Permalink
Switch branches/tags
Find file Copy path
36 lines (26 sloc) 3.23 KB

Visualization

  • Sūrya - Utility tool for smart contract systems, offering a number of visual outputs and information about the contracts' structure. Also supports querying the function call graph.
  • Solgraph - Generates a DOT graph that visualizes function control flow of a Solidity contract and highlights potential security vulnerabilities.
  • EVM Lab - Rich tool package to interact with the EVM. Includes a VM, Etherchain API, and a trace-viewer.
  • ethereum-graph-debugger - A graphical EVM debugger. Displays the entire program control flow graph.

Static and Dynamic Analysis

  • Mythril Classic - Open-source security analyzer for Solidity code and on-chain smart contracts.
  • Mythril Platform - SaaS platform that allows anyone to build purpose-built security tools.
  • Slither - Static analysis framework with detectors for many common Solidity issues. It has taint and value tracking capabilities and is written in Python.
  • Echidna - The only available fuzzer for Ethereum software. Uses property testing to generate malicious inputs that break smart contracts.
  • Manticore - Dynamic binary analysis tool with EVM support.
  • Oyente - Analyze Ethereum code to find common vulnerabilities, based on this paper.
  • Securify - Fully automated online static analyzer for smart contracts, providing a security report based on vulnerability patterns.
  • SmartCheck - Static analysis of Solidity source code for security vulnerabilities and best practices.
  • Octopus - Security Analysis tool for Blockchain Smart Contracts with support of EVM and (e)WASM.

Weakness OSSClassifcation & Test Cases

  • SWC-registry - SWC definitions and a large repository of crafted and real-world samples of vulnerable smart contracts.
  • SWC Pages - The SWC-registry repo published on Github Pages

Test Coverage

Linters

Linters improve code quality by enforcing rules for style and composition, making code easier to read and review.

  • Solcheck - A linter for Solidity code written in JS and heavily inspired by eslint.
  • Solint - Solidity linting that helps you enforce consistent conventions and avoid errors in your Solidity smart-contracts.
  • Solium - Yet another Solidity linting.
  • Solhint - A linter for Solidity that provides both Security and Style Guide validations.