diff --git a/src/SUMMARY.md b/src/SUMMARY.md index 07d15e6b..b5d2a5db 100644 --- a/src/SUMMARY.md +++ b/src/SUMMARY.md @@ -49,10 +49,11 @@ - [Private Key & Seed Phrase Management](./wallet-security/private-key-management.md) - [Tools & Resources](./wallet-security/tools-&-resources.md) - [External Security Reviews](./external-security-reviews/README.md) - - [Expectation](./external-security-reviews/expectation.md) - - [Preparation](./external-security-reviews/preparation.md) + - [Smart Contract Audits](./external-security-reviews/smart-contracts/README.md) + - [Expectations](./external-security-reviews/smart-contracts/expectation.md) + - [Preparation Guide](./external-security-reviews/smart-contracts/preparation.md) + - [Vendor Selection](./external-security-reviews/smart-contracts/vendor-selection.md) - [Security Policies and Procedures](./external-security-reviews/security-policies-procedures.md) - - [Vendor Selection](./external-security-reviews/vendor-selection.md) - [Vulnerability Disclosure](./vulnerability-disclosure/README.md) - [Security Contact](./vulnerability-disclosure/security-contact.md) - [Bug Bounties](./vulnerability-disclosure/bug-bounties.md) diff --git a/src/external-security-reviews/README.md b/src/external-security-reviews/README.md index 239fb787..792e6cf4 100644 --- a/src/external-security-reviews/README.md +++ b/src/external-security-reviews/README.md @@ -3,20 +3,42 @@ tags: - Security Specialist - Operations & Strategy - Devops +contributors: + - role: wrote + users: [patrickalphac] --- # External Security Reviews +An external security review is a time-boxed, security-based assessment of software systems, applications, and infrastructure to enhance security and identify vulnerabilities. External security reviews are essential for organizations to protect against threats and build trust with users and stakeholders. -External security reviews are quite common in web3 when it comes to smart contract audits which are often being done to check if the smart contracts are secure. +## Why Are External Security Reviews Important? -It's important to note though that smart contracts are not the only components that should be considered during security reviews. Any relevant off-chain software (Bridges, Oracles, Sequencers, etc.) should also be reviewed in conjunction with any on-chain application. +According to research, significant value and data have been compromised due to security vulnerabilities in software systems. Modern applications face complex threats from malicious actors, and security issues can lead to data breaches, financial losses, and reputation damage. -While external security reviews are good, they are certainly not foolproof and cannot guarantee absolute security, and for that reason this type of security testing is not a one-time event but an ongoing commitment to the safety and security of your web3 project. +Beyond preventing security incidents, external security reviews provide several key benefits: + +- **Enhanced Security**: Find and fix vulnerabilities before they can be exploited +- **Team Education**: Level up your engineering team's knowledge through security best practices +- **Trust Building**: Demonstrate maturity and safety to users and stakeholders +- **Risk Mitigation**: Identify business logic issues and implementation flaws +- **Compliance**: Meet regulatory and industry security requirements + +## Scope of External Security Reviews + +Security reviews can encompass multiple layers of an organization's technology stack: + +- **Applications**: Web applications, mobile apps, APIs, and microservices +- **Infrastructure**: Cloud configurations, network security, access controls, and deployment pipelines +- **Data Systems**: Databases, data processing pipelines, and storage security +- **Third-party Integrations**: External APIs, libraries, and vendor services +- **Documentation**: Technical specifications, security policies, and incident response procedures + +External security reviews are not foolproof and cannot guarantee absolute security. They represent an ongoing commitment to safety rather than a one-time event. ## Contents -1. [Expectation](./expectation.md) -2. [Preparation](./preparation.md) -3. [Vendor Selection](./vendor-selection.md) -4. [Security Policies and Procedures](./security-policies-and-procedures.md) \ No newline at end of file +There are many different kinds of external security reviews, and we have some context on many of them here. + +1. [Smart Contract Audits](./smart-contracts/README.md) +5. [Security Policies and Procedures](./security-policies-and-procedures.md) \ No newline at end of file diff --git a/src/external-security-reviews/expectation.md b/src/external-security-reviews/expectation.md deleted file mode 100644 index 5b462038..00000000 --- a/src/external-security-reviews/expectation.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -tags: - - Security Specialist - - Operations & Strategy ---- - -# Expectation - - -A security review is a time-boxed assessment, generally with a project's smart contracts being in scope. - -Generally speaking, a security review will generate the following: -- Identification of security vulnerabilities and potential proof of concept attacks. -- Recommendations for mitigating identified risks. -- A review of changes implemented for mitigating identified risks. -- Comprehensive report detailing findings and suggested improvements, which in web3 is commonly publicly published. \ No newline at end of file diff --git a/src/external-security-reviews/preparation.md b/src/external-security-reviews/preparation.md deleted file mode 100644 index b7d09d50..00000000 --- a/src/external-security-reviews/preparation.md +++ /dev/null @@ -1,31 +0,0 @@ ---- -tags: - - Security Specialist - - Operations & Strategy - - Devops ---- - -# Preparation - - -A common misconception is that when doing a security review, you can just hand off the written code and let reviewers do their work. This could in theory work, however this would mean that time by reviewers is spent doing things that you could have easily done on your side to make the review more cost effective. Some of the steps you could consider taking before initiating a security review are: - -## Set a Goal for the Review -This is the most important step of a security review and often the most overlooked. By setting a scope that is not too large or undefined, you are more likely to have a successful audit. If the project is very large, you may want to focus on the most critical aspects of the project. - -## Internal Due Diligence -Conduct internal testing before engaging an external security provider. You can do this by creating and running test vectors for your code, and leverage automated tools to identify low-hanging fruit. Here’s a list of free/open-source tools your project could use: - -- **Solidity**: slither, mythril, semgrep-smart-contracts -- **Golang**: golangci-lint, go-critic, gosec, gokart -- **Rust**: cargo audit, cargo outdated, clippy, cargo geiger, cargo tarpaulin - -## Documentation -Documentation is critical for knowledge transfer and future-proofing projects. At a minimum, your documentation should include: - -- **Project Overview**: Describe your protocol in plain English—what it does and its components. -- **Flow Diagrams**: Outline all possible interaction paths within your system. -- **Design Choices**: Document design decisions and any known potential issues. -- **Known Restrictions / Limitations**: Document centralization risks and known limitations (e.g., limited TVL, token support). -- **Dependencies**: List all external dependencies. -- **Access Control / Privileged Roles**: Record all roles and their privileges. \ No newline at end of file diff --git a/src/external-security-reviews/security-policies-procedures.md b/src/external-security-reviews/security-policies-procedures.md index b6efad82..1a79cb47 100644 --- a/src/external-security-reviews/security-policies-procedures.md +++ b/src/external-security-reviews/security-policies-procedures.md @@ -4,6 +4,9 @@ tags: - Legal & Compliance - Operations & Strategy - HR +contributors: + - role: wrote + users: [patrickalphac] --- # Security Policies and Procedures diff --git a/src/external-security-reviews/smart-contracts/README.md b/src/external-security-reviews/smart-contracts/README.md new file mode 100644 index 00000000..94e14c0b --- /dev/null +++ b/src/external-security-reviews/smart-contracts/README.md @@ -0,0 +1,62 @@ +--- +tags: + - Security Specialist + - Operations & Strategy + - Devops +contributors: + - role: wrote + users: [patrickalphac] +--- + +# Smart Contract Security Reviews + +Smart contract security reviews are specialized assessments focused on identifying vulnerabilities in blockchain-based smart contracts and protocols. These reviews are critical for web3 projects due to the immutable nature of blockchain deployments and the high-value targets that smart contracts often represent. + +## Why Smart Contract Security Reviews Are Critical + +Smart contracts operate in a unique environment that makes security paramount: + +- **Immutability**: Once deployed, smart contracts cannot be easily changed +- **Financial Risk**: Smart contracts often handle significant value in cryptocurrencies +- **Public Accessibility**: All code and transactions are visible on the blockchain +- **Adversarial Environment**: Attackers are incentivized by potential financial gains +- **Complex Interactions**: DeFi protocols involve intricate interactions between multiple contracts + +According to industry data, billions of dollars have been lost due to smart contract vulnerabilities, making security reviews essential for protecting user funds and maintaining protocol integrity. + +## Smart Contract Security Review Process + +A security review engagement is typically divided into four phases: + +- **Scoping Phase**: The project team prepares the codebase and defines specific scope for security researchers +- **Initial Assessment Phase**: Researchers conduct preliminary analysis to identify potential security issues +- **Mitigation Phase**: The team works on fixing identified issues with ongoing auditor support +- **Final Report Phase**: Auditors review implemented fixes and provide a comprehensive final report + +### Audit Methodologies +- **Static Analysis**: Automated code scanning for known vulnerability patterns +- **Dynamic Analysis**: Runtime testing and fuzzing +- **Manual Review**: Expert analysis of business logic and complex vulnerabilities +- **Formal Verification**: Mathematical proofs of contract correctness (where applicable) + +## Types of Smart Contract Audits + +### Private Audits +- Dedicated security researchers assigned to your project +- Confidential and personalized attention +- Higher cost but comprehensive coverage +- Direct communication with audit team + +### Public/Competitive Audits +- Multiple researchers competing for prizes +- Diverse perspectives and approaches +- More cost-effective option +- Broader coverage through competition + +## Contents + +This section contains detailed guidance on different aspects of smart contract security reviews: + +1. [Audit Expectations](./expectation.md) - What to expect during the audit process +2. [Preparation Guide](./preparation.md) - How to prepare for a successful audit +3. [Vendor Selection](./vendor-selection.md) - Choosing the right security auditor \ No newline at end of file diff --git a/src/external-security-reviews/smart-contracts/expectation.md b/src/external-security-reviews/smart-contracts/expectation.md new file mode 100644 index 00000000..8139094a --- /dev/null +++ b/src/external-security-reviews/smart-contracts/expectation.md @@ -0,0 +1,60 @@ +--- +tags: + - Security Specialist + - Operations & Strategy +contributors: + - role: wrote + users: [patrickalphac] +--- + +# Expectations + + +## Scoping Phase +The team looking for a security review will agree with the auditors/security researchers the exact parameters of the review. What *exact* contracts should they review? What should they not review? This is incredibly important so the can clearly estimate timelines on how long a review may take. This is also where compensation is discussed, usually the more aspects a team wants to review, the more expensive the audit will be. + +## Initial Assessment Phase +- **Automated Testing**: Auditors will run various automated security tools including static analysis, fuzz testing, formal verification, and unit testing to identify basic vulnerabilities +- **Manual Code Review**: Security researchers will manually analyze the code to understand context, complexity, and identify deeper vulnerabilities that automated tools might miss +- **Documentation Review**: Auditors will review project specifications and documentation to understand intended functionality + +## Deliverables + +A comprehensive security review will generate the following: + +### Initial Report +- **Vulnerability Identification**: Security vulnerabilities classified by severity (High, Medium, Low) +- **Proof of Concept**: Demonstration of potential exploit scenarios where applicable +- **Gas Optimizations**: Recommendations for improving contract efficiency +- **Informational Findings**: Code quality improvements and best practice recommendations +- **Mitigation Strategies**: Specific recommendations for addressing each identified issue + +### Mitigation Phase +- **Fix Review Period**: Time allocated for your team to address identified vulnerabilities +- **Collaborative Support**: Ongoing communication with auditors during the fix implementation +- **Code Re-review**: Assessment of implemented fixes to ensure issues are properly resolved + +### Final Report +- **Updated Assessment**: Review of all implemented fixes and their effectiveness +- **Residual Risk Analysis**: Documentation of any remaining risks or limitations +- **Public Publication**: In web3, audit reports are commonly published publicly to build community trust + +## Timeline and Cost Expectations + +The following are *incredibly rough estimates* for timelines/costs based on Solidity smart contract audits from around the industry. Actual timelines and costs will vary significantly based on the complexity of the codebase, the number of contracts, and the specific requirements of the project. + +### Duration +- **Small Projects** (< 1000 lines): 1-2 weeks +- **Medium Projects** (1000-4000 lines): 2-5 weeks +- **Large Projects** (> 4000 lines): 5+ weeks + +### Cost Range +- **Per Week**: $1,000 - $60,000 depending on complexity and auditor expertise +- **Factors Affecting Cost**: Codebase size, complexity, timeline requirements, auditor reputation + +## Important Limitations + +- **No Guarantee**: Audits do not guarantee bug-free code or complete security. However, the engagement with the team should still provide value (teaching better security practices, improving code quality, etc.) +- **Snapshot in Time**: Audits assess code at a specific commit hash - any changes create unaudited code +- **Ongoing Process**: Security should be viewed as a continuous journey, not a one-time event +- **Emergency Preparedness**: Even audited protocols should have incident response plans and emergency communication channels \ No newline at end of file diff --git a/src/external-security-reviews/smart-contracts/preparation.md b/src/external-security-reviews/smart-contracts/preparation.md new file mode 100644 index 00000000..2501f8ed --- /dev/null +++ b/src/external-security-reviews/smart-contracts/preparation.md @@ -0,0 +1,57 @@ +--- +tags: + - Security Specialist + - Operations & Strategy + - Devops +contributors: + - role: wrote + users: [patrickalphac] +--- + +# Preparation + +A common misconception is that when doing a security review, you can just hand off the written code and let reviewers do their work. This approach is inefficient and costly, as auditors will spend time on issues you could have resolved beforehand. Proper preparation maximizes the value of your security review investment and helps auditors focus on complex vulnerabilities rather than basic issues. + +## How to Get the Most Out of Your Security Review + +## Set a Goal for the Review +This is the most important step of a security review and often the most overlooked. By setting a scope that is not too large or undefined, you are more likely to have a successful audit. If the project is very large, you may want to focus on the most critical aspects of the project. + +## Internal Due Diligence +Conduct internal testing before engaging an external security provider. You can do this by creating and running test vectors for your code, and leverage automated tools to identify low-hanging fruit. Here’s a list of free/open-source tools your project could use: + +- **Solidity**: slither, mythril, semgrep-smart-contracts +- **Golang**: golangci-lint, go-critic, gosec +- **Rust**: cargo audit, cargo outdated, clippy, cargo geiger, cargo tarpaulin + +## Write Clear Documentation +Providing comprehensive documentation is essential for auditors to understand your protocol's intended functionality. Since 80% of all bugs are due to business logic issues, auditors need to understand what your protocol should do, not just what the code does. + +Documentation should include: + +- **Project Overview**: Describe your protocol in plain English—what it does and its components. +- **Flow Diagrams**: Outline all possible interaction paths within your system. +- **Design Choices**: Document design decisions and any known potential issues. +- **Known Restrictions / Limitations**: Document centralization risks and known limitations (e.g., limited TVL, token support). +- **Dependencies**: List all external dependencies. +- **Access Control / Privileged Roles**: Record all roles and their privileges. + +## Provide a Robust Test Suite +Maintaining a comprehensive test suite that covers significant portions of your codebase allows auditors to focus on finding vulnerabilities rather than understanding basic functionality. Before an audit, ensure you have: + +- **Unit Tests**: Test individual functions and components +- **Integration Tests**: Test interactions between different parts of your system +- **Fuzz Testing**: Automated testing with random inputs to find edge cases +- **High Code Coverage**: Aim for substantial coverage of your critical code paths +- **Formal Verification**: If applicable, use formal methods to prove correctness of critical components + +## Conduct an Initial Code Walkthrough +The first step in a security audit should be a high-level video walkthrough where you: + +- Explain your codebase architecture and key components +- Describe how the code is intended to function +- Highlight critical areas that need special attention +- Provide context for design decisions and trade-offs +- Guide auditors on where to find answers to common questions + +This walkthrough helps auditors understand your system quickly and focus their time on security analysis rather than code comprehension. \ No newline at end of file diff --git a/src/external-security-reviews/smart-contracts/vendor-selection.md b/src/external-security-reviews/smart-contracts/vendor-selection.md new file mode 100644 index 00000000..8a524916 --- /dev/null +++ b/src/external-security-reviews/smart-contracts/vendor-selection.md @@ -0,0 +1,83 @@ +--- +tags: + - Security Specialist + - Operations & Strategy +contributors: + - role: wrote + users: [patrickalphac] +--- + +# Vendor Selection + +Choosing the right security vendor is crucial for getting maximum value from your security review. There are numerous security vendors in both the web3 and web2 ecosystems, each with different specializations and approaches. + +## Types of Security Audits + +Understanding the different types of security audits available helps you choose the right approach for your project: + +### Private Security Audits +Private smart contract security audits are performed by security companies or solo auditors, typically involving one or multiple security researchers specifically chosen by your team or assigned by the security firm. + +**Characteristics:** +- Confidential engagement with limited access to code +- Dedicated focus from chosen security researchers +- Personalized attention and direct communication +- Typically higher cost but more thorough coverage + +### Public/Competitive Security Audits +Public or competitive audits involve tens or hundreds of security researchers competing to find the highest number of issues to win a share of a prize pool. + +**Characteristics:** +- Open participation from multiple researchers +- Competitive environment drives thorough analysis +- Often more cost-effective than private audits, but less personalized +- Can identify a broader range of issues through diverse perspectives + +## Vendor Selection Criteria + +### 1. Track Record and Reputation +- Evaluate potential vendors based on their track record, reputation, and experience in your specific technology stack +- Look for vendors with a proven history of addressing security challenges similar to your project's needs +- Check for published audit reports and client testimonials + +### 2. Domain Expertise +- **Web3 Focus**: For smart contracts, DeFi protocols, or blockchain infrastructure, choose vendors with deep web3 security expertise +- **Web2 Focus**: For traditional infrastructure, APIs, or backend systems, consider vendors with strong web2 security backgrounds +- **Specialized Knowledge**: If building an L2, DEX, or other specialized system, prioritize vendors with relevant experience + +### 3. Technical Capabilities +- Ensure the vendor has experience with your specific: + - Programming languages (Solidity, Rust, Go, etc.) + - Blockchain platforms (Ethereum, Polygon, Arbitrum, etc.) + - Protocol types (DeFi, NFTs, DAOs, etc.) + - Architecture patterns (proxy contracts, multisig, etc.) + +### 4. Security Methodology +- **Tool Usage**: Verify they use appropriate automated security tools +- **Manual Review**: Ensure they conduct thorough manual code reviews +- **Testing Approach**: If applicable, look for comprehensive testing methodologies including fuzz testing or formal verification + +## Due Diligence Process +1. **Request References**: Ask for previous client references and audit examples +2. **Evaluate Methodology**: Understand their specific audit process and deliverables +3. **Assess Communication**: Ensure clear communication channels and responsive support +4. **Review Pricing**: Compare costs against scope and expected value +5. **Timeline Alignment**: Confirm availability matches your project timeline + +## Red Flags to Avoid + +- Vendors who guarantee finding all vulnerabilities +- Extremely low pricing without clear scope limitations +- Lack of relevant experience in your technology stack +- Poor communication or unresponsive during initial discussions +- No clear methodology or standardized reporting process + +# Audit the Auditors + +As of today, the best review of the security reviewers that we have is the historical performance of security reviewers. One of the best ways to evaluate this is to review the historical performance of the security team. + +If you see codebases that they reviewed were hacked, this doesn't mean that the team is bad. There are two types of security teams out there: +- Those who have had codebases they have reviewed hacked +- Those who have not reviewed enough codebases + +Additionally, comparing sequential audits of the same codebase can be misleading. If auditor A reviews codebase X, and then auditor B reviews the same codebase and finds more bugs, some insight from auditor A could have been used to find those extra bugs. However, if two auditors review the same codebase at the same time, this can be a much better comparison of the two auditors. \ No newline at end of file diff --git a/src/external-security-reviews/vendor-selection.md b/src/external-security-reviews/vendor-selection.md deleted file mode 100644 index cec63bb4..00000000 --- a/src/external-security-reviews/vendor-selection.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -tags: - - Security Specialist - - Operations & Strategy ---- - -# Vendor Selection - - -There are a lot of security vendors in the web3 ecosystem, and also in the web2 ecosystem. -Depending on what you want to have reviewed, for example a Solidity contract, it may be relevant to use a security vendor that focus on web3, while if for example you're reviewing your infrastructure it may be more relevant to choose a vendor that focus on web2. - -1. Make sure you evaluate potential vendors based on their track record, reputation, and experience in what you want to test. -2. Look for vendors with a proven history of addressing security challenges similar to your project’s needs. - 1. Ensure the vendor has relevant experience in web3 security vulnerabilities, as these require specialized skills. - 2. For example, if you’re building an L2, it may be beneficial to choose a vendor with a track record of reviewing L2s. -3. It could prove valuable to start with a crowd-sourced assessment which is likely to catch a lot of low hanging fruit, then move to a dedicated security vendor that will dig down into the code to potentially find remaining issues. \ No newline at end of file diff --git a/wordlist.txt b/wordlist.txt index c9a15f56..83bb8a44 100644 --- a/wordlist.txt +++ b/wordlist.txt @@ -4,49 +4,75 @@ abcdef Acknowledgement Acunetix aderyn +adraffy Aeón Aereal AES AFL AKAMAI +aml +ampering Analytics anonymization Anonymize Ansible +Arbitrum assignees +att authenticator Authy +automod +axie backdoors +backend +Beemo Binance Biometric BIP +Bitwarden +blackhat +blackhats blockchain +Blockthreat Bot's BTC Bugcrowd BYOK Captcha +CCIP CCPA +centric CEX Checkmarx Checkov CIS CISA +clippy Clippy Cloudflare CloudSploit +CMDB +CMDBs COBIT codebase +codebases Coinbase +cointype +Cointype +cointypes collab collateralized Comodo Config +confusable +confusables +Consensys Cooldown Crypto cryptocurrencies cryptocurrency cryptographic +Cryptomator CSA CSEK CSRF @@ -54,48 +80,87 @@ curation curations customizable cvc +cyber +cybercriminals CyberSec Cybersecurity +Cybrary DAI +dao dapp Darknet DAST +debevoise decrpyt decrypt +decrypted DeFi Dependabot +dependant +descentralized Deseat +dev Devops DevSecOps +DEX +Discoverability +discoverable DLP DNS DNSSEC +Dojo +doxing +doxxing +Dreww DRT DSS Dyno EE Efani +EIP +EIP +emptively encrypt +enforceability +enial Enigmail +ENSIP +ENSIPs EOA EOAs erc +epudiation +equifax's +Eramba ETH Ethereum Etherscan Ethlint +EVM Excalidraw executables +exfiltration +extractable +fallbacks FDE fedcba Fernández Fi +FIDO Fredrik +fredriksvantes +frontend +frontmatter +frontrun +frontrunner +frontrunning Fuzzer Fuzzers Gapped GCP GDPR +ghadi +ghadi Ghostery gist gists @@ -103,14 +168,20 @@ Gmail GOkart Golang Golangci +Goodknight Gosec GPG +GRC +hacken Hackenproof halmos HashiCorp hevm +Helpdesk HIDS HIPAA +hotspot +hotspots HSM HTTPS IAM @@ -121,32 +192,53 @@ IDPS IEC Immunefi Imperva +Implementers incentivize inevitableeth influencer Integrations invariant IPFS +iriusrisk IRP IRT JEA JIT +Jitsi KeepAss +KeePassXC +kickstart KMS +kyc +labelhash +levation +lexpunk lifecycle +linkability LLVM LUKS Mailvelope +mainnet Matías +Matta +mattaereal +mdbook MDM MEE Mehdi +mempool +mev Middleware misconfiguration misconfigurations Mitigation Mitigations +mitre +Monero +mortem Mortem +Mortems +MPC MTTD MTTR MullvadVPN @@ -154,36 +246,71 @@ multisig Multisignature MVNO Mythril +namehash Nano +nformation +NFT +nftdreww NIST NordVPN npm OAuth +ofac +offboarding +offboarding +onboarding +onboarding Openchain OpenSCAP OWASP +pagetoc passcode passcodes +Passwordless +patrickalphac PCI +PFP Phalcon PII +pinniped +Pinnipeds +plimpton +poofing +practinces pre +preprocessor Pretexting prover +programmatically +pseudonymity pseudonymization Qubes Qwertycards RBAC RDP recoverability +redactions +Reddit's reentrancy +reimage +reoccurrence repo reputational +requestor +resolvability +resolvers +Resolvers Revolut +roadmap +ronin +RPC +saas +sandboxing SAST satisfiable scalable Scalability +scalable SDLC Sebastián SED @@ -192,62 +319,96 @@ Semgrep sexualized Shamir Shamir's +shorteners SIEM smt +skylock SMS Snyk socio SOE +Solcurity Solhint Solidity SonarQube Spokeo Squarespace SRE +srldf SSID stateful SSL SSO StackDriver +ster Stormcast +submited +succint Surfshark Svantes Symantec +takedown TDE +Terpin's Terraform Terrascan +testnet +testnets tfsec Threema timeframe timeframes +timelock +timelocks TLS TOTP +touchpoint TPM Trezor TVL TXT UI +unaudited +uncollateralized underflows +unencrypted Unrekt untrusted +upgradability +upgradeability +upgradeable +usd USDC +UTS +validator +validators Veracode Vercel vyper +Vercel's +Vishing VLAN VLANs VPC VPN WAF +walkthrough walletcompare Wargames +WebAuthn +webhook +Webhooks +whitehat whitehat +whitehats Whitepages whitepapers WHOIS Whonix WIDS +workspace Workspace's +workspaces WPA xaaaabbbbccccdddd xabcdef @@ -262,161 +423,9 @@ Yubico Yubikey Yubikeys yyyyy -Zerouali -zzzzz -blackhat -blackhats -whitehat -whitehats -kyc -dao -usd -ofac -srldf -debevoise -emptively -plimpton -lexpunk -enforceability -frontrunner -frontrun -frontrunning -mev -hacken -skylock -kickstart -Webhooks -automod -Helpdesk -PFP -Beemo -webhook -Goodknight -shorteners -Discoverability -mdbook -pagetoc -NFT -Dreww -nftdreww -frontmatter -cyber -cybercriminals -Bitwarden -KeePassXC -Reddit's -Dojo -Cybrary -Consensys -Blockthreat -Vishing -Matta -mattaereal -touchpoint -unencrypted -uncollateralized -preprocessor +Zcash zedt -ster -fredriksvantes -ghadi -EIP -adraffy -CCIP -Cointype -cointype -cointypes -confusable -confusables -dev -discoverable -EIP -ENSIPs -ENSIP -EVM -fallbacks -ghadi -Implementers -labelhash -mainnet -namehash -programmatically -resolvers -Resolvers -resolvability -RPC -Solcurity -submited -upgradeability -upgradeable -UTS -Vercel's -ZWJ -aml -att -axie -centric -doxxing -equifax's -frontend -iriusrisk -mempool -mitre -mortem -onboarding -offboarding -pinniped -pseudonymity -ronin -saas -validator -ampering -decrypted -dependant -descentralized -doxing -enial -epudiation -extractable -hotspot -linkability -nformation -offboarding -onboarding -poofing -practinces -reimage -reoccurrence -requestor -roadmap -succint -testnet -timelock -upgradability -workspace -Pinnipeds -testnets -timelocks -takedown -workspaces -Mortems -levation -exfiltration -validators -hotspots -Terpin's -CMDB -CMDBs +Zerouali ZK -Monero -Zcash -MPC -Jitsi -Passwordless -WebAuthn -FIDO -Cryptomator -redactions -sandboxing -Eramba -GRC +ZWJ +zzzzz