Public Oak Security Resources

Below you can find a list of resources related to security advisory and auditing. It includes interviews on general topics, talks at conferences, podcasts, and written articles.

For the reader’s convenience, resources have been classified into different categories depending on the technology that is discussed.

Working with us

📄 Our unique multi-layered approach to security audits.

📄 What is an audit? - Oak Security YouTube channel.

How to prepare for a security audit?

• 🎬 Oak Security YouTube channel, 2023.
• 📄 2021 written post.

🎬 Do You Even Audit? with Stefan Beyer.

• 🎧 Also available in iVoox.

General Security

✅ Personal Security for Blockchain Developers: compendium of recommendations for a secure setup of a blockchain developer's workstation.

📄 Exploring the Evolving Landscape of Web3 Security with Stefan Beyer.

🎬 The Confusing World of Smart Contract Security with Stefan Beyer at ETH Barcelona 2023.

🎬 The Sorry State of DeFi Security - Oak Security YouTube channel.

🎬 Blockchain Bridges, Hacks, and Security - Oak Security YouTube channel.

🎬 Security Best Practices.

• Slides.

🎧 BlockHash Podcast with Stefan Beyer.

🎧 BlockHash Podcast EP. 272 with Eduard Kotysh, founder of Solidified.

🎧 The Accountant Quits Podcast: Introduction to Smart Contract Audits with Stefan Beyer.

Solidity/EVM

✅ Ethereum/EVM audit checklist.

📄 What has changed in Smart Contract Security? A Five-Year Experience Report.

Deep dive into the main components of ERC-4337: Account Abstraction Using Alt Mempool

• 📄 Part 1.
• 📄 Part 2.
• 📄 Part 3.
• 📄 Part 4.

Analysis of Solidity/EVM vulnerabilities from our audits:

• 📄 Ether.fi critical issue

Cosmos SDK/CosmWasm

✅ CosmWasm audit checklist.

🎬 Learnings from 100+ CosmWasm Audits with Philip Stanislaus at AwesomWasm 2023.

🎬 Panel on CosmWasm Security with the participation of Philip Stanislaus at AwesomWasm 2023.

Oak Security Capture The Flag (CTF) - AwesomWasm 2023:

• 🎬 Online Event Kick-off
• 📄 Solution️ writeups Pt. 1.
• 📄 Solution️ writeups Pt. 2.

CosmWasm security spotlight series:

• 📄 #1 Unsaved storage changes.
• 📄 #2 Access controls.
• 📄 #3 Address validation and normalization.
• 📄 #4 Rounding issues

Analysis of CosmWasm vulnerabilities from our audits:

• 📄 Astroport Incentives
• 📄 Astroport transmuter pool

Analysis of Cosmos SDK vulnerabilities from our audits:

• 📄 ICS audit's critical issue 1
• 📄 ICS audit's critical issue 2
• 📄 Noble Tariff critical issue 1
• 📄 Noble Tariff critical issue 2
• 📄 Fairblock critical issue 1
• 📄 Fairblock critical issue 2

Insights From Incidents

📄 Lessons on Supply Chain Security that Can Be Learned From the Vyper Exploit.

📄 Give me Warnings! Tornado Cash’s Proposal Incident.

📄 About the recent Solana Private Key Scare: What Builders Can Learn.

Oak Branding and Logo/Media/Press Kit

See our logo directory.