교육 및 커뮤니티 참고 자료

Hacker Manuals & Privacy Guidelines to help the builders deliver practical privacy-enhancing projects, turn them into products, & scale being sustainable.

The Ethernaut is a community-driven capture-the-flag wargame that challenges developers of all levels to break smart contracts while learning common Solidity vulnerabilities. Maintained by OpenZeppelin, each level provides a gamified experience where a smart contract must be ‘hacked’ to progress. It is 100% open-source, with all levels contributed by players. In 2024, we have continued expanding the game, adding four new advanced levels—HigherOrder, Stake, Impersonator, and Magic Animal Carousel—which explore current vulnerabilities in smart contract development. These levels introduce challenges related to low-level EVM programming, staking vulnerabilities, signature verification exploits, and bitwise manipulation attacks, pushing players to deepen their understanding of Ethereum security. Beyond new levels, we have also redesigned the UI, added support for multiple networks, and expanded language translations to make the game more accessible to a global audience. We believe that The Ethernaut is an essential training tool for developers across the Ethereum ecosystem, including those building on the Optimism network. By continually evolving the game with new challenges and features, we strive to make smart contract security education engaging, practical, and accessible to everyone.

What is it? Solodit is an open-source, community-driven platform dedicated to improving web3 security. It aggregates over 8,000 smart contract vulnerability reports, bug bounty opportunities, and security audits from top firms like Cyfrin, OpenZeppelin and Trail of Bits, alongside contributions from individual researchers. Solodit not only aggregates this information but also makes it actionable, equipping developers and auditors with tools to prevent exploits and enhance the safety of dapps. Why is it needed? The web3 ecosystem is plagued by billions of dollars in losses due to security breaches in smart contracts and protocols. Despite the availability of security knowledge, it is fragmented across various platforms and reports, making it inaccessible to most developers and security teams. There are several problems that Solodit solves: Knowledge Gap: Many teams deploy smart contracts without understanding past vulnerabilities, leading to repeat incidents. Inefficiencies: Developers and auditors spend valuable time searching disparate sources for security insights. Economic Impact: Preventable exploits undermine trust in web3, stalling adoption and investment. By aggregating and structuring security data, Solodit enables proactive vulnerability management and risk mitigation in the Web3 ecosystem. How is it unique? Comprehensive Coverage: Aggregates findings from leading auditors and platforms, offering unmatched insights into vulnerabilities and bug bounties. Actionable Insights: Goes beyond archiving reports by providing advanced search tools and tagging systems to contextualise risks and solutions. Community-Driven Enhancements: Facilitates collaboration via ratings, tagging, and leaderboards that recognise top contributors, fostering a thriving security community. Educational Resource: This site serves as a learning hub for developers and auditors, providing real-world case studies on blockchain security. Solodit is a multipurpose tool designed to: Mitigate Risk: Helps developers avoid known vulnerabilities, reducing the likelihood of exploits. Promote Proactive Security: Enables protocols to adopt preventive measures by studying historical vulnerabilities. Streamline Bug Bounties: Simplifies participation in bounty programs, encouraging more ethical hackers to contribute to ecosystem security. Foster Skill Development: Supports auditors in honing their skills and staying updated on emerging threats. Support Decision-Making: Assists protocols in evaluating auditors via its leaderboard, promoting accountability and quality audits. Who is it for? Developers: Seeking to secure their smart contracts and understand vulnerability trends. Auditors: Looking to access a comprehensive repository of findings and showcase their expertise. Whitehat Hackers: Interested in participating in bug bounty programs and contributing to web3 security. Protocol P&E teams: Aiming to assess risks and prevent costly exploits. Educators and Researchers: Teaching or studying blockchain security with real-world examples, e.g. Cyfrin Updraft. Still to come: UI/UX redesign Power Aderyn, static analysis support