Smart Contract Security (EVM / Solidity)

Scope

Use this skill when working on:

• Solidity/EVM auditing resources

• EVM vulnerability categories and examples

• Tooling for contract analysis (static, dynamic, fuzzing)

Common Vulnerabilities (Cheat Sheet)

• Reentrancy

• Access control bugs

• Price oracle manipulation

• MEV / sandwich / frontrunning

• Flash loan enabled logic flaws

• Precision / rounding / decimal mismatch

• Signature and permit mistakes (EIP-2612 / Permit2)

• Upgradeability mistakes (UUPS / Transparent)

Recommended Review Workflow

• Threat model: assets, trust boundaries, privileged roles

• State machine: invariants, transitions, edge cases

• Access control: ownership, roles, upgrade admin

• External calls: reentrancy, callback surfaces, token hooks

• Economic analysis: pricing, liquidity, oracle, incentives

• Testing: unit tests + fuzzing + invariant tests

• Reporting: severity, exploitability, PoC, remediation

Where to Add Links in README

• New analyzers/fuzzers: Development → Tools or Security (choose primary)

• Audit methodologies/standards: Security

• Practice labs/CTFs: Security Starter Pack → CTFs / Practice

• Audit report portfolios: Security Starter Pack → Audit Reports

Notes

Keep additions:

• English descriptions

• Non-duplicated URLs

• Minimal structural changes

Data Source

For detailed and up-to-date resources, fetch the full list from:

https://raw.githubusercontent.com/gmh5225/awesome-web3-security/refs/heads/main/README.md