Smart Contract Security Knowledge Base

This repository is a minimal, practical knowledge base focused on smart contract and protocol security. It groups short checklists, curated notes, and references you can use during design reviews, audits, and integrations.

Purpose

• Primary goal: Provide concise, high-signal guidance for secure smart contract development and review.
• Design principles: keep it simple, remove noise, and include only what is needed.

Scope

• Smart contract standards (ERC-20/721/4626/4337)
• DeFi protocols (AMMs, staking, liquidations, slippage, CDPs, liquidity concentration)
• Oracles and randomness (Chainlink, VRF)
• Governance, proxies/upgradability, wallets and account abstraction
• Interoperability and cross-chain security
• Node and integration security

📚 Educational Guide - What's in Each Folder

This section provides a beginner-friendly overview of each directory to help you navigate and understand what each folder contains.

🔧 Core Development & Standards

• assembly/ - Low-level EVM programming and inline assembly techniques. Learn how to write gas-efficient code and understand the Ethereum Virtual Machine at a deeper level.

• ERC20/ - Everything about the ERC-20 token standard. Edge cases, vulnerabilities, and best practices for fungible tokens.

• ERC721/ - Non-fungible token (NFT) security checklist and weird edge cases. Essential for NFT marketplace and collection security.

• ERC4626/ - Vault standard security patterns. Learn about yield farming, vault attacks, and inflation attacks.

• ERC4337/ - Account abstraction security. The future of wallet security and smart account implementations.

🏦 DeFi & Financial Protocols

• DEFI_PROTOCOLS/ - DeFi ecosystem security. Covers AMMs, CDPs, staking protocols, liquidations, slippage protection, and concentrated liquidity risks.

• UNISWAPV4/ - Uniswap v4 hooks security. Learn about the new hook system, risks, and integration considerations for the next generation of AMMs.

🏛️ Governance & Organizational Security

• DAOGoverance/ - DAO governance risks and attack patterns. Understand voting mechanisms, proposal attacks, and governance token vulnerabilities.

🔗 External Integrations & Infrastructure

• oracles/ - Oracle security fundamentals. Chainlink integration, VRF randomness, price manipulation attacks, and oracle design patterns.

• PROTOCOLS_INTEGRATION_SECURITY/ - External protocol integration checklists. How to safely integrate with third-party protocols and avoid integration vulnerabilities.

• interoperability-protocol-security/ - Cross-chain and messaging protocol security. Bridge attacks, cross-chain vulnerabilities, and interoperability risks.

• node_security/ - Node and infrastructure security. RPC security, validator security, and infrastructure-level vulnerabilities.

🔐 Security Fundamentals

• CHECKLIST_SECURITY/ - Comprehensive security checklists and vulnerability patterns. Start here for general smart contract security knowledge.

• signatureattacks/ - Signature replay and verification pitfalls. Learn about signature malleability, replay attacks, and cryptographic vulnerabilities.

• PROXIES_UPGRADABILITIES/ - Upgradeability patterns and risks. Proxy security, storage collisions, and safe upgrade practices.

• walletssecurity/ - Wallet security and account abstraction. Private key management, wallet vulnerabilities, and smart wallet security.

📁 Repository Structure (Technical Reference)

Below is the current top-level layout with a short description for each directory. Names reflect the present state; some will be normalized in future cleanups.

• assembly/: Low-level EVM and inline assembly notes.
• CHECKLIST_SECURITY/: General security checklists.
• DAOGoverance/: DAO governance risks, patterns, and attacks.
• DEFI_PROTOCOLS/: DeFi topics (AMMs, CDPs, staking, liquidations, slippage, concentrated liquidity).
• ERC20/: ERC-20 edge cases and notes.
• ERC4337/: Account abstraction (ERC-4337) checklist and references.
• ERC4626/: Vault standard (ERC-4626) checklist and notes.
• ERC721/: ERC-721 checklist and weird cases.
• interoperability-protocol-security/: Cross-chain/messaging protocol security notes.
• node_security/: Node and infrastructure security notes.
• oracles/: Chainlink, VRF, oracle design and vulnerabilities.
• PROTOCOLS_INTEGRATION_SECURITY/: External protocol integration checklists.
• PROXIES_UPGRADABILITIES/: Upgradeability patterns, risks, and safe practices.
• signatureattacks/: Signature replay/verification pitfalls.
• UNISWAPV4/: Uniswap v4 hooks, risks, and integration considerations.
• walletssecurity/: Wallet security and account abstraction notes.

How to Use

• During reviews: Open the relevant folder and follow the concise checklist(s) before diving into code.
• During design: Scan the domain notes to anticipate risks early (governance, oracles, proxies, etc.).
• For integrations: Use the integration and protocol-specific checklists to reduce attack surface.

Conventions

• Minimalism: prefer short, focused documents; remove duplicates or low-signal content.
• Naming: prefer snake_case and clear names. Typos and duplicates will be normalized progressively.
• Edits: if a new doc replaces an old one, delete the old to avoid drift.
• Commits: make small, regular commits with clear messages to keep progress safe and traceable.

Planned Cleanups (non-breaking and incremental)

• Normalize folder/file names (fix typos, use snake_case).
• Merge/remove duplicate or overlapping docs.
• Keep only referenced assets (remove unused images/files).

License

MIT