# Public Oak Security Resources Below you can find a list of resources related to security advisory and auditing. It includes interviews on general topics, talks at conferences, podcasts, and written articles. For the reader’s convenience, resources have been classified into different categories depending on the technology that is discussed. ## Working with us πŸ“„ [Our unique multi-layered approach to security audits](https://medium.com/oak-security/there-is-no-perfect-methodology-our-unique-multi-layered-approach-to-security-audits-15e6a9fc7c0f) πŸ“„ [What is an audit?](https://youtu.be/Z-uFw4qhFR0) - **Oak Security** YouTube channel **How to prepare** for a security audit? - 🎬 [Oak Security YouTube channel, 2023](https://youtu.be/uC_s2vtnsKk) - πŸ“„ [2021 written post](https://medium.com/oak-security/how-to-prepare-for-a-blockchain-security-audit-6da3c1ad1683) 🎬 [Do You Even Audit?](https://www.youtube.com/watch?v=o4ZvxwH9Cd8) with Stefan Beyer - 🎧 Also available in [iVoox](https://www.ivoox.com/stefan-beyer-do-you-even-audit-audios-mp3_rf_113658892_1.html) ## General Security πŸ“„ [Exploring the Evolving Landscape of Web3 Security](https://www.linkedin.com/pulse/exploring-evolving-landscape-web3-security-stefan-beyer/) with **Stefan Beyer** 🎬 [The Confusing World of Smart Contract Security](https://www.youtube.com/watch?v=iPFZcsQ2Jeg&t=1835s) with Stefan Beyer at **ETH Barcelona 2023** 🎬 [The Sorry State of DeFi Security](https://youtu.be/w7M0e1hg0FE) - **Oak Security** YouTube channel 🎬 [Blockchain Bridges, Hacks, and Security](https://youtu.be/grmzAU1Ae4Q) - **Oak Security** YouTube channel 🎧 [BlockHash Podcast](https://www.youtube.com/watch?v=CYbaC6ioyAY) with **Stefan Beyer** 🎧 [BlockHash Podcast EP. 272](https://www.youtube.com/watch?v=q3r4IDfENzM) with **Eduard Kotysh**, founder of Solidified 🎧 [The Accountant Quits Podcast: Introduction to Smart Contract Audits](https://www.theaccountantquits.com/podcast/on-smart-contract-audits) with **Stefan Beyer** ## Solidity/EVM βœ… [Ethereum/EVM audit checklist](https://github.com/oak-security/resources/blob/main/checklists/Ethereum%20Smart%20Contract%20Audit%20Checklist.pdf) πŸ“„ [What has changed in Smart Contract Security? A Five-Year Experience Report](https://medium.com/oak-security/what-has-changed-in-smart-contract-security-a-five-year-experience-report-daab68bbf65c) Deep dive into the main **components of ERC-4337**: Account Abstraction Using Alt Mempool - πŸ“„ [Part 1](https://medium.com/oak-security/a-deep-dive-into-the-main-components-of-erc-4337-account-abstraction-using-alt-mempool-part-1-3a1ed1bd3a9b) - πŸ“„ [Part 2](https://medium.com/oak-security/a-deep-dive-into-the-main-components-of-erc-4337-account-abstraction-using-alt-mempool-part-2-0c62617d9ebe) - πŸ“„ [Part 3](https://medium.com/oak-security/a-deep-dive-into-the-main-components-of-erc-4337-account-abstraction-using-alt-mempool-part-3-6d721ff45f5f) - πŸ“„ [Part 4](https://medium.com/oak-security/a-deep-dive-into-the-main-components-of-erc-4337-account-abstraction-using-alt-mempool-part-4-ab7dacbf64d4) Analysis of **Solidity/EVM vulnerabilities** from our audits: - πŸ“„ [Ether.fi critical issue](https://twitter.com/SolidifiedHQ/status/1749382946014826496) ## Cosmos SDK/CosmWasm βœ… [CosmWasm audit checklist](https://github.com/oak-security/resources/blob/main/checklists/CosmWasm%20Smart%20Contract%20Audit%20Checklist.pdf) 🎬 [Learnings from 100+ CosmWasm Audits](https://www.youtube.com/watch?v=9rOjEnolxWQ) with **Philip Stanislaus** at **AwesomWasm 2023** 🎬 [Panel on CosmWasm Security](https://youtu.be/VNwoLZZSoYs?feature=shared&t=8415) with the participation of **Philip Stanislaus** at **AwesomWasm 2023** Oak Security **Capture The Flag** (CTF) - **AwesomWasm 2023**: - 🎬 [Online Event Kick-off](https://youtube.com/live/YIb3UsLxlbQ) - πŸ“„ [Solution️ writeups Pt. 1](https://medium.com/oak-security/capture-the-flag-%EF%B8%8Fwriteups-awesomwasm-2023-pt-1-a40c6e506b49) - πŸ“„ [Solution️ writeups Pt. 2](https://medium.com/oak-security/capture-the-flag-%EF%B8%8Fwriteups-awesomwasm-2023-pt-2-cb3e9b297c0) CosmWasm **security spotlight** series: - πŸ“„ [#1 Unsaved storage changes](https://medium.com/oak-security/cosmwasm-security-spotlight-1-cba294b27ea2) - πŸ“„ [#2 Access controls](https://medium.com/oak-security/cosmwasm-security-spotlight-2-3b8abeb066a1) - πŸ“„ [#3 Address validation and normalization](https://medium.com/oak-security/cosmwasm-security-spotlight-3-2b11f36fd61) - πŸ“„ [#4 Rounding issues](https://medium.com/oak-security/cosmwasm-security-spotlight-4-b5ba69b96c5f) Analysis of **CosmWasm vulnerabilities** from our audits: - πŸ“„ [Astroport Incentives](https://twitter.com/SecurityOak/status/1763592602429919341) - πŸ“„ [Astroport transmuter pool](https://twitter.com/SecurityOak/status/1788893107506827716) Analysis of **Cosmos SDK vulnerabilities** from our audits: - πŸ“„ [ICS audit's critical issue 1](https://twitter.com/SecurityOak/status/1734140573626630256) - πŸ“„ [ICS audit's critical issue 2](https://twitter.com/SecurityOak/status/1734140573626630256) - πŸ“„ [Noble Tariff critical issue 1](https://twitter.com/SecurityOak/status/1737395780409864533) - πŸ“„ [Noble Tariff critical issue 2](https://twitter.com/SecurityOak/status/1738129503967162571) - πŸ“„ [Fairblock critical issue 1](https://twitter.com/SecurityOak/status/1760583906108088518) - πŸ“„ [Fairblock critical issue 2](https://twitter.com/SecurityOak/status/1760583906108088518) ## Insights From Incidents πŸ“„ [Lessons on Supply Chain Security that Can Be Learned From the Vyper Exploit](https://medium.com/oak-security/lessons-on-supply-chain-security-that-can-be-learned-from-the-vyper-exploit-50f8e1e4b154) πŸ“„ [Give me Warnings! Tornado Cash’s Proposal Incident](https://medium.com/oak-security/give-me-warnings-tornado-cashs-proposal-incident-e70d125aa52c) πŸ“„ [About the recent Solana Private Key Scare: What Builders Can Learn](https://medium.com/oak-security/about-the-recent-solana-private-key-scare-what-builders-can-learn-ed66bdfad0b6) ## Oak Branding and Logo/Media/Press Kit See our [brand directory](./brand)