bitsquatting
slither
bitsquatting | slither | |
---|---|---|
1 | 36 | |
7 | 5,040 | |
- | 1.9% | |
0.0 | 9.6 | |
over 1 year ago | 3 days ago | |
Python | Python | |
The Unlicense | GNU Affero General Public License v3.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
bitsquatting
-
How exactly is Ethereum networking, ENS etc. prone to bitsquatting?
I've made a small repo with a helper script for generating permutations of an ENS domain that differ by 1-bit from the original domain. So a potential attack vector could be the following: The attacker could bitsquat popular ens domains, register them, and could receive a very small portion of the transactions meant for someone else.
slither
-
Hidden Risks Lurking in Ethereum's Smart Contract Proxies
Yes exactly! However, >99% of the time this wouldn't happen unintentionally, and typically static analysis frameworks will detect function clashing like slither: https://github.com/crytic/slither.
- Slither 0.9.3 is out - improvements to the detectors, solidity support and more
-
Are there cases where installing a command line tool via pipx won't work, but installing via pip will?
I don't know these tools but took a look at the slither-analyze deps, and see that solc-select is not a hard dependency, but part of the extra dep group called dev. So with a normal pipx install slither-analyze, solc-select is probably absent from the relevant venv.
-
WTS: certiK audit credit ?
Congrats, you just wasted money for an audit you could have done for free with https://github.com/crytic/slither.
-
Crypto devs, what tools am I missing? Trying to build a decent list of dev resources.
Vulnerability Infrastructure: Slither
-
Solidity documentation using AI
What are the differences of your solution to `slither documentation`?
- Slither 0.9.2: finds bugs and auto-creates docs with GPT
What are some alternatives?
ContentHash for Python - Python implementation of EIP 1577 content hash
solc-select - Manage and switch between Solidity compiler versions
vyper - Pythonic Smart Contract Language for the EVM
manticore - Symbolic execution tool
ccxt - A JavaScript / TypeScript / Python / C# / PHP cryptocurrency trading API with support for more than 100 bitcoin/altcoin exchanges
echidna - Ethereum smart contract fuzzer
mythril - Security analysis tool for EVM bytecode. Supports smart contracts built for Ethereum, Hedera, Quorum, Vechain, Rootstock, Tron and other EVM-compatible blockchains.
Crypto-Signal - Github.com/CryptoSignal - Trading & Technical Analysis Bot - 4,100+ stars, 1,100+ forks
eth-security-toolbox - A Docker container preconfigured with all of the Trail of Bits Ethereum security tools.
publications - Publications from Trail of Bits
chai - BDD / TDD assertion framework for node.js and the browser that can be paired with any testing framework.