From 8c13c534f15009118f5fca667f1210b9f9d808c3 Mon Sep 17 00:00:00 2001
From: Harendra Shakya <harendrashakya125@gmail.com>
Date: Sat, 7 Jan 2023 20:28:29 +0530
Subject: [PATCH] add: tools and ctfs

---
 README.md                             | 30 +++++++++++----------
 tools-and-ctfs/CTFs.md                | 19 ++++++++++++++
 tools-and-ctfs/Web3_Security_Tools.md | 38 +++++++++++++++++++++++++++
 3 files changed, 73 insertions(+), 14 deletions(-)
 create mode 100644 tools-and-ctfs/CTFs.md
 create mode 100644 tools-and-ctfs/Web3_Security_Tools.md

diff --git a/README.md b/README.md
index a22dfa7..2a3fd04 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,12 @@
-## List of Security Vulnerabilities
+# Smart contract attack vectors
+
+The Goal of this repo to have possible smart contract vulnerabilities and resources to learn.
+
+Feel free to submit a pull request, with anything from small fixes to docs or tools you'd like to add.
+
+[![Support Project](https://img.shields.io/badge/Support-Project-critical)](https://github.com/harendra-shakya/support/blob/main/README.md)
 
-[![Support Project](https://img.shields.io/badge/Support-Project-critical)](https://github.com/harendra-shakya/support/blob/main/README.md) 
+## List of Security Vulnerabilities
 
 - [Access Control](attack-vectors/Access_Control.md)
   - [Authentication With tx.origin](attack-vectors/Access_Control.md/#authentication-with-txorigin)
@@ -69,22 +75,18 @@
 
 #
 
-# References
-
-[SWC Registry](https://swcregistry.io/)
+## [CTFs](tools-and-ctfs/CTFs.md)
 
-[Sigmaprime Solidity Security](https://blog.sigmaprime.io/solidity-security.html)
+## [Security Tools](tools-and-ctfs/Web3_Security_Tools.md)
 
-[Consensys Best Practices](https://consensys.github.io/smart-contract-best-practices/known_attacks/)
-
-[DASP-Top 10](https://www.dasp.co/)
+#
 
-[Solidity Documentation: Security Considerations](https://docs.soliditylang.org/en/latest/security-considerations.html)
+# Other useful resources
 
-[Ethereum Wiki: Safety](https://github.com/ethereum/wiki/wiki/Safety)
+- [The Auditors Book](https://theauditorbook.com/)
 
-[Trail of Bits Reference List](https://github.com/crytic/awesome-ethereum-security)
+- [CryptoFin Solidity Auditing Checklist](https://github.com/cryptofinlabs/audit-checklist)
 
-[DeFi-Threat](https://github.com/manifoldfinance/defi-threat)
+- [SWC Registry](https://swcregistry.io/)
 
-[Runtimeverification - List-of-Security-Vulnerabilties](https://github.com/runtimeverification/verified-smart-contracts/wiki/List-of-Security-Vulnerabilities)
+- [Trail of Bits Reference List](https://github.com/crytic/awesome-ethereum-security)
diff --git a/tools-and-ctfs/CTFs.md b/tools-and-ctfs/CTFs.md
new file mode 100644
index 0000000..dcb4cfb
--- /dev/null
+++ b/tools-and-ctfs/CTFs.md
@@ -0,0 +1,19 @@
+The best way to improve your security skills is by playing CTFs.
+
+## CTFs to Enhance your Solidity Skills
+
+- [Damn Vulnerable DeFi](https://damnvulnerabledefi.xyz)
+
+- [Ethernaut](https://ethernaut.openzeppelin.com)
+
+- [Capture the Ether](https://capturetheether.com)
+
+- [Immunefi Community Challenges](https://github.com/immunefi-team/community-challenges)
+
+- [Ethereum Hacker](https://ethereumhacker.com/)
+
+- [EtherHack](https://etherhack.positive.com/#/)
+
+## Resources
+
+- [Ethernaut All Level Solutions](https://www.youtube.com/playlist?list=PLiAoBT74VLnmRIPZGg4F36fH3BjQ5fLnz)
diff --git a/tools-and-ctfs/Web3_Security_Tools.md b/tools-and-ctfs/Web3_Security_Tools.md
new file mode 100644
index 0000000..34636f7
--- /dev/null
+++ b/tools-and-ctfs/Web3_Security_Tools.md
@@ -0,0 +1,38 @@
+## Tools
+
+### Visualization
+
+- [ethereum-graph-debugger](https://github.com/fergarrui/ethereum-graph-debugger) - A graphical EVM debugger. Displays the entire program control flow graph.
+- [Slither](https://github.com/trailofbits/slither) - Slither can map method visibility and modifiers, state variables that are read and written, calls, and can print the inheritance graph of a smart contract
+- [Solgraph](https://github.com/raineorshine/solgraph) - Generates DOT graphs with function control flow of a solidity contract
+- [Surya](https://github.com/ConsenSys/surya) - Generates various visual outputs of function call graphs
+- [sol-function-profiler](https://github.com/EricR/sol-function-profiler) - Solidity contract function profiler
+
+### Linters
+
+- [Remix](https://remix.ethereum.org/) - Browser-based Solidity IDE with linting features
+- [Solhint](https://github.com/protofire/solhint) - Linter for both security and style-guide validations. It strictly adheres to the [Solidity Style Guide](https://solidity.readthedocs.io/en/latest/style-guide.html).
+- [Ethlint](https://github.com/duaraghav8/Ethlint) - Linter for both security and style-guide validations. Does not strictly adhere to the Solidity Style Guide.
+
+### Bug finding tools
+
+- [Echidna](https://github.com/trailofbits/echidna) - Fuzzer for Ethereum smart contracts. Uses property testing to generate malicious inputs that break smart contracts.
+- [Manticore](https://github.com/trailofbits/manticore) - Symbolic execution tool for Ethereum smart contracts that includes detectors for common security flaws
+- [Mythril](https://github.com/ConsenSys/mythril/) - Open-source security analysis tool for Ethereum smart contracts built around detector modules
+- [Securify v2](https://github.com/eth-sri/securify2) - Static analysis tool from ChainSecurity
+- [Slither](https://github.com/trailofbits/slither) - Static analysis framework, written in Python, with detectors for many common Solidity issues
+
+### Verification tools
+
+- [KEVM](https://github.com/kframework/evm-semantics) - K Semantics of the Ethereum Virtual Machine (EVM)
+- [Manticore](https://github.com/trailofbits/manticore) - Symbolic execution tool for EVM
+
+### Reversing tools
+
+- [abi-decompiler](https://github.com/beched/abi-decompiler) - EVM reverse engineering helper utility
+- [ethereum-dasm](https://github.com/tintinweb/ethereum-dasm) - EVM disassembler with static and dynamic analysis abilities, including function signature lookup
+- [Ethersplay](https://github.com/trailofbits/ethersplay) - Visual disassembler for EVM bytecode built on Binary Ninja
+- [evmlab](https://github.com/ethereum/evmlab) - Utilities for interacting with the Ethereum virtual machine
+- [IDA-EVM](https://github.com/trailofbits/ida-evm) - IDA plugin to view EVM instructions
+- [pyevmasm](https://github.com/trailofbits/pyevmasm) - EVM assembler and disassembler with a CLI and a Python API
+- [Rattle](https://github.com/trailofbits/rattle) - EVM binary static analysis framework. Produces SSA representations of EVM code.