增加区块链安全内容

Author: fooying

content/_index.md

@@ -60,7 +60,7 @@ keywords:
 
 {{< cards rows="4" >}}
   {{< card link="security_research/ai_security" title="AI安全" image="images/banner/5.jpg" subtitle="AI安全相关资料，重点包括大模型(LLM)/AIGC安全内容.">}}
-  {{< card link="/" title="区块链安全" image="images/banner/6.jpg" subtitle="开发中，敬请期待." >}}
+  {{< card link="security_research/blockchain_security" title="区块链安全" image="images/banner/6.jpg" subtitle="区块链(Blockchain Security)/Web3/数字货币安全相关文章与资源列表." >}}
   {{< card link="/" title="待开发知识" image="images/banner/7.jpg" subtitle="开发中，敬请期待.">}}
   {{< card link="/" title="待开发知识" image="images/banner/8.jpg" subtitle="开发中，敬请期待.">}}
 {{< /cards >}}

content/security_research/_index.md

@@ -17,6 +17,11 @@ keywords:
  - 大模型安全
  - 大语言模型安全
  - LLM安全
+ - 区块链安全
+ - 智能合约安全
+ - 钱包安全
+ - 数字货币安全
+ - Web3安全
 ---
 
 👋 你好！欢迎来到 安全手册 - SEC.CAFE 安全咖啡！

content/security_research/blockchain_security/_index.md

@@ -0,0 +1,30 @@
+---
+title: 区块链安全
+weight: 1
+description: 区块链安全相关文章与资源列表
+keywords:
+ - 区块链安全
+ - 智能合约安全
+ - 钱包安全
+ - 数字货币安全
+ - Web3安全
+---
+
+区块链(Blockchain Security)/Web3/数字货币安全相关文章与资源列表
+<!--more-->
+
+## 作者及修订记录
+{{% details title="详情" %}}
+- [Fooying](https://fooying.com) 收集和编写主要内容
+{{% /details %}}
+
+> 感谢参与贡献的每一位作者！请尊重原创，引用转载请保留来源！
+
+
+## 目录
+探索以下各节以学习「区块链安全」内容：
+
+
+
+
+

content/security_research/blockchain_security/attack_and_defense.md

@@ -0,0 +1,57 @@
+---
+title: 安全攻防
+weight: 2
+description: 区块链/Web3安全开发、审计与漏洞相关内容
+keywords:
+ - smart contract security
+ - 智能合约安全
+ - Token 安全
+ - DeFi 安全
+---
+
+
+## 安全开发指南与验证标准
+- [以太坊智能合约 —— 最佳安全开发指南](https://github.com/Consensys/smart-contract-best-practices/blob/master/README-zh.md)
+- [加密货币安全标准 The CryptoCurrency Security Standard](https://cryptoconsortium.github.io/CCSS/)
+- [SCSVS 智能合约安全验证标准](https://github.com/securing/SCSVS)
+- [EOS 智能合约最佳安全开发指南](https://github.com/slowmist/eos-smart-contract-security-best-practices)
+
+## 安全审计与测试
+- [慢雾智能合约审计项](https://cn.slowmist.com/service-smart-contract-security-audit.html)
+- [慢雾智能合约审计开放报告](https://github.com/slowmist/Knowledge-Base/tree/master/open-report)
+- [基于区块链的加密货币安全审计指南](https://github.com/slowmist/Cryptocurrency-Security-Audit-Guide/blob/main/README_CN.md)
+- [Papers and Tools for Smart Contract Security Analysis](https://github.com/shlee-lab/Smart-contract-security-analysis)
+- [Solidity 安全审计checklist](https://github.com/evm-security/security-checklist)
+- [SCSTG 智能合约安全测试指南](https://github.com/InspexCo/SCSTG)
+
+## 漏洞
+- [Smart Contract Weakness Classification (SWC) 智能合约漏洞分类](https://swcregistry.io/)
+- [Decentralized Application Security Project Top 10 of 2018](https://dasp.co/)
+- [慢雾科技漏洞研究报告](https://github.com/slowmist/papers)
+- 智能合约漏洞列表 
+  - [smart-contract-vulnerabilities](https://github.com/kadenzipfel/smart-contract-vulnerabilities) 
+  - [SCV-List](https://github.com/sirhashalot/SCV-List)
+  - [关于区块链以太坊安全类问题](https://github.com/Lianantech/ETH-Security)
+
+
+## 脑图与架构图
+### 常见智能合约漏洞
+> 来自 https://github.com/Anugrahsr/Awesome-web3-Security
+
+![](/images/Vulnerabilities_in_Smart_contracts.png "常见智能合约漏洞")
+
+### DAPP安全攻防
+> 来自 https://github.com/slowmist/Knowledge-Base
+
+![](/images/dapp_attack_defense.png "DAPP安全攻防")
+
+### 钱包安全
+> 来自 https://github.com/slowmist/Knowledge-Base
+
+![](/images/exchange_wallet_attack_defense.png "钱包安全")
+
+
+
+
+
+

content/security_research/blockchain_security/guide_and_mind.md

@@ -0,0 +1,60 @@
+---
+title: 指南与框架
+weight: 1
+description: 区块链安全指南与框架
+keywords:
+ - 区块链安全标准
+ - 区块链安全指南
+ - 加密货币安全标准
+ - 区块链安全框架爱
+---
+
+## 指南与导读
+- [慢雾安全团队知识库](https://github.com/slowmist/Knowledge-Base) 慢雾是国内最专业的区块链安全公司，该知识库包含了区块链相关安全研究、报告、翻译资料等
+- [识骨寻踪：解剖区块链安全](https://mp.weixin.qq.com/s/8eFt03if7YgMzDMwJ76joQ)
+- [区块链黑暗森林自救手册](https://github.com/slowmist/Blockchain-dark-forest-selfguard-handbook)
+- [慢雾加密资产安全解决方案]https://github.com/slowmist/cryptocurrency-security
+- [Web3 Security](https://github.com/brycewai/Web3-Security) 一个Web3安全入门指引
+
+## 一些资源列表
+- [Web3 Security Resources Hub](https://github.com/Raiders0786/web3-security-resources)
+- [Awesome cryptocurrency security](https://github.com/nongiach/awesome-cryptocurrency-security)
+- [cryptocurrency-security](https://github.com/5049504F/cryptocurrency-security)
+- [Web3 Security Library](https://github.com/immunefi-team/Web3-Security-Library)
+- [Web3 Security Resources](https://github.com/wallet-guard/web3-security)
+- [web3-user-security](https://github.com/Xen0ph0n/web3-user-security)
+- [Awesome-Smart-Contract-Security](https://github.com/saeidshirazi/Awesome-Smart-Contract-Security)
+- [BlockChain-Security-List](https://github.com/slowmistio/BlockChain-Security-List)
+- [awesome-blockchain-security](https://github.com/chainflag/awesome-blockchain-security)
+- [Awesome-Blockchain-Security](https://github.com/bunturx/Awesome-Blockchain-Security)
+- [BlockChainSec](https://github.com/Al1ex/BlockChainSec) 中文项目
+- [Awesome Blockchain Security](https://github.com/Aloneposix/Awesome-Blockchain-Security)
+- [Awesome-Blockchain-Security](https://github.com/Casuwin/Awesome-Blockchain-Security)
+- [Awesome EVM Security](https://github.com/kareniel/awesome-evm-security)
+
+- [Awesome Blockchain Bug Bounty](https://github.com/slowmist/awesome-blockchain-bug-bounty) 相关赏金计划列表
+
+## 框架与脑图
+### 区块链项目安全
+> 来自 https://mp.weixin.qq.com/s/8eFt03if7YgMzDMwJ76joQ
+
+![](/images/blockchain_sec_tree.png "区块链项目安全")
+
+
+
+### 区块链作恶
+> 来自 https://github.com/slowmist/Knowledge-Base/blob/master/mindmaps/evil_blockchain.png
+
+![](/images/evil_blockchain.png "区块链作恶")
+
+
+### 慢雾加密资产安全解决方案
+> 来自 https://github.com/slowmist/cryptocurrency-security
+
+![](/images/Cryptocurrency-Security.png "慢雾加密资产安全解决方案")
+
+
+
+
+
+

content/security_research/blockchain_security/tools.md

@@ -0,0 +1,188 @@
+---
+title: 安全工具
+weight: 4
+description: 区块链/Web3安全工具
+keywords:
+ - smart contract security
+ - 智能合约安全
+ - Token 安全
+ - DeFi 安全
+ - Web3安全工具
+---
+
+> 内容主要来自 [Web3-Security-Tools](https://github.com/Quillhash/Web3-Security-Tools)，做部分补充
+
+## 总览
+![](/images/Web3_Security_Tools.png "区块链/Web3安全工具")
+
+## VM相关
+- [ZIION VM](https://www.ziion.org/)
+
+## 区块链取证工具
+
+### 区块链浏览器
+
+- [Etherscan](https://etherscan.io/)
+- [btc.com](https://btc.com/)
+- [Bscscan](https://bscscan.com/)
+- [Polygonscan](https://polygonscan.com/)
+- *通用浏览器*
+    1. [Blockchain.com](https://www.blockchain.com/explorer)
+    2. [Blockchair.com](https://blockchair.com/)
+
+### 智能合约反编译
+
+- [Dedaub](https://library.dedaub.com/decompile)
+- [Panoramix](https://github.com/palkeo/panoramix)
+- [abi-decompiler](https://github.com/Decurity/abi-decompiler)
+- [Eveem](http://www.eveem.org/) Solidity反编译器
+
+
+### 浏览器插件
+
+- [Tenderly](https://chrome.google.com/webstore/detail/tenderly-debugger/miiolgcpknpjjfagkaddfgakbdenenfn)
+- [MetaDock](https://chrome.google.com/webstore/detail/metadock/fkhgpeojcbhimodmppkbbliepkpcgcoo)
+- [Sentio](https://chromewebstore.google.com/detail/sentio/kkdofmcnddcnldoingfpiojnnkdcbhnf)
+- [Blockchair](https://chrome.google.com/webstore/detail/blockchair/fhhkkooikehnkaodebbfnkinedlllcfk)
+- [Impersonator](https://chrome.google.com/webstore/detail/impersonator/hgihfkmoibhccfdohjdbklmmcknjjmgl)
+
+### Rug 检查工具
+
+- [Rug Pull Finder](https://www.rugpullfinder.io/confirmedrugpulls)
+- [bscheck](http://bscheck.eu/)
+- [rugscreen](http://rugscreen.com/)
+- [QuillCheck](https://quillaudits.com/tools/quillcheck/)
+- [poocoin’s rugcheck](https://poocoin.app/rugcheck)
+- [tokensniffer](https://tokensniffer.com/)
+- [rugpulldetector](http://rugpulldetector.com/)
+- [rugdoc honeypot checker](https://rugdoc.io/honeypot/)
+
+### Txn 可视化工具
+
+- [MistTrack](https://misttrack.io/)
+- [ethtx.info](https://ethtx.info/)
+- [Front-running explorer](https://zeromev.org/)
+- [Phalcon BlockSec](https://phalcon.blocksec.com/?s=09)
+- [Bitquery Explorer](https://explorer.bitquery.io/)
+- [Tx eth samczsun](https://tx.eth.samczsun.com/)
+- [Tenderly](https://tenderly.co/)
+- [Sentio](https://app.sentio.xyz/explorer)
+- [Socketscan](https://socketscan.io/)
+- [3D VR blockchain visualization](https://ethresear.ch/t/open-source-3d-and-vr-blockchain-visualizations/3297/2)
+- [eigenphi.io](https://eigenphi.io/)
+- [nansen.ai](https://nansen.ai)
+- [**Officer CIA’s Investigation tools list**](https://github.com/OffcierCia/On-Chain-Investigations-Tools-List)
+
+
+### Toke 流程可视化
+
+- [breadcrumbs.app](https://www.breadcrumbs.app/)
+- [bloxy.info](https://bloxy.info/)
+- [ethtective.com](http://ethtective.com/)
+
+
+### 杂项工具
+
+- [ETH Toolbox](https://eth-toolbox.com/)
+- [DethCode](https://github.com/dethcrypto/dethcode)
+- [Cryptocurrencies OSINT](https://start.me/p/ek4rxK/cryptocurrency-osint)
+- [DeBank](https://debank.com/)
+- [Tutela](https://tutela.xyz/)
+
+---
+
+## 智能合约审计工具
+
+### 测试框架
+
+- [Foundry](https://github.com/foundry-rs/foundry)
+- [Hardhat](https://hardhat.org/)
+- [Brownie](https://eth-brownie.readthedocs.io/en/stable/)
+- [Truffle](https://trufflesuite.com/)
+
+### Fuzzers
+
+- [Echidna](https://github.com/crytic/echidna)
+- [Foundry Fuzz](https://book.getfoundry.sh/forge/fuzz-testing)
+- [ChainFuzz](https://github.com/ChainSecurity/ChainFuzz)
+- [Harvey](https://mariachris.github.io/Pubs/FSE-2020-Harvey.pdf)
+- [sFuzz](https://ink.library.smu.edu.sg/cgi/viewcontent.cgi?article=6068&context=sis_research)
+
+### VS Code 插件
+
+- [Solidity Visual Developer](https://marketplace.visualstudio.com/items?itemName=tintinweb.solidity-visual-auditor)
+- [Slither VSC](https://marketplace.visualstudio.com/items?itemName=trailofbits.slither-vscode)
+- [Inline Bookmarks](https://github.com/tintinweb/vscode-inline-bookmarks)
+- [Solidity Metrics](https://marketplace.visualstudio.com/items?itemName=tintinweb.solidity-metrics)
+- [EthOver](https://marketplace.visualstudio.com/items?itemName=tintinweb.vscode-ethover)
+- [GraphViz Interactive Preview](https://marketplace.visualstudio.com/items?itemName=tintinweb.graphviz-interactive-preview)
+- [Mythx VSC](https://marketplace.visualstudio.com/items?itemName=MythX.mythxvsc)
+- [Remix VSC](https://marketplace.visualstudio.com/items?itemName=RemixProject.ethereum-remix)
+
+### 格式化及格式检查
+
+- [EthLint](https://github.com/duaraghav8/Ethlint)
+- [solidity-coverage](https://github.com/sc-forks/solidity-coverage)
+- [Prettier](https://prettier.io/) + [Solidity Plugin](https://github.com/prettier-solidity/prettier-plugin-solidity)
+- [Doc-Gen](https://mtmacdonald.github.io/docgen/docs/index.html)
+- [Solhint](https://github.com/protofire/solhint)
+- [sol function profiler](https://github.com/EricR/sol-function-profiler)
+- [BSOL](https://github.com/Giulio2002/bsol) 一个为Solidity代码片段和智能合约编写基准测试的工具
+
+### 可视化工具
+
+- [Solidity Visual Developer](https://marketplace.visualstudio.com/items?itemName=tintinweb.solidity-visual-auditor)
+- [Sūrya](https://github.com/ConsenSys/surya)
+- [Solgraph](https://github.com/raineorshine/solgraph)
+- [EVM Lab](https://github.com/ethereum/evmlab)
+- [Ethereum-graph-debugger](https://github.com/fergarrui/ethereum-graph-debugger)
+
+### 动静态分析
+
+- [Slither](https://github.com/crytic/slither)
+- [MythX](https://mythx.io/)
+- [Mythril](https://github.com/ConsenSys/mythril)
+- [Manticore](https://github.com/trailofbits/manticore)
+- [securify2](https://github.com/eth-sri/securify2)
+- [Eth Security Toolbox](https://github.com/trailofbits/eth-security-toolbox)
+- [smartcheck](https://github.com/smartdec/smartcheck)
+- [solidityscan.com](https://solidityscan.com/)
+- [Fuzzinglab’s Octopus](https://github.com/FuzzingLabs/octopus)
+- [Pakala](https://github.com/palkeo/pakala) 以太坊攻击性漏洞扫描器，详见[使用Pakala窃取以太坊](https://www.palkeo.com/en/projets/ethereum/stealing_ether.html)
+- [Karl](https://github.com/cleanunicorn/karl) 智能合约安全漏洞检查工具
+- [Verisol](https://github.com/microsoft/verisol) 来自微软的Solidity智能合约的正式验证和分析工具
+
+### 审计指南
+
+- [The Auditors Book](https://theauditorbook.com/)
+- [Solodit.xyz](https://solodit.xyz/dashboard)
+- [Audit Hero](https://audit-hero.com/search-findings)
+- [Solidity Attack Vectors](https://github.com/Quillhash/Solidity-Attack-Vectors)
+- [Audit Checklist](https://github.com/tamjid0x01/SmartContracts-audit-checklist)
+- [Awesome Solidity Gas Optimizations](https://github.com/iskdrews/awesome-solidity-gas-optimization)
+- [Secureum Blogs](https://substack.com/profile/23643769-rajeev-secureum)
+- [Diligence - Smart Contract Best Practices](https://consensys.github.io/smart-contract-best-practices/attacks/)
+- [Blockchain Hacking QuickStart Guide](https://start.blockchainhax.com)
+- [How to Become a Smart Contract Auditor by Cmichel](https://cmichel.io/how-to-become-a-smart-contract-auditor/)
+
+---
+
+## 钱包安全
+- [Stelo Labs](https://stelolabs.com/)
+- [BlowFish](https://blowfish.xyz/)
+- [Pocket Universe](https://www.pocketuniverse.app/)
+- [Wallet Guard](https://walletguard.app/)
+- [Interlock](https://www.interlock.network/)
+- [Revoke.cash](https://revoke.cash/)
+- [Novus](https://www.usenovus.io)
+- [Web3 Antivirus](https://web3antivirus.io/)
+- [PeckShield Alert](https://chrome.google.com/webstore/detail/peckshieldalert/dakkielolpafjbgnjnakddabmbbkcioe)
+
+
+### 更多参考
+
+[https://github.com/OffcierCia/On-Chain-Investigations-Tools-List](https://github.com/OffcierCia/On-Chain-Investigations-Tools-List)   
+[https://github.com/shantanhunt/Smart-Contract-Auditor-Tools-and-Techniques](https://github.com/shantanhunt/Smart-Contract-Auditor-Tools-and-Techniques)   
+[https://github.com/Anugrahsr/Awesome-web3-Security](https://github.com/Anugrahsr/Awesome-web3-Security) </br>
+[https://github.com/RektifyAI/auditing-demystified](https://github.com/RektifyAI/auditing-demystified)
+

content/security_research/blockchain_security/train_and_learning.md

@@ -0,0 +1,38 @@
+---
+title: 学习与培训
+weight: 3
+description: 区块链/Web3安全学习与培训资源
+keywords:
+ - smart contract security
+ - 智能合约安全
+ - Token 安全
+ - DeFi 安全
+ - DeFi Security
+---
+
+## CTF与靶场
+- [damn vulnerable defi](https://github.com/OpenZeppelin/damn-vulnerable-defi)
+- [Ethernaut Solutions](https://cmichel.io/ethernaut-solutions/)
+- [Capture The Ether Solutions](https://cmichel.io/capture-the-ether-solutions/)
+- [DeFi-Security-Summit-Stanford](https://github.com/secureum/DeFi-Security-Summit-Stanford)
+- [Smart Contract Hacker Playground](https://github.com/thec00n/Smart-Contract-Hacker-Playground)
+- [Hacking-Smart-Contracts](https://github.com/Innovation-Web-3-0-Blockchain/Hacking-Smart-Contracts)
+- [Blocksec CTFs](https://github.com/blockthreat/blocksec-ctfs)
+
+
+## 相关课程/roadmap
+- [Web3安全讲座汇编](https://github.com/YAcademy-Residents/web3-security-talks)
+- [web3-security-roadmap](https://github.com/mattaereal/my-web3-security-roadmap)
+- [Solidity Security By Example](https://github.com/serial-coder/solidity-security-by-example)
+- [blockchain-security](https://github.com/hoytech/blockchain-security)
+- [Blockchain-Security-Papers](https://github.com/MiaZmy1221/Blockchain-Security-Papers)
+
+
+## 书籍
+- [智能合约安全分析和审计指南](https://book.douban.com/subject/34613820/)
+
+
+
+
+
+