Gaining the most elusive of tips. Add your input and let’s collect them all!

General Tips & Suggestions

1. Did you know that you can utilize VSCode on your iPad (preferably with a Magic Keyboard) using the Blink App? If not, watch the following video! I hope you find this tip useful in your work!

2. Clone any project, then upload extension into vscode, 2nd link -> add key from sourcegraph, select the contract and the AI analyzes the structure of your project for you! Check out this example!

3. Try auditwizard.io - revolutionize your workflow today!

4. Check out pre-built security properties for commonly forked DeFi protocols.

5. MEV / Sandwich / Front-run & Back-run: Compilation & advanced info.

6. Try Slither Detectors by Pessimistic.io & check out SolCurity.

7. Give a try: Pyrometer & Sporalyzer.

8. Explore Web3 with full confidence guarded by Web3Antivirus security browser extension & learn evm attacks!

9. Try using obsidian.md for notes! & check out Audit Quality!

10. Check out R.xyz (link!) and apply for a closed beta (here)!

11. Follow my own blog & Hexens' blog!

12. This project was created to support Code4rena Bot Races with useful stats and tools. Read more about it here & try 4naly3er!

13. Bot Racing: The Rise of Web3 Bots. & Code4Rena Bot Racing explained!

14. Check out GasBad which is an open-source project that evaluates gas efficiency in Solidity libraries!

15. Try out this tool - it scans constructor of solidity smart contract for checks to zero address.

16. DeFi Common Fork Bugs List.

17. Try using Semgrep rules for smart contracts based on DeFi exploits!

18. Complete this set of tasks & check out this curated list of web3Security materials and resources For Pentesters and Bug Hunters!

19. Let's break down such a concept as mind-mapping - study this list & check out AuditorsRoadmap mind-map!

20. How To Learn Fast?

Tools & Services

• sol2uml

• tx2uml

• EVM - Draw & link

• openchain.xyz

• Vscode Solidity Inspector

• EVM Slot Reader

• heimdall-rs

• EVM Bench

• Function Selector Miner

• explorer.swiss-knife.xyz

• Solhunt

• Solsec

• Gas Gauge

• ityfuzz

• evmdiff.com

• contract-diff.xyz

• x48.tools/diff

• bytegraph.xyz

• lcov-parse

• EVM cfg

• Check external calls in a contract

• evm.storage

• contractreader.io

• Tatum Explorer

• cadcad.org

• With this tool you can search across a half million git repos!

• Hardhat Gas Reporter

• Get Ethereum block number by a given date.

• Hardhat plugin for exporting the contract storage layout.

• Allowing smart contract developers to do simulation driven development via an EVM emulator.

• Memory Strux

• tecommons.org

• Octopus

• Solidity rlp Encode

• Dune to CSV

• Duneanalytics Tools

• machinations.io

• tenderly.co

• impersonator.xyz

• A 4-hr smart contract fuzzer speed run.

• Fuzzing cryptographic libraries. Magic bug printer go brrrr.

Useful Resources — by officercia.eth

• Navigation Page

• BalancerV1 Integration Tips

• Meta-Transactions: General Overview

• CurveV1 Integration Tips

• Auditing Projects on the NEAR Blockchain: From Zero to Hero

• Reentrancy Attacks on Smart Contracts Distilled

• Gas Gauge: Pressure Control

• Short Types in Solidity: Rare Tricks Uncovered

• Fuzzing Solidity Smart Contracts with Echidna: Die-Hard Level Tips

• Slither: An Auditor’s Cornucopia

• Per Aspera ad Astra: How to become a smart contract auditor & bugbounty-hunter

• Tenderly App — a Swiss Pocketknife for the Web3 developer

• Convex Finance DeFi Integration Tips

• Auditing Tips for NFT Projects

• AAVE V3 DeFi Integration Tips

• AAVE V3 DeFi Integration: Specifications

• Slitherin Timeline 2.0

• Compound v2 DeFi Integration: Specifications

• Compound v2 DeFi Integration Tips

• Oracles, Entropy & Chainlink VRF Secure Integration Tips

• Chainlink VRF Secure Integration Tips: Specifications

• Auditor’s Notes: Semantic Grep & Solidity

• Price & Reward Manipulation Attacks Distilled

• Read-only Reentrancy: In-Depth

• Web3 Security Distilled

• Arbitrum: Basic Features, Technical Details and Differences from Ethereum

• AMM (Automatic Market Makers) Integration Tips

• Web3 Security Distilled 2.0

• Auditor’s Notes: Semantic Grep & Solidity 2.0

• Auditor’s Notes: ERC20 Integration Tips

• Auditor’s Advice: Math, Solidity & Gas Optimizations | Part 1/3

• Auditor’s Advice: Solidity Checklist & Reentrancy Attack | Part 2/3

• Auditor’s Advice: EVM Limitations & Assembly Auditing Tips | Part 3/3

• Auditor’s Notes: Initializing, Proxy, Oracles & Multi-Chain

• Auditor’s Notes: Tokens, EIP-712 & Meta-Transactions

• Remediate Web3: R.xyz

• Arbitrary Calls & New Slitherin Detector Release

Awesome GitHub Lists

• DeFi Developer Road Map

• Awesome On-Chain Forensic HandBook

• Ultimate DeFi & Blockchain Research Base

• The Atypical OSINT Guide

Additional Resources

• MVP for OpSec

• The ultimate framework to best secure your Dapp and optimize the money spent on security reviews.

• Zk Proofs Explained

• On Bitcon Custody...

• Join my TG folder!

• All About Tenderly Sandbox

• Vault Math - How much shares to mint? How much token to withdraw?

• Foundry Cheatsheet

• Yet Another Audit DB

• Template repository intended to ease fuzzing components of Solidity projects, especially libraries.

• An interactive Solidity shell with lightweight session recording and remote compiler support.

• Gas Numbers Every Solidity Dev Should Know!

• This repository contains projects implementing both low-level and high-level concepts of Solidity in an incremental learning pattern!

• Learn how to build on Ethereum; the superpowers and the gotchas.

• This is a course for hackers, programmers, and software engineers who learn by doing!

• Smart Contracts Security by Ethereum.org

• Re-entrancy Attack Patterns List

• This project aims to curate a comprehensive list of independently hosted bug bounty programs within the Web3 ecosystem that offer substantial rewards, with payouts ranging into six figures.

• To learn common smart contract vulnerabilities using Foundry!

• The difference between Auditor and Security Researcher

• This Repository contains list of Common NFT Attack Vectors.

• NFT Attacks List

• Single-command flamegraph profiling Tool

• High Severity Findings List

• An Ethers.js compatible signer that connects to AWS KMS.

• Ethereum EVM illustrated

• Blockchain dark forest selfguard handbook. Master these, master the security of your cryptocurrency.

• Smart Contract Security Verification Standard

• Immunefi PoC Templates

• Foundry Forge Coverage

• Audit Techniques & Tools 101

• State of the art of detection evasion, for web3 malware.

• EEA EthTrust Security Levels Specification v1

• Flash Crash for Cash: Cyber Threats in Decentralized Finance

• This repo contains a comprehensive list of smart contract auditor tools and techniques that can be utilized by both smart contract auditors and blockchain developers for developing secure smart contracts

• Robust, open-source contract verification for the EVM.

• Roadmap for Web3/Smart Contract Hacking | 2022

• Information about web3 security and programming tutorials/tools

• What happens when you send 1 DAI

• How to Read Smart Contracts

• Bytes032 Blog

• Pentacle Security List

• list of FREE resources to make Web3 accessible to everyone.

• How to understand EVM byte code...

• Awesome Blogs & Explanation

Front-end Security

• Frontend Security, Web2 vs Web3 Bugs

• Scroll Workshop Rust House

• DApp Frontend Security

• MVP for OpSec

Work…?

• Web3 Security Distilled 2.0

• Crypto Jobs List - Main

• web3.smsunarto.com

• hexens.io/careers

• 2023 Global Crypto Events & Hackathons

• Check out R.xyz (link!) and apply for a closed beta (here)!

• Crypto Telegram & Discord Channels & Chats

• Jobsincrypto

• CryptoJobsList

• Jobs TG Folder

• LobsterHR

• DeveloperDAO

• LidoGrants

• GitCoin

• anonfriendly.com

• Web3grants

• hackathons.live

• hackenproof.com

• bbscope

• immunefi.com

• code4rena.com

• sherlock.xyz

• spearbit.com

• Web3SecurityDAO

• WHITE HAT DAO

• Hats.Finance

• crypto-jobs-fyi.github.io

• auditjobs.xyz

• intropia.io/hire

• solodit.xyz

• www.jobstash.xyz

• frontrunnrs.xyz

• www.jobprotocol.xyz

Support

The best thing is to support me directly by donating to my address on Ethereum Main-net or any of the compatible networks or to any address from the list below:

• 0xB25C5E8fA1E53eEb9bE3421C59F6A66B786ED77A — ERC20 & ETH officercia.eth

• 17Ydx9m7vrhnx4XjZPuGPMqrhw3sDviNTU — BTC

• 4AhpUrDtfVSWZMJcRMJkZoPwDSdVG6puYBE3ajQABQo6T533cVvx5vJRc5fX7sktJe67mXu1CcDmr7orn1CrGrqsT3ptfds — Monero/XMR

• You can also support me by minting one of my Mirror articles NFTs!

Thank you!