awesome-web3-security

A curated list of Web3 Security materials and resources for Pentesters and Bug Hunters.

If you find that some links are not working, you can simply replace the username with gmh5225. 
Or you can send an issue for me.

Show respect to all the projects below, perfect works of art 🫡

How to contribute?

• https://github.com/HyunCafe/contribute-practice
• https://docs.github.com/en/get-started/quickstart/contributing-to-projects

Skills for AI Agents

This repository provides skills that can be used with AI agents and coding assistants such as Cursor, OpenClaw, Claude Code, Codex CLI, and other compatible tools. Install skills to get specialized knowledge about Web3 security topics.

View on learn-skills.dev

Installation:

npx skills add https://github.com/gmh5225/awesome-web3-security --skill <skill-name>

Available Skills:

Skill	Description
mev-security	MEV concepts, common attacks, and mitigations
awesome-web3-security-overview	Understanding and contributing to this resource list
smart-contract-security	EVM/Solidity smart contract security
solana-security	Solana/Sealevel security research
web3-security-tooling	Security tooling (analyzers, fuzzers, decompilers)
wallet-security	Wallet security (MPC/TSS, key management, phishing)

Example:

# Install smart contract security skill
npx skills add https://github.com/gmh5225/awesome-web3-security --skill smart-contract-security

# Install multiple skills
npx skills add https://github.com/gmh5225/awesome-web3-security --skill solana-security --skill wallet-security

Security Starter Pack

• CTFs / Practice

  • https://capturetheether.com/ [Capture the Ether]
  • https://ethernaut.openzeppelin.com/ [The Ethernaut]
  • https://www.damnvulnerabledefi.xyz/ [Damn Vulnerable DeFi]
  • https://blockchain-ctf.securityinnovation.com/#/ [Security Innovation Blockchain CTF]
  • https://github.com/nccgroup/GOATCasino [GOAT Casino]
  • https://github.com/paradigm-operations/paradigm-ctf-2021 [Paradigm CTF]
  • https://github.com/blockthreat/blocksec-ctfs [Blocksec CTFs]
  • https://ciphershastra.com/ [ciphershastra CTF]
  • https://github.com/SunWeb3Sec/DeFiVulnLabs [DeFiVulnLabs]
  • https://quillctf.super.site/ [QuillCTF]
  • https://www.vulnmachines.com/ [Vulnmachines]
  • https://www.web3pwn.com/ [Web3Pwn]

• Testnets / Faucets

  • https://sepolia.dev/ [Sepolia Resources]
  • https://faucet.circle.com/ [Circle Faucet (Sepolia USDC)]

• Mindmaps

  • https://www.xmind.net/m/2zbPP7/ [Common Vulnerabilities MindMap]
  • https://coggle.it/diagram/YqLzaiSABzXD4UnZ/t/smart-contract-auditor [Auditor MindMap]
  • https://xmind.works/share/zfdeD07U [Tools MindMap]

• Starter Tools

  • https://github.com/Quillhash/Web3-Security-Tools [Web3-Security-Tools]
  • https://remix-project.org/ [Remix]

• Blogs / Postmortems

  • https://medium.com/immunefi [Immunefi]
  • https://blog.openzeppelin.com/security-audits/ [OpenZeppelin]
  • https://quillaudits.medium.com/ [QuillAudits]
  • https://blog.solidityscan.com/ [SolidityScan]
  • https://medium.com/@Beosin_com [Beosin]
  • https://neptunemutual.medium.com/ [Neptune Mutual]
  • https://blocksecteam.medium.com/ [BlockSec]
  • https://www.certik.com/resources/blog [CertiK]
  • https://mouse-run.beehiiv.com [mouse-run]

• Bug Bounties

  • https://immunefi.com/ [Immunefi]
  • https://hackenproof.com/programs [HackenProof]
  • https://code4rena.com/ [Code4rena]
  • https://gitcoin.co/explorer [Gitcoin]
  • https://hackerone.com [HackerOne]
  • https://spearbit.com/ [Spearbit]
  • https://app.sherlock.xyz/ [Sherlock]
  • https://audits.sherlock.xyz/contests [Sherlock Contests]
  • https://saloon.finance/ [The Saloon]
  • https://hats.finance/ [Hats Finance]
  • https://secure3.io/ [Secure3]
  • https://app.secure3.io/ [Secure3 Contests]
  • https://securr.tech/ [Securr]
  • https://r.xyz/ [Remedy]
  • https://hunt.r.xyz/ [Remedy Hunt]
  • https://www.vigilseek.com/bug-bounty [Vigilseek (Bug Bounty Aggregator)]
  • https://cantina.xyz/ [Cantina]

• Newsletters / Collections

  • https://newsletter.blockthreat.io/ [BlockThreat]
  • https://rekt.news/ [REKT]
  • https://weekinethereumnews.com/ [Week in Ethereum News]
  • https://quillaudits.substack.com/ [HashingBits]
  • https://web3sec.news [Web3sec.news]

• Talks / Videos

  • https://www.youtube.com/watch?v=lJQwuyW4t-k [IWCON-S22]
  • http://www.youtube.com/watch?v=P8LXLoTUJ5g [LiveOverflow]
  • https://www.youtube.com/watch?v=zcJmWr5_GOc [Web3 Security Mindset]
  • https://www.youtube.com/watch?v=QSmtVR0aniI [Security and Vulnerabilities in Web3]
  • https://www.youtube.com/playlist?list=PLox242_JhiuEe64LzW1M8XpiQ2-N5bZsX [Playlist]
  • https://www.youtube.com/watch?v=A5s9aez43Co&list=PLO5VPQH6OWdXKPThrch6U0imGdD3pHLXi [Damn Vulnerable DeFi CTF]
  • https://www.youtube.com/watch?v=cOP9z9XWjwc [Attacking Authorization]
  • https://www.youtube.com/watch?v=TmZ8gH-toX0 [Audit a Smart Contract]
  • https://www.youtube.com/watch?v=gyMwXuJrbJQ [32-Hour Course]

• Learn Solidity

  • https://cryptozombies.io/ [CryptoZombies]
  • https://www.learnweb3.io/ [LearnWeb3]
  • https://www.smartcontract.engineer/ [Smart Contract Engineer]
  • https://solidity-by-example.org/ [Solidity by Example]
  • https://www.web3.university/ [Web3 University]
  • https://www.useweb3.xyz/ [useWeb3]

• Audit Reports

  • https://github.com/chainsulting/Smart-Contract-Security-Audits [Chainsulting]
  • https://code4rena.com/reports [Code4rena Reports]
  • https://consensys.net/diligence/audits/ [Consensys]
  • https://github.com/Quillhash/QuillAudit_Reports [QuillAudits]
  • https://github.com/spearbit/portfolio/tree/master/pdfs [Spearbit]
  • https://github.com/sherlock-protocol/sherlock-reports [Sherlock]
  • https://github.com/0xNazgul/Blockchain-Security-Audit-List [Audit List]
  • https://github.com/shieldify-security/audits-portfolio [Shieldify]

• Certifications

  • https://secops.group/certified-blockchain-practitioner [CBP]
  • https://blockchaintrainingalliance.com/products/cbsp [CBSP]

Blockchain Guide

• https://github.com/useWeb3/awesome-web3 [awesome web3]
• https://github.com/austintgriffith/ethskills [The missing knowledge between AI agents and production Ethereum]
• https://github.com/karask/satoshi-paper [Original Satoshi paper in various formats]
• https://l2beat.com/scaling/summary [L2BEAT Scaling Summary]
• https://github.com/unbalancedparentheses/practical_cryptography_and_distributed_ledgers [Practical Cryptography and Distributed Ledgers]
• https://github.com/mush-support/mush-news [MushNews - Web3 News Explorer]
• https://github.com/lukasmasuch/best-of-crypto [awesome open-source crypto projects]
• https://github.com/0xMacro/awesome-solana-security [awesome solana security]
• https://github.com/az0mb13/awesome-solana-security [awesome solana security]
• https://github.com/openSVM/awesome-svm [All things SVM (Solana Virtual Machine)]
• https://github.com/Ackee-Blockchain/Solana-Auditors-Bootcamp [Solana audit security]
• https://github.com/anza-xyz/security-audits [Solana audit security]
• https://github.com/0xNazgul/Blockchain-Security-Library [Blockchain Security Library]
• https://github.com/GammaStrategies/awesome-uniswap-v3 [A curated list of awesome Uniswap v3 resources]
• https://github.com/fewwwww/awesome-uniswap-hooks [A curated list of awesome Uniswap v4 hooks resources]
• https://github.com/neodyme-labs/solana-ctf [Solana CTF]
• https://github.com/slowmist/Web3-Project-Security-Practice-Requirements [Web3 Project Security Practice Requirements]
• https://www.freeweb3resources.com [Guide]
• https://github.com/yjjnls/awesome-blockchain [Guide]
• https://github.com/ahmet/awesome-web3 [Guide]
• https://github.com/codeluu/blockchain-osint [A collection of tools and resources useful for OSINT investigations in the cryptocurrency]
• https://github.com/K2SOsint/Legendary_Crypto [A resource full of Crypto/OSINT tools, techniques and training courses for CTI, AML, and forensic investigations]
• https://github.com/gmh5225/wallet-pentesting-article [Wallet Pentesting Guide]
• https://github.com/ValkyriSecurity/awesome-wallet-security [Resources to learn Wallet Security]
• https://github.com/rkdud007/awesome-zkvm [zkVM Guide]
• https://github.com/eth-act/zkevm-book [Ethereum zkEVM book]
• https://github.com/chaozh/awesome-blockchain-cn [CN Guide]
• https://blog.wssh.trade/posts/uniswap-v3 [Uniswap V3 CN Guide]
• https://github.com/bekatom/awesome-ethereum [ETH Guide]
• https://github.com/InfectedIsm/solana-quick-start-guide [Solana quick start guide]
• https://github.com/GuiBibeau/solana-dev-skill [solana skill]
• https://github.com/solana-foundation/awesome-solana-ai [AI tooling to help build on Solana — skills, agents, MCP, dev tools]
• https://ashborn-sol.vercel.app/demo/shadow-agent [Shadow Agent Protocol — private AI commerce on Solana with Ashborn/Light ZK, x402 micropayments]
• https://github.com/ipsilon/eof [evm object format]
• https://github.com/Lilyjjo/mev_reading_list [List of resources to understand what 'mev' is]
• https://en.hackndo.com/ethereum-virtual-machine [EVM]
• https://github.com/mektigboy/evm-chad [EVM]
• https://github.com/jtriley-eth/the-ethereum-virtual-machine [EVM]
• https://github.com/w1nt3r-eth/evm-from-scratch [EVM]
• https://github.com/shafu0x/evm-from-scratch-book [EVM]
• https://github.com/wjmelements/evm [EVM (C)]
• https://github.com/4337Mafia/awesome-account-abstraction [EIP-4337]
• https://github.com/Arvolear/awesome-eip-7702-delegations [awesome EIP-7702]
• https://github.com/smlxl/evm.codes [EVM Opcodes Interactive Reference]
• https://github.com/Unboxed-Software/solana-course [A complete course for learning Solana]
• https://www.rareskills.io/solana-tutorial [A Solana Course By Rareskills]
• https://github.com/lambdaclass/lambdaworks [Crypto]
• https://github.com/coinspect/learn-evm-attacks [EVM Security]
• https://github.com/x676f64/secureum-mind_map [EVM Security]
• https://github.com/perimetersec/evm-fuzzing-resources [EVM Fuzzing Resources]
• https://github.com/SunWeb3Sec/damn-vulnerable-defi-v4-solutions [Defi Security]
• https://github.com/slowmist/SlowMist-Learning-Roadmap-for-Becoming-a-Smart-Contract-Auditor [Smart contract audit skills roadmap for beginners]
• https://github.com/Dapp-Learning-DAO/Dapp-Learning [Dapp]
• https://github.com/contractcops/auditingroadmap [Solidity]
• https://github.com/0xcacti/awesome-solidity-dev-tools [Solidity]
• https://github.com/0xArDANT/Solidity-Exercises [Solidity Exercises]
• https://github.com/chinmay-farkya/solidity-notes [Solidity Notes]
• https://github.com/33357/smartcontract-apps [Solidity CN]
• https://github.com/nullity00/web3-resources [Web3 resources]
• https://github.com/Malinariy/Solidity-gas-optimizations-tips [Gas optimizations tips]
• https://github.com/w3f/Grants-Program [Web3 Foundation Grants Program]
• https://github.com/Bonfida/solana-name-service-guide [Solana name service]
• https://github.com/smartcontractkit/starter-kits [across the smart contract ecosystem]
• https://github.com/smartcontractkit/solana-starter-kit [Example code for using Chainlink on Solana]
• https://www.solanaecosystem.com [Solana Ecosystem discoverer]
• https://github.com/solana-developers/create-solana-dapp [CLI for creating Solana dApps on the fly]
• https://github.com/ithacaxyz/odyssey-examples [Odyssey's features]
• https://github.com/OpenZeppelin/merkle-tree [Merkle Tree]
• https://github.com/cbergoon/merkletree [A Merkle Tree implementation written in Go]
• Smart Contract Precision Handling Best Practices [Precision Handling]
• https://github.com/gmh5225/Layer2-Architecture [Layer2 Architecture]
• https://github.com/gmh5225/Optimism-VM-Architecture [Optimism VM Architecture]
• https://github.com/gmh5225/zkVM-Architecture [zkVM Architecture]
• https://github.com/awesomelistsio/awesome-crypto-wallets [Awesome Web3 Crypto Wallet]
• https://github.com/dinhduongha/awesome-wallet [Awesome Web3 Crypto Wallet]
• https://github.com/gmh5225/awesome-crypto-wallet-address [Awesome crypto wallet address]
• https://github.com/Ackee-Blockchain/awesome-wake-tests [Awesome Wake tests]

AI

Agents

• https://github.com/microsoft/ai-agents-for-beginners [AI Agents for beginners]
• https://github.com/openai/openai-agents-js [openai agent workflows and agents]
• https://github.com/openai/openai-agents-python [openai agent workflows and agents]
• https://github.com/e2b-dev/awesome-ai-agents [A list of AI autonomous agents]
• https://github.com/elizaOS/eliza [Autonomous agents for everyone]
• https://github.com/elizaOS/eliza-starter [eliza starter]
• https://github.com/kyegomez/swarms [The Enterprise-Grade Production-Ready Multi-Agent Orchestration Framework]
• https://github.com/blorm-network/ZerePy [ZerePy an open-source launch-pad for AI agents]
• https://github.com/lambdaclass/eth-agent [AI agent wallet for EVM chains: send/swap/bridge stablecoins with spending limits and human approval]
• https://github.com/kortix-ai/suna [Suna - Open Source Generalist AI Agent]
• https://github.com/HKUDS/AutoAgent [AutoAgent: Fully-Automated and Zero-Code LLM Agent Framework]
• https://github.com/agno-agi/agno [Agno is a lightweight, high-performance library for building Agents]
• https://github.com/crewAIInc/crewAI [autonomous AI agents]
• https://github.com/pydantic/pydantic-ai [Agent Framework / shim to use Pydantic with LLMs]
• https://github.com/VoltAgent/voltagent [Open Source TypeScript AI Agent Framework]
• https://github.com/sendaifun/solana-agent-kit [connect any ai agents to solana protocols]
• https://github.com/goat-sdk/goat [Connect AI agents to 200+ onchain tools — Solana, EVM, multi-chain]
• https://github.com/tetsuo-ai/AgenC [Privacy-focused multi-agent coordination with ZK and confidential compute for Solana]
• https://github.com/anagrambuild/breeze-agent-kit [AI agents for Solana yield farming via Breeze — MCP, x402 API, SKILL.md]
• https://github.com/cascade-protocol/sati [SATI — ERC-8004 compliant agent identity and reputation on Solana, proof-of-participation]
• https://github.com/coinbase/agentkit [Every AI Agent deserves a wallet]
• https://github.com/0xgasless/agentkit [AgentKit is a toolkit that gives AI agents access to crypto wallets and onchain functionality]
• https://github.com/Ido-Levi/Hephaestus [Semi-Structured Agentic Framework. Workflows build themselves as agents discover what needs to be done, not what you predicted upfront]

Skills

• https://github.com/coinbase/agentic-wallet-skills [Wallet skills for AI agents — npx skills add coinbase/agentic-wallet-skills]
• https://github.com/Uniswap/uniswap-ai [AI tools for building on Uniswap — skills, plugins, and agents for any coding agent]
• https://github.com/jup-ag/agent-skills [Skills for AI coding agents to integrate with the Jupiter ecosystem]
• https://github.com/OpenZeppelin/openzeppelin-skills [OpenZeppelin Skills — secure smart contract development with OZ libraries; Solidity, Cairo, Stylus, Stellar; setup/upgrade skills; npx skills add OpenZeppelin/openzeppelin-skills]
• https://github.com/bnb-chain/bnbchain-skills [BNB Chain Skills — AI agent skills for BNB Chain MCP: blocks, transactions, contracts, tokens, NFTs, wallet, ERC-8004 agents, Greenfield; npx skills add bnb-chain/bnbchain-skills]
• https://github.com/gate/gate-skills [Gate Skills — open skills marketplace for AI agents: Gate exchange/DEX (spot, futures, unified, dual, staking), market analysis, risk check, news, address tracking; one-click MCP install for Cursor/Claude/Codex/OpenClaw; npx skills add https://github.com/gate/gate-skills]
• https://github.com/sendaifun/skills [Solana skills monorepo — DFlow, Drift, Kamino, Meteora, Orca, Raydium, Sanctum, Helius, Pyth, vulnhunter, code-recon, solana-kit, Pinocchio, Surfpool]
• https://github.com/solana-foundation/solana-dev-skill [Official Solana development skill — Anchor/Pinocchio, LiteSVM/Mollusk, security best practices]
• https://github.com/metaplex-foundation/skill [Official Metaplex skill — Core NFTs, Bubblegum, Candy Machine, Umi/Kit SDKs]
• https://github.com/magicblock-labs/magicblock-dev-skill [MagicBlock development — VRFs, Cranks, Session Keys, latency/privacy on Solana]
• https://github.com/tenequm/claude-plugins/tree/main/solana [Solana Claude plugin — Anchor/native Rust, security auditing, ZK compression via Light Protocol]
• https://github.com/Lightprotocol/skills [Solana rent-free dev skills — Anchor/Pinocchio without rent-exemption, ZK programs]
• https://github.com/quiknode-labs/blockchain-skills [Quicknode blockchain skills — Solana RPC, Jupiter Swap API, Yellowstone gRPC]
• https://github.com/sanbir/solidity-auditor-skills [Solidity Auditor Skills — EVM security auditing: 210 attack vectors, 5–7 parallel agents, DeFi checklists, adversarial reasoning; fork of pashov/skills; Claude/Cursor]
• https://github.com/shuvonsec/web3-bug-bounty-hunting-ai-skills [Web3 bug bounty skills for Claude Code/Cursor — 10 bug classes from 2,749 Immunefi reports + 681 DeFiHackLabs repros; grep patterns, Foundry PoC templates, Immunefi triage/report format, methodology, case studies; optional MCP (Slither/Aderyn/SWC)]
• https://github.com/sanbir/solana-auditor-skills [Solana Auditor Skills — Rust/SVM security auditing: 105 attack vectors, 4–6 parallel agents, DeFi checklists, adversarial reasoning; Anchor/Native/Pinocchio; Claude/Cursor]
• https://github.com/sanbir/move-auditor-skills [Move Auditor Skills — Sui Move security auditing: 143 attack vectors, 5–7 parallel agents, DeFi checklists, adversarial reasoning; Claude/Cursor]
• https://github.com/sanbir/ton-auditor-skills [TON Auditor Skills — TON/FunC/Tact security auditing: 120 attack vectors, 4–6 parallel agents, DeFi checklists, adversarial reasoning; Jetton/NFT TEP; Claude/Cursor]

MCP Servers

• https://mcp.solana.com/ [Solana Developer MCP — official Solana and Anchor docs in Cursor/Windsurf/Claude CLI]
• https://pond.dflow.net/build/mcp [DFlow MCP — spot + prediction market trading API for Solana]
• https://github.com/DesideApp/deside-mcp [Deside MCP — wallet-to-wallet messaging for Solana agents, Ed25519 auth]
• https://www.npmjs.com/package/@quicknode/mcp [Quicknode MCP — provision and manage Solana endpoints via natural language]
• https://github.com/PraneshASP/foundry-mcp-server [foundry mcp]
• https://github.com/strangelove-ventures/web3-mcp [MCP server for multi-chain RPC: Solana, Ethereum, THORChain, XRP, TON, Cardano, UTXO chains]

3D / Games

3D Graphics

• https://github.com/mrdoob/three.js [JavaScript 3D Library]

Games

• https://github.com/aakarkun/unity-web3-skyrim-market [Web3 SkyRim Market - Unity]
• https://github.com/0xFableOrg/0xFable [Trading card game]
• https://github.com/adrianhajdin/project_web3_battle_game [Web3 NFT Card Game]
• https://github.com/EkaterinaGorbunova/web3_nft_card_battle_game [Web3 NFT Card Game]
• https://github.com/MoralisWeb3/unity-web3-game-kit [Unity Web3 Game Kit]
• https://github.com/web3gamesofficial/web3games-blockchain [Web3Games blockchain network based on Substrate]
• https://github.com/alto-io/game3.js [The Web 3.0 Game Framework]
• https://github.com/proofofplay/piratenation-contracts [The Pirate Nation game]
• https://github.com/MetaMask/red-balloon-game [Red Balloon]
• https://github.com/apac-chainchanger/MemeSphinx [MEME Coin Riddles Game on the Flow blockchain]
• https://github.com/nhuxhr/sol-connect-four [Connect Four game built on the Solana blockchain]
• https://github.com/matthewegyed/BlockchainGambit [A minimalistic chess game on the blockchain using Solidity and Foundry]

Wallet

Source Code

• https://github.com/MetaMask [MetaMask]
• https://github.com/MetaMask/solana-wallet-standard [MetaMask Solana Wallet Standard]
• https://github.com/MetaMask/snap-bitcoin-wallet [MetaMask Bitcoin Snap Wallet]
• https://github.com/freigeist-m/monero-multisig-gui [Monero multisig wallet GUI: create and coordinate multisig wallets with privacy]
• https://github.com/MetaMask/metamask-extension [MetaMask Extension]
• https://github.com/MetaMask/metamask-mobile [MetaMask Mobile]
• https://github.com/MetaMask/metamask-desktop [MetaMask Desktop]
• https://github.com/ethereum/wallet-poc [The web3 wallet that makes crypto self-custody easy and secure via hybrid account abstraction. EIP-7702 ready]
• https://github.com/coinbase/smart-wallet [ ERC-4337 compliant smart contract wallet from Coinbase]
• https://github.com/samui-build/samui-wallet [Open Source wallet and toolbox for Solana builders]
• https://github.com/ApeWorX/Ruffsack [A rugged multisig wallet for everyday adventures]
• https://github.com/0xcregis/anychain [Multi-chain Rust wallet SDK]
• https://github.com/coming-chat/wallet-SDK [Multi-chain Wallet SDK]
• https://github.com/near/wallet-selector [NEAR Wallet Selector]
• https://github.com/Railgun-Community/wallet [RAILGUN Wallet]

MPC

• https://github.com/coinbase/cb-mpc [Coinbase MPC Library]
• https://github.com/bnb-chain/tss-lib [Threshold Signature Scheme, for ECDSA and EDDSA]
• https://github.com/vultisig/mobile-tss-lib [Threshold Signature Scheme on mobile]
• https://github.com/taurushq-io/multi-party-sig [Implementation of protocols for threshold signatures]
• https://docs.binance.org/tss.html [Binance TSS Documentation]
• https://hackmd.io/@elichai/legendrery [HD Wallets and the Legendrery PRF in MPC]
• https://github.com/grempe/secrets.js [Shamir Secret Sharing (JavaScript)]
• https://github.com/jesseduffield/horcrux [Shamir Secret Sharing Tool for Crypto Keys]

Connection

• https://github.com/reown-com/appkit [web]
• https://github.com/rainbow-me/rainbowkit [web]
• https://github.com/WalletConnect/walletconnect-monorepo [WalletConnect Monorepo]

Development

Smart Contract Templates

• https://github.com/mattstam/solidity-template [Solidity Template]
• https://github.com/gmh5225/foundry-template [Foundry Template]
• https://github.com/Uniswap/foundry-template [Foundry Template]
• https://github.com/UMAprotocol/dev-quickstart-oov3 [Foundry quickstart: example contracts and tests for UMA Optimistic Oracle V3 integration]
• https://github.com/risc0/risc0-foundry-template [Foundry Template for integrating RISC Zero]
• https://github.com/Contract-examples/Avalanche-contract-template [Avalanche Foundry Template]
• https://github.com/auditless/cairo-template [Cairo template]
• https://github.com/Contract-examples/cairo-example [Cairo template]
• https://github.com/rzmahmood/StarkNet-NFT-Template [A Template for deploying NFT Projects on StarkNet]
• https://github.com/mart1n-xyz/eip7702-viem-demo [EIP-7702]
• https://github.com/5afe/safe-eip7702 [Safe (5afe) EIP-7702 POC — EOA delegates execution to Safe smart account; frontend, relay backend, local/testnet config]
• https://github.com/Uniswap/ERC20-eth [ERC-7914]
• https://github.com/mpeyfuss/vyper-template [Vyper + Foundry Template]
• https://github.com/aadeexyz/erc-8004 [ERC-8004: Trustless Agents]
• https://github.com/ChaosChain/trustless-agents-erc-ri [ERC-8004: Trustless Agents]

SDK

• https://github.com/Ankr-network/game-unreal-sdk [Mirage Unreal SDK]
• https://github.com/jup-ag/jupiter-amm-interface [Jupiter AMM interface crate for implementing a Solana DEX AMM]
• https://github.com/magicblock-labs/Solana.Unity-SDK [Unity-Solana SDK]
• https://github.com/Virus-Axel/godot-solana-sdk [Godot Solana SDK]
• https://github.com/hyperledger/web3j [Lightweight Java and Android library for integration with Ethereum clients]
• https://github.com/gmh5225/UUPSProxyFactorySDK [SDK of UUPSProxyFactory]
• https://github.com/gmh5225/permit2-light-sdk [Light SDK of Uniswap-permit2]
• https://github.com/gmh5225/Multicall3-SDK [SDK of Multicall3]
• https://github.com/nhuxhr/pumpfun-rs [Rust SDK for PumpFun Solana program]
• https://github.com/rckprtr/pumpdotfun-sdk [Typescript SDK for PumpFun Solana program]
• https://github.com/anza-xyz/solana-sdk [Rust SDK for the Solana blockchain, used by on-chain program developers and the Agave validator]
• https://github.com/hoprnet/gnosis-hosted [self-host Gnosis Safe]
• https://github.com/gagliardetto/solana-go [Go SDK library and RPC client for the Solana Blockchain]

Interaction

• https://github.com/ethereum/go-ethereum [go ethereum]
• https://github.com/ethereum/web3.py [py ethereum]
• https://github.com/wevm/viem [js/ts Ethereum]
• https://github.com/web3/web3.js [js ethereum]
• https://github.com/ethers-io/ethers.js [js ethereum]
• https://github.com/mhw0/libethc [c ethereum]
• https://github.com/sk1122/solana-sdk [js solana]
• https://github.com/evmauth/evmauth-ts [A TypeScript SDK for interacting with EVMAuth contracts]
• https://github.com/loocapro/reth-bsc [A BSC-compatible Reth client implementation]

Tools

• https://github.com/infosec-us-team/onboardme [The fastest way to understand complex Solidity smart contracts]
• https://github.com/swiss-knife-xyz/swiss-knife [All your EVM tools in one place]
• https://github.com/EIPTools/eip-tools [Explore all EIPs, ERCs, RIPs and CAIPs easily]
• https://github.com/a16z/halmos [A symbolic testing tool for EVM]
• https://github.com/0xRajkumar/revm [REVM]
• https://github.com/Giulio2002/gevm [Blazingly fast EVM implementation written in Golang]
• https://github.com/fukaoi/smart-token-tool [SPL Token/ NFT issue tool on solana]
• https://github.com/cryptoloutre/solana-tools [A bunch of tools to help people in the Solana ecosystem]
• https://github.com/costa-group/EthIR [A framework for high-level Analysis of Ethereum Bytecode]
• https://github.com/warp-id/solana-trading-bot [Solana Trading Bot]
• https://github.com/0xKoda/llevm [Talk with EVM Bytecode using webLLM]
• https://github.com/cdump/evmole [Extracts function selectors, arguments and state mutability from EVM bytecode]
• https://openchain.xyz/tools/abi [Some handy tools for encoding/decoding ABI data]
• https://github.com/Polymarket/agents [Trade autonomously on Polymarket using AI Agents]
• https://github.com/daijro/camoufox [Anti-detect browser]
• https://github.com/blockscout/blockscout [Blockchain explorer for Ethereum]
• https://github.com/OpenZeppelin/openzeppelin-monitor [OpenZeppelin Monitor]
• https://github.com/OpenZeppelin/openzeppelin-relayer [OpenZeppelin Relayer]
• https://github.com/mush-support/mush-audit [AI-powered smart contract security analysis platform]
• https://github.com/HrikB/createXcrunch [find zero-leading, zero-containing, or pattern-matching addresses for the CreateX contract factory]
• https://github.com/NeurProjects/neur-app [The Intelligent Copilot for Solana]
• https://github.com/Lumo-Labs-AI/lumokit [Lightweight Python AI toolkit for Solana — on-chain actions, Jupiter swaps, research]
• https://aimpact.dev [AImpact — AI-powered IDE for Web3, generate and deploy Solana smart contracts]
• https://github.com/GauravBurande/solana-llm-oracle [SLO — Solana LLM Oracle for on-chain AI inference in programs]
• https://github.com/0xNineteen/solana-arbitrage-bot [solana arbitrage bot across multiple spot dexs]
• https://github.com/D4Vinci/Scrapling [Undetectable, Lightning-Fast, and Adaptive Web Scraping for Python]
• https://github.com/bengabp/dexscreener [Reverse engineering dexscreener avro encryption to fit my web scraping needs]
• https://github.com/puppeteer/puppeteer [Puppeteer]
• https://github.com/otter-sec/bn-ebpf-solana [Binary Ninja plugin for Solana eBPF]
• https://github.com/deanmlittle/ezbpf [A simple sBPF (Solana eBPF) disassembler]
• https://github.com/cpkt9762/solana-sbpf-rlib [Solana sBPF rlib files for IDA Pro signature generation]
• https://github.com/franck44/evm-dis [An EVM bytecode disassembler/assembler]
• https://github.com/duaraghav8/Ethlint [Code quality & Security Linter for Solidity]
• https://github.com/protofire/solhint [Code quality & Security Linter for Solidity]
• https://github.com/byterocket/c4udit [Static analyzer for solidity contracts based on regexs]
• https://github.com/gmh5225/EthGen [A simple command-line tool written in Go to generate Ethereum wallet addresses and private keys in bulk]
• https://github.com/hyperliquid-dex/hyper-evm-sync [Proof of concept to execute all transactions from genesis for the entire HyperEVM]
• https://github.com/sec3-service/IDLGuesser [IDL Guesser is an open-source tool that automatically recovers the IDL information from closed-source Anchor-based Solana programs]
• https://github.com/GianfrancoBazzani/evm-storage.codes [EVM Smart Contract Storage Viewer and Comparator]
• https://github.com/accretion-xyz/solana-data-reverser [analyzing hex data with deep Solana blockchain integration. Perfect for examining raw binary data, Solana account structures]
• https://github.com/FuzzingLabs/sol-azy [Sol-azy is a modular CLI toolchain for static analysis and reverse engineering of Solana sBPF programs]
• https://github.com/FuzzingLabs/sierra-analyzer [Sierra decompiler and analyzer]
• https://github.com/walnuthq/soldb [CLI debugger for Solidity and EVM]
• https://github.com/argotorg/sourcify [Source code verification service for Ethereum smart contracts]
• https://github.com/gmh5225/js-debugger-bypass-script [JS Debugger Bypass UserScript]
• https://github.com/anza-xyz/jetstreamer [A Solana project geared towards realtime indexing, research, and backfilling with support for all epochs in the history of Solana mainnet]
• https://github.com/MetaMask/eth-phishing-detect [Utility for detecting phishing domains targeting Web3 users]
• https://github.com/Th0rgal/SafeLens [Offline transaction verifier for Safe multisig wallets with ERC-7730 clear signing]
• https://github.com/ponder-sh/ponder [Ponder]
• https://github.com/better-auth/better-auth [Better Auth]
• https://github.com/libp2p [libp2p]
• https://github.com/paraswap/paraswap-dex-lib [ParaSwap DEX Library]
• https://github.com/OpenZeppelin/ui-builder [OpenZeppelin UI Builder: chain-agnostic form builder for smart contract interaction]
• https://github.com/exchange-core/exchange-core [Ultra-fast matching engine written in Java based on LMAX Disruptor]
• https://github.com/aeron-io/aeron [Efficient reliable UDP unicast, UDP multicast, and IPC message transport]

Compilers

• https://github.com/ethereum/solidity [Solidity]
• https://github.com/vyperlang/vyper [Pythonic Smart Contract Language for the EVM]
• https://github.com/paradigmxyz/solar [Solidity compiler, written in Rust]
• https://github.com/hyperledger-solang/solang [Solidity Compiler for Solana and Polkadot]
• https://github.com/solana-developers/seahorse [Write Anchor-compatible Solana programs in Python]
• https://github.com/paritytech/revive [Solidity compiler for PolkaVM]
• https://github.com/matter-labs/era-compiler-solidity [Solidity compiler for ZKsync]
• https://github.com/matter-labs/zksolc-bin [Releases of the Solidity compiler for ZKsync]
• https://github.com/ethereum/solc-bin [This repository contains current and historical builds of the Solidity Compiler]
• https://github.com/alloy-rs/svm-rs [Solidity-Compiler Version Manager]
• https://github.com/lmittmann/go-solc [Go Bindings for the Solidity Compiler]
• https://github.com/ethereum/solc-js [Javascript bindings for the Solidity compiler]
• https://github.com/ethereum/py-solc [Python wrapper around the solc Solidity compiler]
• https://github.com/ApeWorX/ape-solidity [Solidity compiler plugin for the Ape Framework]
• https://github.com/move-language/move-sui [Move on Aptos sui]
• https://github.com/move-language/move-on-aptos [Move on Aptos]
• https://github.com/matter-labs/solx [LLVM-based Solidity compiler]
• https://github.com/pr0cf5/solana-llvm-compiler [Using llvm to convert an eBPF shared library to x86]

Decompilers

• https://github.com/Jon-Becker/heimdall-rs [Decompiler for EVM smart contract]
• https://app.dedaub.com/ [Decompiler for EVM smart contract]
• https://ethervm.io/decompile [Decompiler for EVM smart contract]
• https://github.com/msuiche/porosity [Decompiler for EVM smart contract written by C++]
• https://github.com/verichains/revela [Decompiler for Move smart contracts]

Development Frameworks

• https://github.com/foundry-rs/foundry [Ethereum application development]
• https://github.com/coral-xyz/anchor [Solana Sealevel Framework]
• https://github.com/anza-xyz/platform-tools [Customized Rust/Clang toolchain for Solana Platform]

ZK Proofs

• https://github.com/matter-labs/awesome-zero-knowledge-proofs [ZKP Guide]
• https://github.com/nishuzumi/zk101 [zk101]
• https://github.com/scipr-lab/libsnark [C++ library for zkSNARKs]
• https://github.com/Consensys/gnark [Fast zk-SNARK library]
• https://github.com/zkcrypto/bellman [zk-SNARK library]
• https://github.com/zksecurity/zkbugs [Reproduce ZKP vulnerabilities]
• https://github.com/google/longfellow-zk [Implementation of the Google Zero-Knowledge library for Identity Protocols]
• https://github.com/TheBojda/zktree-vote [Anonymous Voting with Zero-Knowledge Proofs]
• https://github.com/zkMaps/zkMaps [Zero-Knowledge Location Proofs]

Unit Tests

• https://github.com/gmh5225/forge-gui [A GUI wrapper command-line tool for Foundry Template]
• https://github.com/NomicFoundation/hardhat
• https://github.com/zeroknots/brokentoken [Foundry Test Suit to test weird ERC20 behavior]
• https://github.com/SunWeb3Sec/DeFiLabs [On-chain test DeFi using Foundry]
• https://github.com/1inch/solidity-utils [Utility Library for Smart Contracts and Testing]
• https://gitlab.com/learn-web31/foundry-cheatcode [Foundry Cheatcodes Notes]

Contract Source Code

• https://github.com/EkuboProtocol/evm-contracts [Ekubo Protocol AMM smart contracts for EVM]
• https://github.com/dcccrypto/percolator-stake [Percolator Insurance LP staking program on Solana — PDA-admin, Kani verification]
• https://github.com/ethereum/solidity-examples [Solidity example code]
• https://github.com/rdubois-crypto/FreshCryptoLib [Deprecated: cryptographic primitives for blockchain systems (Solidity/Cairo/C/Rust)]
• https://github.com/OpenZeppelin/contracts-sui [OpenZeppelin contracts for the Sui Move ecosystem]
• https://github.com/shafu0x/awesome-smart-contracts [awesome]
• https://github.com/tangtj/bsc-contract-database [BSC]
• https://github.com/smartcontractkit/smart-contract-examples [ERC]
• https://github.com/thirdweb-dev/contracts [ERC]
• https://github.com/tornadocash [Tornado Cash]
• https://github.com/tornadocash/tornado-core [Tornado Cash Core]
• https://github.com/nkrishang/tornado-cash-rebuilt [Tornado Cash rebuilt]
• https://github.com/luvnft/Memecoin-BASE [MEME]
• https://github.com/ITExpert0228/Meme_project [MEME]
• https://github.com/jamesbachini/DEX-Arbitrage [Trading bot on NEAR Protocol]
• https://github.com/Vectorized/gasback [A barebones implementation of a gasback contract that implements RIP-7767]
• https://github.com/evmauth/evmauth-core [EVMAuth is an advanced implementation of the ERC-1155 token standard that enables robust EVM-based authorization for Web3 applications]
• https://github.com/Contract-examples/CrimeEnjoyor [CrimeEnjoyor for EIP-7702]
• https://github.com/justshiftjk/EVM-Pumpfun-Solidity-Contract [EVM version of pumpfun smart contract]

Security

• https://ai-audits.exotechnologies.xyz [Exo AI Audits — AI-powered smart contract auditing platform for Solana programs]
• https://github.com/OWASP/www-project-smart-contract-top-10 [OWASP Smart Contract Top 10]
• https://github.com/paradigmxyz/evmbench [Benchmark and harness for finding and exploiting smart contract bugs]
• https://github.com/hannespfeiffer/evmbench-certora-agent-harness [EVMBench + Certora iterative agent harness for spec generation and refinement]
• https://github.com/alt-research/SolidityGuard [Solidity/EVM smart contract security auditor — 104 vulnerability patterns, 8 tools, 100% CTF + EVMBench (120/120)]
• https://github.com/TradMod/awesome-audits-checklists [A curated list of smart contracts security audits checklists]
• https://github.com/crytic/awesome-ethereum-security [awesome ethereum security]
• https://github.com/ArjunaSec/Awesome-Solana-checklist [awesome solana security]
• https://github.com/pontifex73/rust-solana-audit-start [rust solana audit start]
• https://github.com/amanusk/awesome-starknet-security [awesome starknet security]
• https://github.com/sigp/solidity-security-blog [Solidity security]
• https://github.com/Al-Qa-qa/bank-web3-security-tutorial [Solidity Security]
• https://github.com/crytic/not-so-smart-contracts [Solidity Security]
• https://github.com/Ackee-Blockchain/reentrancy-examples [Reentrancy vulnerabilities]
• https://github.com/OpenZeppelin/openzeppelin-contracts [OpenZeppelin Contracts is a library for secure smart contract development]
• https://github.com/banteg/legible-math [LegibleMath is a Solidity library providing readable arithmetic with compile-time constants for the letters you need to spell numbers]
• https://github.com/preslavxyz/Web3-Security-Researcher-Roadmap [Web3 Security Researcher Roadmap]
• https://github.com/tpiliposian/not-awesome-web3-security-roadmap [Web3 Security Researcher roadmap]
• https://github.com/SunWeb3Sec [Let's make Web3 more secure]
• https://defihacklabs.io/explorer/index.html [DeFiHackLabs Explorer]
• https://github.com/SunWeb3Sec/DeFiHackLabs [Reproduce DeFi hacked incidents using Foundry]
• https://github.com/theredguild/damn-vulnerable-defi [The smart contract security training ground for developers, security researchers and educators]
• https://github.com/m14r41/PentestingEverything/tree/main/BlockChain%20Pentesting [Pentesting Checklist]
• https://github.com/immunefi-team/Web3-Security-Library [web3 security and programming tutorials/tools]
• https://github.com/coinspect/wallet-security-verification-standard [Wallet Security Verification Standard]
• https://github.com/theexoticman/zodiac-delegatecall-guard [Zodiac DelegateCall Guard]
• https://github.com/BlossomLabs/Assertions [On-chain assertions for securing DAO proposals and Safe transactions]
• https://github.com/safe-fndn/safe-modules [A collection of modules that can be used with the Safe contract]
• https://github.com/ZhangZhuoSJTU/Web3Bugs [Bugs in Smart Contracts]
• https://github.com/kadenzipfel/smart-contract-vulnerabilities [A collection of smart contract vulnerabilities]
• https://github.com/cryptostaker2/blockchain-security-audits [Security audits]
• https://github.com/obheda12/Solidity-Security-Compendium [Solidity vuln]
• https://github.com/0xsanny/solsec [Solana smart contract security]
• https://github.com/crytic [Blockchain Security, by @trailofbits]
• https://github.com/Quillhash/Solidity-Attack-Vectors [Solidity SmartContract Attack Vectors]
• https://github.com/Quillhash/DeFi-Attack-Vectors [Common DeFi threat and attack vectors list]
• https://github.com/crytic/building-secure-contracts [Guidelines and training material to write secure smart contracts]
• https://github.com/crytic/etheno [Ethereum security analysis and testing]
• https://github.com/crytic/echidna [Ethereum smart contract fuzzer]
• https://github.com/trailofbits/manticore [Ethereum smart contract fuzzer]
• https://github.com/fuzzland/ityfuzz [Ethereum smart contract fuzzer]
• https://github.com/secureum/DeFi-Security-Summit-Stanford [DEFI Focus Smart Contract Security Capture the Flag]
• https://github.com/go-outside-labs/blockchain-hacking [hacking]
• https://github.com/Decurity/abi-decompiler [Recover ABI of EVM smart contracts]
• https://github.com/pcaversaccio/white-hat-frontrunning [White-hat Frontrunning Scripts]
• https://github.com/pcaversaccio/reentrancy-attacks [Historical Collection of Reentrancy Attacks]
• https://gitlab.com/learn-web31/Permit-Phishing [Permit Phishing Demo]
• https://github.com/crytic/slither [Static Analyzer]
• https://mythx.io [Static Analyzer]
• https://github.com/ConsenSys/mythril [Static Analyzer]
• https://github.com/Picodes/4naly3er [Static Analyzer]
• https://github.com/Quillhash/QuillAudit_Auditor_Roadmap [Become a Smart Contract Auditor]
• https://github.com/d-xo/weird-erc20 [Weird ERC20]
• https://github.com/slowmist/solana-smart-contract-security-best-practices [Solana security]
• https://github.com/JoranHonig/awesome-web3-ai-security [web3 ai security]
• https://github.com/Cyfrin/audit-report-templating [How to generate a PDF audit report]
• https://github.com/Frankcastleauditor/public-audits [smart contract security public audits]
• https://github.com/Certora/SecurityReports [smart contract security public audits]
• https://github.com/Ackee-Blockchain/trident [Rust-based framework to Fuzz Solana programs, designed to help you ship secure code]
• https://github.com/Ackee-Blockchain/wake [Wake is a Python-based Solidity development and testing framework with built-in vulnerability detectors]
• https://github.com/numencyber/Move_Security_Course [Move Security]

DeFi Topics

Stablecoin

• https://github.com/lakshayvaishnav/stable-coin [a decentralized stablecoin protocol on the Solana blockchain]

Atomic Swaps

• https://github.com/AthanorLabs/atomic-swap [ETH-XMR atomic swap implementation — swapd daemon and swapcli for p2p discovery, offers, and swap protocol]

MEV

• https://github.com/flashbots [for ethereum]
• https://github.com/jito-foundation/jito-solana [for solana]
• https://cow.fi/mev-blocker#rpc [MEV Blocker RPC]