Smart Contract Security (EVM / Solidity)
Scope
Use this skill when working on:
- •Solidity/EVM auditing resources
- •EVM vulnerability categories and examples
- •Tooling for contract analysis (static, dynamic, fuzzing)
Common Vulnerabilities (Cheat Sheet)
- •Reentrancy
- •Access control bugs
- •Price oracle manipulation
- •MEV / sandwich / frontrunning
- •Flash loan enabled logic flaws
- •Precision / rounding / decimal mismatch
- •Signature and permit mistakes (EIP-2612 / Permit2)
- •Upgradeability mistakes (UUPS / Transparent)
Recommended Review Workflow
- •Threat model: assets, trust boundaries, privileged roles
- •State machine: invariants, transitions, edge cases
- •Access control: ownership, roles, upgrade admin
- •External calls: reentrancy, callback surfaces, token hooks
- •Economic analysis: pricing, liquidity, oracle, incentives
- •Testing: unit tests + fuzzing + invariant tests
- •Reporting: severity, exploitability, PoC, remediation
Where to Add Links in README
- •New analyzers/fuzzers:
Development → ToolsorSecurity(choose primary) - •Audit methodologies/standards:
Security - •Practice labs/CTFs:
Security Starter Pack → CTFs / Practice - •Audit report portfolios:
Security Starter Pack → Audit Reports
Notes
Keep additions:
- •English descriptions
- •Non-duplicated URLs
- •Minimal structural changes
Data Source
For detailed and up-to-date resources, fetch the full list from:
code
https://raw.githubusercontent.com/gmh5225/awesome-web3-security/refs/heads/main/README.md