A curated knowledge base for DeFi security research — protocol analyses, essential reads, Ethereum internals, and vulnerability patterns.
Maintained by @sum1t-here · CC BY 4.0
This repo is my personal research library as I build toward professional-level smart contract auditing. Everything here has been read, studied, or actively used — not just bookmarked.
If you're on a similar path, feel free to use it as a reference. If something is wrong or missing, PRs are welcome.
- Protocol Analyses
- Blogs & Articles to Read
- Ethereum & ERC Essentials
- Vulnerability Pattern Index
- How I Use This Repo
Deep dives into protocol architecture, mechanics, and security surface.
Each entry links to my full analysis notes where available.
| Protocol | Status | Notes |
|---|---|---|
| Uniswap V2 | 🔄 In Progress | x*y=k invariant, flash swaps, oracle manipulation surface |
| Uniswap V3 | ⬜ Planned | Concentrated liquidity, tick math, position accounting |
| Curve Finance | ⬜ Planned | StableSwap invariant, 3pool mechanics |
| Protocol | Status | Notes |
|---|---|---|
| Compound V2 | ⬜ Planned | cToken model, interest rate model, liquidation |
| Aave V2/V3 | ⬜ Planned | aToken model, flash loans, e-mode |
| Protocol | Status | Notes |
|---|---|---|
| ERC-4626 Tokenized Vault Standard | ⬜ Planned | Inflation attack, share price manipulation |
| Yearn V2 | ⬜ Planned | Strategy architecture, harvest mechanics |
| Protocol | Status | Notes |
|---|---|---|
| OpenSea Seaport | ⬜ Planned | Order validation, signature replay, fulfillment logic |
Status key: ⬜ Planned · 🔄 In Progress · ✅ Complete · ❓ Needs Revisit
Organized by topic. ✅ = read and internalized · ⬜ = queued · ⭐ = essential
| Title | Author | Why it matters |
|---|---|---|
| ⭐ The Auditor's Mindset | Joran Honig | How to think about threat modeling |
| ⭐ How to Audit a Smart Contract | RareSkills | End-to-end audit process walkthrough |
| Security Assumptions in DeFi | Trail of Bits | Trust model and caller validation |
| On Finding Your First Bug | Officer CIA | Mindset for solo research |
| Title | Author | Vulnerability |
|---|---|---|
| ⭐ Reentrancy Attacks | OpenZeppelin | Reentrancy — post-Istanbul variants |
| ⭐ Price Oracle Manipulation | OpenZeppelin | Oracle manipulation |
| Flash Loan Attacks | Quantstamp | Flash loan mechanics and risks |
| The Dangers of Token Integration | d-xo | Weird ERC20 behaviours |
| Integer Overflow Before and After Solidity 0.8 | HackerNoon | Math safety |
| Proxies and Upgrade Patterns | OpenZeppelin | Storage collisions, initializer bugs |
| Exploit | Date | Loss | Key Pattern |
|---|---|---|---|
| Euler Finance Hack | Mar 2023 | $197M | Flash loan + donation attack |
| Mango Markets | Oct 2022 | $117M | Oracle price manipulation |
| Cream Finance | Oct 2021 | $130M | Flash loan + reentrancy |
| Nomad Bridge | Aug 2022 | $190M | Improper message validation |
| Ronin Bridge | Mar 2022 | $625M | Compromised validator keys |
| Title | Author | What it covers |
|---|---|---|
| ⭐ Spearbit Public Reports | Spearbit | Learn from the best audit reports |
| Solodit Findings Database | Solodit | Searchable audit findings |
| DeFiHackLabs | SunWeb3Sec | Reproduced PoC exploits in Foundry |
| Immunefi Bug Bounty Reports | Immunefi | Real disclosed vulnerabilities |
The foundational layer. Everything in DeFi security traces back to one of these.
| Topic | Resource | Why it matters for security |
|---|---|---|
| EVM Opcodes | evm.codes | Understanding what Solidity compiles to |
| Storage Layout | Solidity Docs — Storage | Storage collision bugs in proxies |
| Memory Layout | Solidity Docs — Memory | Low-level memory bugs |
| ABI Encoding | ABI Spec | Calldata manipulation, signature issues |
| Gas Mechanics | EIP-1559 | DoS via gas exhaustion |
| Block & Transaction | ethereum.org — Transactions | tx.origin vs msg.sender, MEV |
| Precompiles | evm.codes/precompiled | ecrecover misuse, signature malleability |
| Standard | Link | Security notes |
|---|---|---|
| ⭐ ERC-20 | EIP-20 | Return value not checked, fee-on-transfer, rebasing tokens |
| ⭐ ERC-721 | EIP-721 | onERC721Received reentrancy vector |
| ERC-1155 | EIP-1155 | Batch transfer reentrancy |
| ⭐ ERC-4626 | EIP-4626 | Inflation attack, share rounding |
| ERC-2612 | EIP-2612 | Permit signature replay |
| ERC-1967 | EIP-1967 | Proxy storage slots |
| ERC-1822 | EIP-1822 | UUPS proxy pattern |
| ERC-3156 | EIP-3156 | Flash loan standard |
| Gotcha | Description | Where it bites |
|---|---|---|
tx.origin auth |
Phishing via malicious contract intermediary | Access control |
| Unchecked return values | transfer() on non-standard ERC20s silently fails |
Token handling |
| Downcasting | uint256 → uint128 truncates without revert pre-0.8 |
Math |
block.timestamp manipulation |
Miners can shift ±15 seconds | Time-locked logic |
| Default visibility | Functions are internal by default in some versions |
Access control |
| Uninitialized storage pointer | Points to slot 0 in older Solidity | Storage corruption |
| Signature malleability | ecrecover accepts two valid sigs per message |
Auth bypass |
| Delegatecall context confusion | Executes in caller's storage context | Proxy bugs |
Quick-reference lookup. When I spot a pattern during an audit, I check here first.
Each entry links to a deeper note or external resource.
-
tx.originused for authentication → Notes - Missing
onlyOwner/ role check on sensitive function - Initializer not protected — callable by anyone post-deployment
-
publicfunction that should beinternalorexternal
- External call before state update (CEI violation)
-
onERC721Received/onERC1155Receivedcallback not guarded - Cross-function reentrancy — reenters a different function in same contract
- Read-only reentrancy — view function reads stale state during callback
- Division before multiplication (precision loss)
- Unsafe casting (
uint256 → uint128) - Rounding always in user's favour (vault inflation attack)
- Unchecked arithmetic in loops
- Spot price read from Uniswap pair within same transaction
- TWAP window too short (manipulable within a few blocks)
- Single oracle source with no fallback
- Price not checked for staleness (Chainlink
updatedAt)
- Spot price readable via flash loan within one tx
- Collateral value computable from manipulable pool
- Flash loan callback modifies state that a subsequent check depends on
- Fee-on-transfer token not accounted for (balance diff not used)
- Rebasing token stored as raw amount
- ERC20
approverace condition - Missing return value check on
transfer()/transferFrom()
- Unbounded loop — can be gas-griefed
- External call inside loop — single failure blocks all
- Protocol assumes 1:1 token ratio that can be broken
- Governance proposal executable before timelock
- Sandwich attack possible on large AMM trades
- Frontrunnable commit-reveal scheme
Before starting an audit:
Check the Protocol Analyses section for prior work on similar architectures.
During an audit:
Use the Vulnerability Pattern Index as a trigger-question checklist.
After finding a bug:
Cross-reference with Exploit Post-Mortems to understand if this is a known pattern variant.
Ongoing:
Every article I finish gets a ✅. Every new pattern I discover gets added to the index.
Found a broken link, missing resource, or want to suggest something? Open an issue or PR. All constructive additions welcome.
CC BY 4.0 — free to use with attribution.