|
| 1 | +# Building Secure Smart Contracts |
| 2 | + |
| 3 | +   |
| 4 | + |
| 5 | +Brought to you by [Trail of Bits](https://www.trailofbits.com/), this repository offers guidelines and best practices for developing secure smart contracts. Contributions are welcome, you can contribute by following our [contributing guidelines](https://github.com/crytic/building-secure-contracts/blob/master/CONTRIBUTING.md). |
| 6 | + |
| 7 | +**Table of Contents:** |
| 8 | + |
| 9 | +- [Development Guidelines](./src/development-guidelines) |
| 10 | + - [Code Maturity](./src/development-guidelines/code_maturity.md): Criteria for developers and security engineers to use when evaluating a codebase’s maturity |
| 11 | + - [High-Level Best Practices](./src/development-guidelines/guidelines.md): Best practices for all smart contracts |
| 12 | + - [Incident Response Recommendations](./src/development-guidelines/incident_response.md): Guidelines for creating an incident response plan |
| 13 | + - [Secure Development Workflow](./src/development-guidelines/workflow.md): A high-level process to follow during code development |
| 14 | + - [Token Integration Checklist](./src/development-guidelines/token_integration.md): What to check when interacting with arbitrary tokens |
| 15 | +- [Learn EVM](./src/learn_evm): Technical knowledge about the EVM |
| 16 | + - [EVM Opcodes](./src/learn_evm/evm_opcodes.md): Information on all EVM opcodes |
| 17 | + - [Transaction Tracing](./src/learn_evm/tracing.md): Helper scripts and guidance for generating and navigating transaction traces |
| 18 | + - [Arithmetic Checks](./src/learn_evm/arithmetic-checks.md): A guide to performing arithmetic checks in the EVM |
| 19 | + - [Yellow Paper Guidance](./src/learn_evm/yellow-paper.md): Symbol reference for easier reading of the Ethereum yellow paper |
| 20 | + - [Forks <> EIPs](./src/learn_evm/eips_forks.md): Summaries of the EIPs included in each Ethereum fork |
| 21 | + - [Forks <> CIPs](./src/learn_evm/cips_forks.md): Summaries of the CIPs and EIPs included in each Celo fork _(EVM-compatible chain)_ |
| 22 | + - [Upgrades <> TIPs](./src/learn_evm/tips_upgrades.md): Summaries of the TIPs included in each TRON upgrade _(EVM-compatible chain)_ |
| 23 | + - [Forks <> BEPs](./src/learn_evm/beps_forks.md): Summaries of the BEPs included in each BSC fork _(EVM-compatible chain)_ |
| 24 | +- [Not So Smart Contracts](./src/not-so-smart-contracts): Examples of common smart contract issues, complete with descriptions, examples, and recommendations |
| 25 | + - [Algorand](./src/not-so-smart-contracts/algorand) |
| 26 | + - [Cairo](./src/not-so-smart-contracts/cairo) |
| 27 | + - [Cosmos](./src/not-so-smart-contracts/cosmos) |
| 28 | + - [Substrate](./src/not-so-smart-contracts/substrate) |
| 29 | + - [Solana](./src/not-so-smart-contracts/solana) |
| 30 | +- [Program Analysis](./src/program-analysis): Using automated tools to secure contracts |
| 31 | + - [Echidna](./src/program-analysis/echidna): A fuzzer that checks your contract's properties |
| 32 | + - [Slither](./src/program-analysis/slither): A static analyzer with both CLI and scriptable interfaces |
| 33 | + - [Manticore](./src/program-analysis/manticore): A symbolic execution engine that proves the correctness of properties |
| 34 | + - For each tool, this training material provides: |
| 35 | + - A theoretical introduction, an API walkthrough, and a set of exercises |
| 36 | + - Exercises that take approximately two hours to gain practical understanding |
| 37 | +- [Resources](./src/resources): Assorted online resources |
| 38 | + - [Trail of Bits Blog Posts](./src/resources/tob_blogposts.md): A list of blockchain-related blog posts created by Trail of Bits |
| 39 | + |
| 40 | +# License |
| 41 | + |
| 42 | +secure-contracts and building-secure-contracts are licensed and distributed under the [AGPLv3 license](https://github.com/crytic/building-secure-contracts/blob/master/LICENSE). Contact us if you're looking for an exception to the terms. |
0 commit comments