whatisgithub

What is knowledge-base?

slowmist/knowledge-base — explained in plain English

Analysis updated 2026-06-26

4,552Audience · researcherComplexity · 1/5Setup · easy

In one sentence

A public knowledge base from blockchain security firm SlowMist containing research on crypto exchange attack patterns, smart contract audit reports, zero-knowledge proof vulnerabilities, and AI security topics, with content in Chinese and English.

Mindmap

mindmap
  root((SlowMist KB))
    Attack research
      False top-up attacks
      Exchange vulnerabilities
      ZK proof bugs
    Audit reports
      Published engagements
      Smart contract audits
    Platforms covered
      Bitcoin Ethereum EOS
      Solana SUI Aptos
      Toncoin Monero
    AI security
      AI agent security
      MCP server checklists
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Learn how false top-up attacks trick cryptocurrency exchanges into crediting unreal deposits and how to prevent them

USE CASE 2

Read published security audit reports from real blockchain project engagements

USE CASE 3

Study mind maps of attack and defense patterns for decentralized exchanges and DeFi applications

USE CASE 4

Find security checklists for building or auditing smart contracts on Solana, Ethereum, SUI, or Aptos

How does it compare?

slowmist/knowledge-basechentao0707/simplifyreaderjamesturland/jimsgarage
Stars4,5524,5524,552
LanguageJavaShell
Setup difficultyeasyhardmoderate
Complexity1/53/52/5
Audienceresearcherdeveloperops devops

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · easy Time to first run · 5min

So what is it?

SlowMist is a blockchain security company, and this repository is their public knowledge base. It collects research, guides, audit reports, and translated documents that the team has produced over the years. The stated goal is to act as security infrastructure for the blockchain world, and the team shares its findings openly rather than keeping them internal. The content is organized into several categories. The first covers blockchain security research across major networks including Bitcoin, Ethereum, EOS, Monero, and others. A notable focus is a class of attack called false top-up, where an attacker tricks a cryptocurrency exchange into crediting a deposit that was never actually received. The team has documented these techniques for USDT, EOS, XRP, Ethereum tokens, Bitcoin, Monero, and Solana, among others, and provides security auditing services to exchanges to help prevent them. Another section covers zero-knowledge proofs and cryptographic vulnerabilities, which are advanced topics in how modern blockchain systems prove things without revealing sensitive data. Research here includes vulnerabilities in specific proof systems and cryptographic libraries. The repository also includes a growing AI security section covering both using AI for security work and securing AI systems themselves. Linked sub-projects include security checklists for AI agent tools (called MCP servers) and tools for tracing cryptocurrency transactions. Additional sections contain open audit reports that SlowMist has published from past engagements, practical security guides for Web3 projects and smart contracts across multiple blockchain platforms (Solana, Toncoin, SUI, Aptos, AAVE, and others), and a set of mind maps visualizing attack and defense patterns for decentralized applications and exchanges. Much of the content is bilingual, with both Chinese and English text throughout.

Copy-paste prompts

Prompt 1
Explain the false top-up attack on cryptocurrency exchanges. What techniques does SlowMist document for USDT, Ethereum tokens, and Bitcoin, and what defenses should an exchange implement?
Prompt 2
I am building a Solana smart contract. What are the most common security vulnerabilities I should check for based on the SlowMist knowledge base?
Prompt 3
What are zero-knowledge proof vulnerabilities? Summarize the classes of bugs SlowMist has researched in ZK proof systems and cryptographic libraries.
Prompt 4
I am auditing a Web3 project on Ethereum. Use the SlowMist security checklist to give me a list of the most important things to review in the smart contract code.

Frequently asked questions

What is knowledge-base?

A public knowledge base from blockchain security firm SlowMist containing research on crypto exchange attack patterns, smart contract audit reports, zero-knowledge proof vulnerabilities, and AI security topics, with content in Chinese and English.

How hard is knowledge-base to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is knowledge-base for?

Mainly researcher.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.