Back to Details

smart-contract-security

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Smart Contract Security (EVM / Solidity)

智能合约安全(EVM / Solidity)

Scope

适用范围

Use this skill when working on:
  • Solidity/EVM auditing resources
  • EVM vulnerability categories and examples
  • Tooling for contract analysis (static, dynamic, fuzzing)
在处理以下工作时可使用本指南:
  • Solidity/EVM 审计资源
  • EVM 漏洞类别及示例
  • 合约分析工具(静态、动态、模糊测试)

Common Vulnerabilities (Cheat Sheet)

常见漏洞(速查表)

  • Reentrancy
  • Access control bugs
  • Price oracle manipulation
  • MEV / sandwich / frontrunning
  • Flash loan enabled logic flaws
  • Precision / rounding / decimal mismatch
  • Signature and permit mistakes (EIP-2612 / Permit2)
  • Upgradeability mistakes (UUPS / Transparent)
  • 重入攻击
  • 访问控制漏洞
  • 价格预言机操纵
  • MEV / 三明治攻击 / 抢先交易
  • 闪贷引发的逻辑缺陷
  • 精度 / 舍入 / 小数位不匹配
  • 签名与 permit 错误(EIP-2612 / Permit2)
  • 可升级性错误(UUPS / 透明代理)

Recommended Review Workflow

推荐审查工作流

  1. Threat model: assets, trust boundaries, privileged roles
  2. State machine: invariants, transitions, edge cases
  3. Access control: ownership, roles, upgrade admin
  4. External calls: reentrancy, callback surfaces, token hooks
  5. Economic analysis: pricing, liquidity, oracle, incentives
  6. Testing: unit tests + fuzzing + invariant tests
  7. Reporting: severity, exploitability, PoC, remediation
  1. 威胁建模:资产、信任边界、特权角色
  2. 状态机校验:不变量、状态转换、边界场景
  3. 访问控制检查:所有权、角色、升级管理员权限
  4. 外部调用检查:重入风险、回调面、代币钩子
  5. 经济分析:定价、流动性、预言机、激励机制
  6. 测试验证:单元测试 + 模糊测试 + 不变量测试
  7. 报告输出:严重等级、可利用性、PoC、修复方案

Where to Add Links in README

README 中链接添加位置

  • New analyzers/fuzzers: 
    Development → Tools
    or 
    Security
    (choose primary)
  • Audit methodologies/standards: 
    Security
  • Practice labs/CTFs: 
    Security Starter Pack → CTFs / Practice
  • Audit report portfolios: 
    Security Starter Pack → Audit Reports
  • 新增分析器/模糊测试工具:
    Development → Tools
    Security
    (选择主要归属类别)
  • 审计方法论/标准:
    Security
  • 练习靶场/CTF:
    Security Starter Pack → CTFs / Practice
  • 审计报告合集:
    Security Starter Pack → Audit Reports

Notes

注意事项

Keep additions:
  • English descriptions
  • Non-duplicated URLs
  • Minimal structural changes
新增内容需符合以下要求:
  • 英文描述
  • 无重复 URL
  • 尽量减少结构改动

Data Source

数据源

For detailed and up-to-date resources, fetch the full list from:
https://raw.githubusercontent.com/gmh5225/awesome-web3-security/refs/heads/main/README.md
如需获取详细的最新资源,可从以下地址获取完整列表:
https://raw.githubusercontent.com/gmh5225/awesome-web3-security/refs/heads/main/README.md