I’m a novice bug hunter, and have recently gained interest in blockchain implementation bugs . However, after googling for quite some time now, I have only come across millions of smart contract exploitation guides, news about blockchains being hacked, smart contract ctfs etc. I have also come across several papers that enumerate common blockchain vulnerabilities, however, they only do exactly what they say - enumerate. They provide a high-level, abstract view of each of the vulnerabilities without saying how to find them, or even exploit them.
I would be grateful if one could link a resource or two that could help a beginner like me get into this new and exciting field.
Hello there, I just made a informational repo trying to help people like you in mind. Here is the link to the repo feel free to create pull requests and suggest adding more resources to the repository https://gitlab.com/0xatul/resources-for-blockchain
It’s cool to learn about the basic high-impact vulns like reentrancy, insecure visibility, integer overflows etc. but it’s unlikely you’re gonna find bugs like that on mature, well-tested smart contract bug bounty programs. I’m just getting started myself, and I’m finding it very useful to read published audit reports (pretty much all DApps publish their audit reports) and scrolling down to the medium/low severity bugs. That way, you can find examples of weaknesses you’re not going to see if you just Google “smart contract hacking”. While these are not as cool and critical, you are much for likely to find them in the wild.
Also, here’s a great resource (basically the CWE for smart contracts): https://swcregistry.io/