers, decompilers) | | `wallet-security` | Wallet security (MPC/TSS, key management, phishing) | **Example:** ```bash # Install smart contract security skill npx skills add https://github.com/gmh5225/awesome-web3-security --skill smart-contract-security # Install multiple skills npx skills add https://github.com/gmh5225/awesome-web3-security --skill solana-security --skill wallet-security ``` ## Security Starter Pack - **CTFs / Practice** - https://capturetheether.com/ [Capture the Ether] - https://ethernaut.openzeppelin.com/ [The Ethernaut] - https://www.damnvulnerabledefi.xyz/ [Damn Vulnerable DeFi] - https://blockchain-ctf.securityinnovation.com/#/ [Security Innovation Blockchain CTF] - https://github.com/nccgroup/GOATCasino [GOAT Casino] - https://github.com/paradigm-operations/paradigm-ctf-2021 [Paradigm CTF] - https://github.com/blockthreat/blocksec-ctfs [Blocksec CTFs] - https://ciphershastra.com/ [ciphershastra CTF] - https://github.com/SunWeb3Sec/DeFiVulnLabs [DeFiVulnLabs] - https://quillctf.super.site/ [QuillCTF] - https://www.vulnmachines.com/ [Vulnmachines] - https://www.web3pwn.com/ [Web3Pwn] - **Testnets / Faucets** - https://sepolia.dev/ [Sepolia Resources] - https://faucet.circle.com/ [Circle Faucet (Sepolia USDC)] - **Mindmaps** - https://www.xmind.net/m/2zbPP7/ [Common Vulnerabilities MindMap] - https://coggle.it/diagram/YqLzaiSABzXD4UnZ/t/smart-contract-auditor [Auditor MindMap] - https://xmind.works/share/zfdeD07U [Tools MindMap] - **Starter Tools** - https://github.com/Quillhash/Web3-Security-Tools [Web3-Security-Tools] - https://remix-project.org/ [Remix] - **Blogs / Postmortems** - https://medium.com/immunefi [Immunefi] - https://blog.openzeppelin.com/security-audits/ [OpenZeppelin] - https://quillaudits.medium.com/ [QuillAudits] - https://blog.solidityscan.com/ [SolidityScan] - https://medium.com/@Beosin_com [Beosin] - https://neptunemutual.medium.com/ [Neptune Mutual] - https://blocksecteam.medium.com/ [BlockSec] - https://www.certik.com/resources/blog [CertiK] - https://mouse-run.beehiiv.com [mouse-run] - **Bug Bounties** - https://immunefi.com/ [Immunefi] - https://hackenproof.com/programs [HackenProof] - https://code4rena.com/ [Code4rena] - https://gitcoin.co/explorer [Gitcoin] - https://hackerone.com [HackerOne] - https://spearbit.com/ [Spearbit] - https://app.sherlock.xyz/ [Sherlock] - https://audits.sherlock.xyz/contests [Sherlock Contests] - https://saloon.finance/ [The Saloon] - https://hats.finance/ [Hats Finance] - https://secure3.io/ [Secure3] - https://app.secure3.io/ [Secure3 Contests] - https://securr.tech/ [Securr] - https://r.xyz/ [Remedy] - https://hunt.r.xyz/ [Remedy Hunt] - https://www.vigilseek.com/bug-bounty [Vigilseek (Bug Bounty Aggregator)] - https://cantina.xyz/ [Cantina] - **Newsletters / Collections** - https://newsletter.blockthreat.io/ [BlockThreat] - https://rekt.news/ [REKT] - https://weekinethereumnews.com/ [Week in Ethereum News] - https://quillaudits.substack.com/ [HashingBits] - https://web3sec.news [Web3sec.news] - **Talks / Videos** - https://www.youtube.com/watch?v=lJQwuyW4t-k [IWCON-S22] - http://www.youtube.com/watch?v=P8LXLoTUJ5g [LiveOverflow] - https://www.youtube.com/watch?v=zcJmWr5_GOc [Web3 Security Mindset] - https://www.youtube.com/watch?v=QSmtVR0aniI [Security and Vulnerabilities in Web3] - https://www.youtube.com/playlist?list=PLox242_JhiuEe64LzW1M8XpiQ2-N5bZsX [Playlist] - https://www.youtube.com/watch?v=A5s9aez43Co&list=PLO5VPQH6OWdXKPThrch6U0imGdD3pHLXi [Damn Vulnerable DeFi CTF] - https://www.youtube.com/watch?v=cOP9z9XWjwc [Attacking Authorization] - https://www.youtube.com/watch?v=TmZ8gH-toX0 [Audit a Smart Contract] - https://www.youtube.com/watch?v=gyMwXuJrbJQ [32-Hour Course] - **Learn Solidity** - https://cryptozombies.io/ [CryptoZombies] - https://www.learnweb3.io/ [LearnWeb3] - https://www.smartcontract.engineer/ [Smart Contract Engineer] - https://solidity-by-example.org/ [Solidity by Example] - https://www.web3.university/ [Web3 University] - https://www.useweb3.xyz/ [useWeb3] - **Audit Reports** - https://github.com/chainsulting/Smart-Contract-Security-Audits [Chainsulting] - https://code4rena.com/reports [Code4rena Reports] - https://consensys.net/diligence/audits/ [Consensys] - https://github.com/Quillhash/QuillAudit_Reports [QuillAudits] - https://github.com/spearbit/portfolio/tree/master/pdfs [Spearbit] - https://github.com/sherlock-protocol/sherlock-reports [Sherlock] - https://github.com/0xNazgul/Blockchain-Security-Audit-List [Audit List] - https://github.com/shieldify-security/audits-portfolio [Shieldify] - **Certifications** - https://secops.group/certified-blockchain-practitioner [CBP] - https://blockchaintrainingalliance.com/products/cbsp [CBSP] ## Blockchain Guide - https://github.com/useWeb3/awesome-web3 [awesome web3] - https://github.com/austintgriffith/ethskills [The missing knowledge between AI agents and production Ethereum] - https://github.com/karask/satoshi-paper [Original Satoshi paper in various formats] - https://l2beat.com/scaling/summary [L2BEAT Scaling Summary] - https://github.com/unbalancedparentheses/practical_cryptography_and_distributed_ledgers [Practical Cryptography and Distributed Ledgers] - https://github.com/mush-support/mush-news [MushNews - Web3 News Explorer] - https://github.com/lukasmasuch/best-of-crypto [awesome open-source crypto projects] - https://github.com/0xMacro/awesome-solana-security [awesome solana security] - https://github.com/az0mb13/awesome-solana-security [awesome solana security] - https://github.com/openSVM/awesome-svm [All things SVM (Solana Virtual Machine)] - https://github.com/Ackee-Blockchain/Solana-Auditors-Bootcamp [Solana audit security] - https://github.com/anza-xyz/security-audits [Solana audit security] - https://github.com/0xNazgul/Blockchain-Security-Library [Blockchain Security Library] - https://github.com/GammaStrategies/awesome-uniswap-v3 [A curated list of awesome Uniswap v3 resources] - https://github.com/fewwwww/awesome-uniswap-hooks [A curated list of awesome Uniswap v4 hooks resources] - https://github.com/neodyme-labs/solana-ctf [Solana CTF] - https://github.com/slowmist/Web3-Project-Security-Practice-Requirements [Web3 Project Security Practice Requirements] - https://www.freeweb3resources.com [Guide] - https://github.com/yjjnls/awesome-blockchain [Guide] - https://github.com/ahmet/awesome-web3 [Guide] - https://github.com/codeluu/blockchain-osint [A collection of tools and resources useful for OSINT investigations in the cryptocurrency] - https://github.com/K2SOsint/Legendary_Crypto [A resource full of Crypto/OSINT tools, techniques and training courses for CTI, AML, and forensic investigations] - https://github.com/gmh5225/wallet-pentesting-article [Wallet Pentesting Guide] - https://github.com/ValkyriSecurity/awesome-wallet-security [Resources to learn Wallet Security] - https://github.com/rkdud007/awesome-zkvm [zkVM Guide] - https://github.com/eth-act/zkevm-book [Ethereum zkEVM book] - https://github.com/chaozh/awesome-blockchain-cn [CN Guide] - https://blog.wssh.trade/posts/uniswap-v3 [Uniswap V3 CN Guide] - https://github.com/bekatom/awesome-ethereum [ETH Guide] - https://github.com/InfectedIsm/solana-quick-start-guide [Solana quick start guide] - https://github.com/GuiBibeau/solana-dev-skill [solana skill] - https://github.com/solana-foundation/awesome-solana-ai [AI tooling to help build on Solana — skills, agents, MCP, dev tools] - https://ashborn-sol.vercel.app/demo/shadow-agent [Shadow Agent Protocol — private AI commerce on Solana with Ashborn/Light ZK, x402 micropayments] - https://github.com/ipsilon/eof [evm object format] - https://github.com/Lilyjjo/mev_reading_list [List of resources to understand what 'mev' is] - https://en.hackndo.com/ethereum-virtual-machine [EVM] - https://github.com/mektigboy/evm-chad [EVM] - https://github.com/jtriley-eth/the-ethereum-virtual-machine [EVM] - https://github.com/w1nt3r-eth/evm-from-scratch [EVM] - https://github.com/shafu0x/evm-from-scratch-book [EVM] - https://github.com/wjmelements/evm [EVM (C)] - https://github.com/4337Mafia/awesome-account-abstraction [EIP-4337] - https://github.com/Arvolear/awesome-eip-7702-delegations [awesome EIP-7702] - https://github.com/smlxl/evm.codes [EVM Opcodes Interactive Reference] - https://github.com/Unboxed-Software/solana-course [A complete course for learning Solana] - https://www.rareskills.io/solana-tutorial [A Solana Course By Rareskills] - https://github.com/lambdaclass/lambdaworks [Crypto] - https://github.com/coinspect/learn-evm-attacks [EVM Security] - https://github.com/x676f64/secureum-mind_map [EVM Security] - https://github.com/perimetersec/evm-fuzzing-resources [EVM Fuzzing Resources] - https://github.com/SunWeb3Sec/damn-vulnerable-defi-v4-solutions [Defi Security] - https://github.com/slowmist/SlowMist-Learning-Roadmap-for-Becoming-a-Smart-Contract-Auditor [Smart contract audit skills roadmap for beginners] - https://github.com/Dapp-Learning-DAO/Dapp-Learning [Dapp] - https://github.com/contractcops/auditingroadmap [Solidity] - https://github.com/0xcacti/awesome-solidity-dev-tools [Solidity] - https://github.com/0xArDANT/Solidity-Exercises [Solidity Exercises] - https://github.com/chinmay-farkya/solidity-notes [Solidity Notes] - https://github.com/33357/smartcontract-apps [Solidity CN] - https://github.com/nullity00/web3-resources [Web3 resources] - https://github.com/Malinariy/Solidity-gas-optimizations-tips [Gas optimizations tips] - https://github.com/w3f/Grants-Program [Web3 Foundation Grants Program] - https://github.com/Bonfida/solana-name-service-guide [Solana name service] - https://github.com/smartcontractkit/starter-kits [across the smart contract ecosystem] - https://github.com/smartcontractkit/solana-starter-kit [Example code for using Chainlink on Solana] - https://www.solanaecosystem.com [Solana Ecosystem discoverer] - https://github.com/solana-developers/create-solana-dapp [CLI for creating Solana dApps on the fly] - https://github.com/ithacaxyz/odyssey-examples [Odyssey's features] - https://github.com/OpenZeppelin/merkle-tree [Merkle Tree] - https://github.com/cbergoon/merkletree [A Merkle Tree implementation written in Go] - [Smart Contract Precision Handling Best Practices](https://github.com/gmh5225/Smart-Contract-Precision-Handling-Best-Practices) [Precision Handling] - https://github.com/gmh5225/Layer2-Architecture [Layer2 Architecture] - https://github.com/gmh5225/Optimism-VM-Architecture [Optimism VM Architecture] - https://github.com/gmh5225/zkVM-Architecture [zkVM Architecture] - https://github.com/awesomelistsio/awesome-crypto-wallets [Awesome Web3 Crypto Wallet] - https://github.com/dinhduongha/awesome-wallet [Awesome Web3 Crypto Wallet] - https://github.com/gmh5225/awesome-crypto-wallet-address [Awesome crypto wallet address] - https://github.com/Ackee-Blockchain/awesome-wake-tests [Awesome Wake tests] ## AI ### Agents - https://github.com/microsoft/ai-agents-for-beginners [AI Agents for beginners] - https://github.com/openai/openai-agents-js [openai agent workflows and agents] - https://github.com/openai/openai-agents-python [openai agent workflows and agents] - https://github.com/e2b-dev/awesome-ai-agents [A list of AI autonomous agents] - https://github.com/elizaOS/eliza [Autonomous agents for everyone] - https://github.com/elizaOS/eliza-starter [eliza starter] - https://github.com/kyegomez/swarms [The Enterprise-Grade Production-Ready Multi-Agent Orchestration Framework] - https://github.com/blorm-network/ZerePy [ZerePy an open-source launch-pad for AI agents] - https://github.com/lambdaclass/eth-agent [AI agent wallet for EVM chains: send/swap/bridge stablecoins with spending limits and human approval] - https://github.com/kortix-ai/suna [Suna - Open Source Generalist AI Agent] - https://github.com/HKUDS/AutoAgent [AutoAgent: Fully-Automated and Zero-Code LLM Agent Framework] - https://github.com/agno-agi/agno [Agno is a lightweight, high-performance library for building Agents] - https://github.com/crewAIInc/crewAI [autonomous AI agents] - https://github.com/pydantic/pydantic-ai [Agent Framework / shim to use Pydantic with LLMs] - https://github.com/VoltAgent/voltagent [Open Source TypeScript AI Agent Framework] - https://github.com/sendaifun/solana-agent-kit [connect any ai agents to solana protocols] - https://github.com/goat-sdk/goat [Connect AI agents to 200+ onchain tools — Solana, EVM, multi-chain] - https://github.com/tetsuo-ai/AgenC [Privacy-focused multi-agent coordination with ZK and confidential compute for Solana] - https://github.com/anagrambuild/breeze-agent-kit [AI agents for Solana yield farming via Breeze — MCP, x402 API, SKILL.md] - https://github.com/cascade-protocol/sati [SATI — ERC-8004 compliant agent identity and reputation on Solana, proof-of-participation] - https://github.com/coinbase/agentkit [Every AI Agent deserves a wallet] - https://github.com/0xgasless/agentkit [AgentKit is a toolkit that gives AI agents access to crypto wallets and onchain functionality] - https://github.com/Ido-Levi/Hephaestus [Semi-Structured Agentic Framework. Workflows build themselves as agents discover what needs to be done, not what you predicted upfront] ### Skills - https://github.com/coinbase/agentic-wallet-skills [Wallet skills for AI agents — npx skills add coinbase/agentic-wallet-skills] - https://github.com/Uniswap/uniswap-ai [AI tools for building on Uniswap — skills, plugins, and agents for any coding agent] - https://github.com/jup-ag/agent-skills [Skills for AI coding agents to integrate with the Jupiter ecosystem] - https://github.com/OpenZeppelin/openzeppelin-skills [OpenZeppelin Skills — secure smart contract development with OZ libraries; Solidity, Cairo, Stylus, Stellar; setup/upgrade skills; npx skills add OpenZeppelin/openzeppelin-skills] - https://github.com/bnb-chain/bnbchain-skills [BNB Chain Skills — AI agent skills for BNB Chain MCP: blocks, transactions, contracts, tokens, NFTs, wallet, ERC-8004 agents, Greenfield; npx skills add bnb-chain/bnbchain-skills] - https://github.com/gate/gate-skills [Gate Skills — open skills marketplace for AI agents: Gate exchange/DEX (spot, futures, unified, dual, staking), market analysis, risk check, news, address tracking; one-click MCP install for Cursor/Claude/Codex/OpenClaw; npx skills add https://github.com/gate/gate-skills] - https://github.com/sendaifun/skills [Solana skills monorepo — DFlow, Drift, Kamino, Meteora, Orca, Raydium, Sanctum, Helius, Pyth, vulnhunter, code-recon, solana-kit, Pinocchio, Surfpool] - https://github.com/solana-foundation/solana-dev-skill [Official Solana development skill — Anchor/Pinocchio, LiteSVM/Mollusk, security best practices] - https://github.com/metaplex-foundation/skill [Official Metaplex skill — Core NFTs, Bubblegum, Candy Machine, Umi/Kit SDKs] - https://github.com/magicblock-labs/magicblock-dev-skill [MagicBlock development — VRFs, Cranks, Session Keys, latency/privacy on Solana] - https://github.com/tenequm/claude-plugins/tree/main/solana [Solana Claude plugin — Anchor/native Rust, security auditing, ZK compression via Light Protocol] - https://github.com/Lightprotocol/skills [Solana rent-free dev skills — Anchor/Pinocchio without rent-exemption, ZK programs] - https://github.com/quiknode-labs/blockchain-skills [Quicknode blockchain skills — Solana RPC, Jupiter Swap API, Yellowstone gRPC] - https://github.com/sanbir/solidity-auditor-skills [Solidity Auditor Skills — EVM security auditing: 210 attack vectors, 5–7 parallel agents, DeFi checklists, adversarial reasoning; fork of pashov/skills; Claude/Cursor] - https://github.com/sanbir/solana-auditor-skills [Solana Auditor Skills — Rust/SVM security auditing: 105 attack vectors, 4–6 parallel agents, DeFi checklists, adversarial reasoning; Anchor/Native/Pinocchio; Claude/Cursor] - https://github.com/sanbir/move-auditor-skills [Move Auditor Skills — Sui Move security auditing: 143 attack vectors, 5–7 parallel agents, DeFi checklists, adversarial reasoning; Claude/Cursor] - https://github.com/sanbir/ton-auditor-skills [TON Auditor Skills — TON/FunC/Tact security auditing: 120 attack vectors, 4–6 parallel agents, DeFi checklists, adversarial reasoning; Jetton/NFT TEP; Claude/Cursor] ### MCP Servers - https://mcp.solana.com/ [Solana Developer MCP — official Solana and Anchor docs in Cursor/Windsurf/Claude CLI] - https://pond.dflow.net/build/mcp [DFlow MCP — spot + prediction market trading API for Solana] - https://github.com/DesideApp/deside-mcp [Deside MCP — wallet-to-wallet messaging for Solana agents, Ed25519 auth] - https://www.npmjs.com/package/@quicknode/mcp [Quicknode MCP — provision and manage Solana endpoints via natural language] - https://github.com/PraneshASP/foundry-mcp-server [foundry mcp] - https://github.com/strangelove-ventures/web3-mcp [MCP server for multi-chain RPC: Solana, Ethereum, THORChain, XRP, TON, Cardano, UTXO chains] ## 3D / Games ### 3D Graphics - https://github.com/mrdoob/three.js [JavaScript 3D Library] ### Games - https://github.com/aakarkun/unity-web3-skyrim-market [Web3 SkyRim Market - Unity] - https://github.com/0xFableOrg/0xFable [Trading card game] - https://github.com/adrianhajdin/project_web3_battle_game [Web3 NFT Card Game] - https://github.com/EkaterinaGorbunova/web3_nft_card_battle_game [Web3 NFT Card Game] - https://github.com/MoralisWeb3/unity-web3-game-kit [Unity Web3 Game Kit] - https://github.com/web3gamesofficial/web3games-blockchain [Web3Games blockchain network based on Substrate] - https://github.com/alto-io/game3.js [The Web 3.0 Game Framework] - https://github.com/proofofplay/piratenation-contracts [The Pirate Nation game] - https://github.com/MetaMask/red-balloon-game [Red Balloon] - https://github.com/apac-chainchanger/MemeSphinx [MEME Coin Riddles Game on the Flow blockchain] - https://github.com/nhuxhr/sol-connect-four [Connect Four game built on the Solana blockchain] - https://github.com/matthewegyed/BlockchainGambit [A minimalistic chess game on the blockchain using Solidity and Foundry] ## Wallet ### Source Code - https://github.com/MetaMask [MetaMask] - https://github.com/MetaMask/solana-wallet-standard [MetaMask Solana Wallet Standard] - https://github.com/MetaMask/snap-bitcoin-wallet [MetaMask Bitcoin Snap Wallet] - https://github.com/freigeist-m/monero-multisig-gui [Monero multisig wallet GUI: create and coordinate multisig wallets with privacy] - https://github.com/MetaMask/metamask-extension [MetaMask Extension] - https://github.com/MetaMask/metamask-mobile [MetaMask Mobile] - https://github.com/MetaMask/metamask-desktop [MetaMask Desktop] - https://github.com/ethereum/wallet-poc [The web3 wallet that makes crypto self-custody easy and secure via hybrid account abstraction. EIP-7702 ready] - https://github.com/coinbase/smart-wallet [ ERC-4337 compliant smart contract wallet from Coinbase] - https://github.com/samui-build/samui-wallet [Open Source wallet and toolbox for Solana builders] - https://github.com/ApeWorX/Ruffsack [A rugged multisig wallet for everyday adventures] - https://github.com/0xcregis/anychain [Multi-chain Rust wallet SDK] - https://github.com/coming-chat/wallet-SDK [Multi-chain Wallet SDK] - https://github.com/near/wallet-selector [NEAR Wallet Selector] - https://github.com/Railgun-Community/wallet [RAILGUN Wallet] ### MPC - https://github.com/coinbase/cb-mpc [Coinbase MPC Library] - https://github.com/bnb-chain/tss-lib [Threshold Signature Scheme, for ECDSA and EDDSA] - https://github.com/vultisig/mobile-tss-lib [Threshold Signature Scheme on mobile] - https://github.com/taurushq-io/multi-party-sig [Implementation of protocols for threshold signatures] - https://docs.binance.org/tss.html [Binance TSS Documentation] - https://hackmd.io/@elichai/legendrery [HD Wallets and the Legendrery PRF in MPC] - https://github.com/grempe/secrets.js [Shamir Secret Sharing (JavaScript)] - https://github.com/jesseduffield/horcrux [Shamir Secret Sharing Tool for Crypto Keys] ### Connection - https://github.com/reown-com/appkit [web] - https://github.com/rainbow-me/rainbowkit [web] - https://github.com/WalletConnect/walletconnect-monorepo [WalletConnect Monorepo] ## Development ### Smart Contract Templates - https://github.com/mattstam/solidity-template [Solidity Template] - https://github.com/gmh5225/foundry-template [Foundry Template] - https://github.com/Uniswap/foundry-template [Foundry Template] - https://github.com/risc0/risc0-foundry-template [Foundry Template for integrating RISC Zero] - https://github.com/Contract-examples/Avalanche-contract-template [Avalanche Foundry Template] - https://github.com/auditless/cairo-template [Cairo template] - https://github.com/Contract-examples/cairo-example [Cairo template] - https://github.com/rzmahmood/StarkNet-NFT-Template [A Template for deploying NFT Projects on StarkNet] - https://github.com/mart1n-xyz/eip7702-viem-demo [EIP-7702] - https://github.com/Uniswap/ERC20-eth [ERC-7914] - https://github.com/mpeyfuss/vyper-template [Vyper + Foundry Template] - https://github.com/aadeexyz/erc-8004 [ERC-8004: Trustless Agents] - https://github.com/ChaosChain/trustless-agents-erc-ri [ERC-8004: Trustless Agents] ### SDK - https://github.com/Ankr-network/game-unreal-sdk [Mirage Unreal SDK] - https://github.com/jup-ag/jupiter-amm-interface [Jupiter AMM interface crate for implementing a Solana DEX AMM] - https://github.com/magicblock-labs/Solana.Unity-SDK [Unity-Solana SDK] - https://github.com/Virus-Axel/godot-solana-sdk [Godot Solana SDK] - https://github.com/hyperledger/web3j [Lightweight Java and Android library for integration with Ethereum clients] - https://github.com/gmh5225/UUPSProxyFactorySDK [SDK of UUPSProxyFactory] - https://github.com/gmh5225/permit2-light-sdk [Light SDK of Uniswap-permit2] - https://github.com/gmh5225/Multicall3-SDK [SDK of Multicall3] - https://github.com/nhuxhr/pumpfun-rs [Rust SDK for PumpFun Solana program] - https://github.com/rckprtr/pumpdotfun-sdk [Typescript SDK for PumpFun Solana program] - https://github.com/anza-xyz/solana-sdk [Rust SDK for the Solana blockchain, used by on-chain program developers and the Agave validator] - https://github.com/hoprnet/gnosis-hosted [self-host Gnosis Safe] - https://github.com/gagliardetto/solana-go [Go SDK library and RPC client for the Solana Blockchain] ### Interaction - https://github.com/ethereum/go-ethereum [go ethereum] - https://github.com/ethereum/web3.py [py ethereum] - https://github.com/wevm/viem [js/ts Ethereum] - https://github.com/web3/web3.js [js ethereum] - https://github.com/ethers-io/ethers.js [js ethereum] - https://github.com/mhw0/libethc [c ethereum] - https://github.com/sk1122/solana-sdk [js solana] - https://github.com/evmauth/evmauth-ts [A TypeScript SDK for interacting with EVMAuth contracts] - https://github.com/loocapro/reth-bsc [A BSC-compatible Reth client implementation] ### Tools - https://github.com/infosec-us-team/onboardme [The fastest way to understand complex Solidity smart contracts] - https://github.com/swiss-knife-xyz/swiss-knife [All your EVM tools in one place] - https://github.com/EIPTools/eip-tools [Explore all EIPs, ERCs, RIPs and CAIPs easily] - https://github.com/a16z/halmos [A symbolic testing tool for EVM] - https://github.com/0xRajkumar/revm [REVM] - https://github.com/Giulio2002/gevm [Blazingly fast EVM implementation written in Golang] - https://github.com/fukaoi/smart-token-tool [SPL Token/ NFT issue tool on solana] - https://github.com/cryptoloutre/solana-tools [A bunch of tools to help people in the Solana ecosystem] - https://github.com/costa-group/EthIR [A framework for high-level Analysis of Ethereum Bytecode] - https://github.com/warp-id/solana-trading-bot [Solana Trading Bot] - https://github.com/0xKoda/llevm [Talk with EVM Bytecode using webLLM] - https://github.com/cdump/evmole [Extracts function selectors, arguments and state mutability from EVM bytecode] - https://openchain.xyz/tools/abi [Some handy tools for encoding/decoding ABI data] - https://github.com/Polymarket/agents [Trade autonomously on Polymarket using AI Agents] - https://github.com/daijro/camoufox [Anti-detect browser] - https://github.com/blockscout/blockscout [Blockchain explorer for Ethereum] - https://github.com/OpenZeppelin/openzeppelin-monitor [OpenZeppelin Monitor] - https://github.com/OpenZeppelin/openzeppelin-relayer [OpenZeppelin Relayer] - https://github.com/mush-support/mush-audit [AI-powered smart contract security analysis platform] - https://github.com/HrikB/createXcrunch [find zero-leading, zero-containing, or pattern-matching addresses for the CreateX contract factory] - https://github.com/NeurProjects/neur-app [The Intelligent Copilot for Solana] - https://github.com/Lumo-Labs-AI/lumokit [Lightweight Python AI toolkit for Solana — on-chain actions, Jupiter swaps, research] - https://aimpact.dev [AImpact — AI-powered IDE for Web3, generate and deploy Solana smart contracts] - https://github.com/GauravBurande/solana-llm-oracle [SLO — Solana LLM Oracle for on-chain AI inference in programs] - https://github.com/0xNineteen/solana-arbitrage-bot [solana arbitrage bot across multiple spot dexs] - https://github.com/D4Vinci/Scrapling [Undetectable, Lightning-Fast, and Adaptive Web Scraping for Python] - https://github.com/bengabp/dexscreener [Reverse engineering dexscreener avro encryption to fit my web scraping needs] - https://github.com/puppeteer/puppeteer [Puppeteer] - https://github.com/otter-sec/bn-ebpf-solana [Binary Ninja plugin for Solana eBPF] - https://github.com/deanmlittle/ezbpf [A simple sBPF (Solana eBPF) disassembler] - https://github.com/cpkt9762/solana-sbpf-rlib [Solana sBPF rlib files for IDA Pro signature generation] - https://github.com/franck44/evm-dis [An EVM bytecode disassembler/assembler] - https://github.com/duaraghav8/Ethlint [Code quality & Security Linter for Solidity] - https://github.com/protofire/solhint [Code quality & Security Linter for Solidity] - https://github.com/byterocket/c4udit [Static analyzer for solidity contracts based on regexs] - https://github.com/gmh5225/EthGen [A simple command-line tool written in Go to generate Ethereum wallet addresses and private keys in bulk] - https://github.com/hyperliquid-dex/hyper-evm-sync [Proof of concept to execute all transactions from genesis for the entire HyperEVM] - https://github.com/sec3-service/IDLGuesser [IDL Guesser is an open-source tool that automatically recovers the IDL information from closed-source Anchor-based Solana programs] - https://github.com/GianfrancoBazzani/evm-storage.codes [EVM Smart Contract Storage Viewer and Comparator] - https://github.com/accretion-xyz/solana-data-reverser [analyzing hex data with deep Solana blockchain integration. Perfect for examining raw binary data, Solana account structures] - https://github.com/FuzzingLabs/sol-azy [Sol-azy is a modular CLI toolchain for static analysis and reverse engineering of Solana sBPF programs] - https://github.com/FuzzingLabs/sierra-analyzer [Sierra decompiler and analyzer] - https://github.com/walnuthq/soldb [CLI debugger for Solidity and EVM] - https://github.com/argotorg/sourcify [Source code verification service for Ethereum smart contracts] - https://github.com/gmh5225/js-debugger-bypass-script [JS Debugger Bypass UserScript] - https://github.com/anza-xyz/jetstreamer [A Solana project geared towards realtime indexing, research, and backfilling with support for all epochs in the history of Solana mainnet] - https://github.com/MetaMask/eth-phishing-detect [Utility for detecting phishing domains targeting Web3 users] - https://github.com/Th0rgal/SafeLens [Offline transaction verifier for Safe multisig wallets with ERC-7730 clear signing] - https://github.com/ponder-sh/ponder [Ponder] - https://github.com/better-auth/better-auth [Better Auth] - https://github.com/libp2p [libp2p] - https://github.com/paraswap/paraswap-dex-lib [ParaSwap DEX Library] - https://github.com/OpenZeppelin/ui-builder [OpenZeppelin UI Builder: chain-agnostic form builder for smart contract interaction] - https://github.com/exchange-core/exchange-core [Ultra-fast matching engine written in Java based on LMAX Disruptor] - https://github.com/aeron-io/aeron [Efficient reliable UDP unicast, UDP multicast, and IPC message transport] ### Compilers - https://github.com/ethereum/solidity [Solidity] - https://github.com/vyperlang/vyper [Pythonic Smart Contract Language for the EVM] - https://github.com/paradigmxyz/solar [Solidity compiler, written in Rust] - https://github.com/hyperledger-solang/solang [Solidity Compiler for Solana and Polkadot] - https://github.com/solana-developers/seahorse [Write Anchor-compatible Solana programs in Python] - https://github.com/paritytech/revive [Solidity compiler for PolkaVM] - https://github.com/matter-labs/era-compiler-solidity [Solidity compiler for ZKsync] - https://github.com/matter-labs/zksolc-bin [Releases of the Solidity compiler for ZKsync] - https://github.com/ethereum/solc-bin [This repository contains current and historical builds of the Solidity Compiler] - https://github.com/alloy-rs/svm-rs [Solidity-Compiler Version Manager] - https://github.com/lmittmann/go-solc [Go Bindings for the Solidity Compiler] - https://github.com/ethereum/solc-js [Javascript bindings for the Solidity compiler] - https://github.com/ethereum/py-solc [Python wrapper around the solc Solidity compiler] - https://github.com/ApeWorX/ape-solidity [Solidity compiler plugin for the Ape Framework] - https://github.com/move-language/move-sui [Move on Aptos sui] - https://github.com/move-language/move-on-aptos [Move on Aptos] - https://github.com/matter-labs/solx [LLVM-based Solidity compiler] - https://github.com/pr0cf5/solana-llvm-compiler [Using llvm to convert an eBPF shared library to x86] ### Decompilers - https://github.com/Jon-Becker/heimdall-rs [Decompiler for EVM smart contract] - https://app.dedaub.com/ [Decompiler for EVM smart contract] - https://ethervm.io/decompile [Decompiler for EVM smart contract] - https://github.com/msuiche/porosity [Decompiler for EVM smart contract written by C++] - https://github.com/verichains/revela [Decompiler for Move smart contracts] ### Development Frameworks - https://github.com/foundry-rs/foundry [Ethereum application development] - https://github.com/coral-xyz/anchor [Solana Sealevel Framework] - https://github.com/anza-xyz/platform-tools [Customized Rust/Clang toolchain for Solana Platform] ### ZK Proofs - https://github.com/matter-labs/awesome-zero-knowledge-proofs [ZKP Guide] - https://github.com/nishuzumi/zk101 [zk101] - https://github.com/scipr-lab/libsnark [C++ library for zkSNARKs] - https://github.com/Consensys/gnark [Fast zk-SNARK library] - https://github.com/zkcrypto/bellman [zk-SNARK library] - https://github.com/zksecurity/zkbugs [Reproduce ZKP vulnerabilities] - https://github.com/google/longfellow-zk [Implementation of the Google Zero-Knowledge library for Identity Protocols] - https://github.com/TheBojda/zktree-vote [Anonymous Voting with Zero-Knowledge Proofs] - https://github.com/zkMaps/zkMaps [Zero-Knowledge Location Proofs] ### Unit Tests - https://github.com/gmh5225/forge-gui [A GUI wrapper command-line tool for Foundry Template] - https://github.com/NomicFoundation/hardhat - https://github.com/zeroknots/brokentoken [Foundry Test Suit to test weird ERC20 behavior] - https://github.com/SunWeb3Sec/DeFiLabs [On-chain test DeFi using Foundry] - https://github.com/1inch/solidity-utils [Utility Library for Smart Contracts and Testing] - https://gitlab.com/learn-web31/foundry-cheatcode [Foundry Cheatcodes Notes] ### Contract Source Code - https://github.com/EkuboProtocol/evm-contracts [Ekubo Protocol AMM smart contracts for EVM] - https://github.com/dcccrypto/percolator-stake [Percolator Insurance LP staking program on Solana — PDA-admin, Kani verification] - https://github.com/ethereum/solidity-examples [Solidity example code] - https://github.com/rdubois-crypto/FreshCryptoLib [Deprecated: cryptographic primitives for blockchain systems (Solidity/Cairo/C/Rust)] - https://github.com/OpenZeppelin/contracts-sui [OpenZeppelin contracts for the Sui Move ecosystem] - https://github.com/shafu0x/awesome-smart-contracts [awesome] - https://github.com/tangtj/bsc-contract-database [BSC] - https://github.com/smartcontractkit/smart-contract-examples [ERC] - https://github.com/thirdweb-dev/contracts [ERC] - https://github.com/tornadocash [Tornado Cash] - https://github.com/tornadocash/tornado-core [Tornado Cash Core] - https://github.com/nkrishang/tornado-cash-rebuilt [Tornado Cash rebuilt] - https://github.com/luvnft/Memecoin-BASE [MEME] - https://github.com/ITExpert0228/Meme_project [MEME] - https://github.com/jamesbachini/DEX-Arbitrage [Trading bot on NEAR Protocol] - https://github.com/Vectorized/gasback [A barebones implementation of a gasback contract that implements [RIP-7767](https://github.com/ethereum/RIPs/blob/master/RIPS/rip-7767.md)] - https://github.com/evmauth/evmauth-core [EVMAuth is an advanced implementation of the ERC-1155 token standard that enables robust EVM-based authorization for Web3 applications] - https://github.com/Contract-examples/CrimeEnjoyor [CrimeEnjoyor for EIP-7702] - https://github.com/justshiftjk/EVM-Pumpfun-Solidity-Contract [EVM version of pumpfun smart contract] ## Security - https://ai-audits.exotechnologies.xyz [Exo AI Audits — AI-powered smart contract auditing platform for Solana programs] - https://github.com/OWASP/www-project-smart-contract-top-10 [OWASP Smart Contract Top 10] - https://github.com/paradigmxyz/evmbench [Benchmark and harness for finding and exploiting smart contract bugs] - https://github.com/hannespfeiffer/evmbench-certora-agent-harness [EVMBench + Certora iterative agent harness for spec generation and refinement] - https://github.com/alt-research/SolidityGuard [Solidity/EVM smart contract security auditor — 104 vulnerability patterns, 8 tools, 100% CTF + EVMBench (120/120)] - https://github.com/TradMod/awesome-audits-checklists [A curated list of smart contracts security audits checklists] - https://github.com/crytic/awesome-ethereum-security [awesome ethereum security] - https://github.com/ArjunaSec/Awesome-Solana-checklist [awesome solana security] - https://github.com/pontifex73/rust-solana-audit-start [rust solana audit start] - https://github.com/amanusk/awesome-starknet-security [awesome starknet security] - https://github.com/sigp/solidity-security-blog [Solidity security] - https://github.com/Al-Qa-qa/bank-web3-security-tutorial [Solidity Security] - https://github.com/crytic/not-so-smart-contracts [Solidity Security] - https://github.com/Ackee-Blockchain/reentrancy-examples [Reentrancy vulnerabilities] - https://github.com/OpenZeppelin/openzeppelin-contracts [OpenZeppelin Contracts is a library for secure smart contract development] - https://github.com/banteg/legible-math [LegibleMath is a Solidity library providing readable arithmetic with compile-time constants for the letters you need to spell numbers] - https://github.com/preslavxyz/Web3-Security-Researcher-Roadmap [Web3 Security Researcher Roadmap] - https://github.com/tpiliposian/not-awesome-web3-security-roadmap [Web3 Security Researcher roadmap] - https://github.com/SunWeb3Sec [Let's make Web3 more secure] - https://defihacklabs.io/explorer/index.html [DeFiHackLabs Explorer] - https://github.com/SunWeb3Sec/DeFiHackLabs [Reproduce DeFi hacked incidents using Foundry] - https://github.com/theredguild/damn-vulnerable-defi [The smart contract security training ground for developers, security researchers and educators] - https://github.com/m14r41/PentestingEverything/tree/main/BlockChain%20Pentesting [Pentesting Checklist] - https://github.com/immunefi-team/Web3-Security-Library [web3 security and programming tutorials/tools] - https://github.com/coinspect/wallet-security-verification-standard [Wallet Security Verification Standard] - https://github.com/theexoticman/zodiac-delegatecall-guard [Zodiac DelegateCall Guard] - https://github.com/BlossomLabs/Assertions [On-chain assertions for securing DAO proposals and Safe transactions] - https://github.com/safe-fndn/safe-modules [A collection of modules that can be used with the Safe contract] - https://github.com/ZhangZhuoSJTU/Web3Bugs [Bugs in Smart Contracts] - https://github.com/kadenzipfel/smart-contract-vulnerabilities [A collection of smart contract vulnerabilities] - https://github.com/cryptostaker2/blockchain-security-audits [Security audits] - https://github.com/obheda12/Solidity-Security-Compendium [Solidity vuln] - https://github.com/0xsanny/solsec [Solana smart contract security] - https://github.com/crytic [Blockchain Security, by @trailofbits] - https://github.com/Quillhash/Solidity-Attack-Vectors [Solidity SmartContract Attack Vectors] - https://github.com/Quillhash/DeFi-Attack-Vectors [Common DeFi threat and attack vectors list] - https://github.com/crytic/building-secure-contracts [Guidelines and training material to write secure smart contracts] - https://github.com/crytic/etheno [Ethereum security analysis and testing] - https://github.com/crytic/echidna [Ethereum smart contract fuzzer] - https://github.com/trailofbits/manticore [Ethereum smart contract fuzzer] - https://github.com/fuzzland/ityfuzz [Ethereum smart contract fuzzer] - https://github.com/secureum/DeFi-Security-Summit-Stanford [DEFI Focus Smart Contract Security Capture the Flag] - https://github.com/go-outside-labs/blockchain-hacking [hacking] - https://github.com/Decurity/abi-decompiler [Recover ABI of EVM smart contracts] - https://github.com/pcaversaccio/white-hat-frontrunning [White-hat Frontrunning Scripts] - https://github.com/pcaversaccio/reentrancy-attacks [Historical Collection of Reentrancy Attacks] - https://gitlab.com/learn-web31/Permit-Phishing [Permit Phishing Demo] - https://github.com/crytic/slither [Static Analyzer] - https://mythx.io [Static Analyzer] - https://github.com/ConsenSys/mythril [Static Analyzer] - https://github.com/Picodes/4naly3er [Static Analyzer] - https://github.com/Quillhash/QuillAudit_Auditor_Roadmap [Become a Smart Contract Auditor] - https://github.com/d-xo/weird-erc20 [Weird ERC20] - https://github.com/slowmist/solana-smart-contract-security-best-practices [Solana security] - https://github.com/JoranHonig/awesome-web3-ai-security [web3 ai security] - https://github.com/Cyfrin/audit-report-templating [How to generate a PDF audit report] - https://github.com/Frankcastleauditor/public-audits [smart contract security public audits] - https://github.com/Certora/SecurityReports [smart contract security public audits] - https://github.com/Ackee-Blockchain/trident [Rust-based framework to Fuzz Solana programs, designed to help you ship secure code] - https://github.com/Ackee-Blockchain/wake [Wake is a Python-based Solidity development and testing framework with built-in vulnerability detectors] - https://github.com/numencyber/Move_Security_Course [Move Security] ## DeFi Topics ### Stablecoin - https://github.com/lakshayvaishnav/stable-coin [a decentralized stablecoin protocol on the Solana blockchain] ### Atomic Swaps - https://github.com/AthanorLabs/atomic-swap [ETH-XMR atomic swap implementation — swapd daemon and swapcli for p2p discovery, offers, and swap protocol] ### MEV - https://github.com/flashbots [for ethereum] - https://github.com/jito-foundation/jito-solana [for solana] - https://cow.fi/mev-blocker#rpc [MEV Blocker RPC]