Move Audit Resources

This repository contains a curated collection of resources focused on auditing Move smart contracts. It includes tools, best practices, checklists, and guidelines to help developers and auditors ensure the security and reliability of Move-based projects

move security blogs (OtterSec)

• an auditor's introduction : https://osec.io/blog/2022-09-06-move-introduction
• move prover : https://osec.io/blog/2022-09-16-move-prover
• unique aspects of the move : https://x.com/osec_io/status/1641543816581726209

move security blogs (zellic)

• the billion dollar move bug : https://www.zellic.io/blog/the-billion-dollar-move-bug
• top 10 aptos move bugs : https://www.zellic.io/blog/top-10-aptos-move-bugs
• move fast break things move security part 1 : https://www.zellic.io/blog/move-fast-and-break-things-pt-1
• move fast break things move security part 2 : https://www.zellic.io/blog/move-fast-break-things-move-security-part-2

move language security analysis (SharkTeam)

• chapter 1 : https://www.sharkteam.org/report/analysis/20221114001A_en.pdf
• chapter 2 : https://www.sharkteam.org/report/analysis/20221118001A_en.pdf
• chapter 3 : https://www.sharkteam.org/report/analysis/20221125001A_en.pdf
• chapter 4 : https://www.sharkteam.org/report/analysis/20221202001A_en.pdf
• chapter 5 : https://www.sharkteam.org/report/analysis/20221212001A_en.pdf
• chapter 6 : https://www.sharkteam.org/report/analysis/20230103001A_en.pdf
• chapter 8 : https://www.sharkteam.org/report/analysis/20230130001A_en.pdf
• chapter 9 : https://www.sharkteam.org/report/analysis/20230216001A_en.pdf
• chapter 10 : https://www.sharkteam.org/report/analysis/20230224001A_en.pdf
• other : https://www.sharkteam.org/report/analysis/20221013001A_en.pdf

move security guidelines (Aptos)

• https://aptos.dev/en/build/smart-contracts/move-security-guidelines

formal verification of smart contracts with the move prover

• https://aptos.dev/en/build/smart-contracts/prover

move and sui security assessment

• https://github.com/sui-foundation/security-audits/blob/main/docs/Move%20and%20Sui%20Security%20Assessment%20-%20Zellic%20Audit%20Report.pdf

tools (MoveBit)

• sui move analyzer : https://www.movebit.xyz/analyzer
• aptos move analyzer : https://www.movebit.xyz/AptosMoveAnalyzer
• aptos move formatter : https://www.movebit.xyz/AptosMoveFormatter
• move web IDE : https://www.movebit.xyz/MoveWebIDE
• move scanner : https://www.movebit.xyz/MoveScanner
• sui contract source verifier : https://www.movebit.xyz/ContractSourceVerifier

sui fuzzer (FuzzingLabs)

• https://github.com/FuzzingLabs/sui-fuzzer

other articles

• sandwich attacks : https://x.com/Move__jay/status/1798496048416952664

move ecosystem audit companies

• OtterSec : https://osec.io
• Zellic : https://www.zellic.io
• MoveBit : https://movebit.xyz
• SharkTeam : https://www.sharkteam.org

License

MIT © 0xriazaka