building-secure-contracts
slither
building-secure-contracts | slither | |
---|---|---|
10 | 36 | |
2,076 | 5,019 | |
0.6% | 1.5% | |
8.4 | 9.6 | |
9 days ago | 3 days ago | |
Solidity | Python | |
GNU Affero General Public License v3.0 | GNU Affero General Public License v3.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
building-secure-contracts
-
Smart Contract Security Field Guide
I appreciate how organized the Consensys guide is laid out. It's pretty easy to read. Trail of Bits has a similar guide that is a little more in-the-weeds technically. It also covers, what we think is, essential background about certain automated analysis techniques like static analysis and how fuzzers work. Check it out!
https://secure-contracts.com/
- Trail of Bits Building Secure Contracts: Now with support for Cosmos
- Trail of Bits Building Secure Contracts: Now with support for Substrate
- New release of Building-secure-contracts: it introduces not so smart contracts for Algorand/Cairo/Cosmos/Substrate - a set of common vulnerabilities for these chains. The release contains also new training materials for Echidna and new guidelines
- Trail of Bits added Algorand to their "Building Secure Contracts" developer guide
-
Launching your Ethereum dApp on Avalanche
We highly recommend using at least one of them if professional contract security review is not possible. A more comprehensive look into secure development practices can be found here.
-
Smart Contract Exploitation Repository
If you need more reading about building secure smart contracts and auditing workflows, see here: https://github.com/crytic/building-secure-contracts
- Any recommendations for smart contract auditing ?
slither
-
Hidden Risks Lurking in Ethereum's Smart Contract Proxies
Yes exactly! However, >99% of the time this wouldn't happen unintentionally, and typically static analysis frameworks will detect function clashing like slither: https://github.com/crytic/slither.
- Slither 0.9.3 is out - improvements to the detectors, solidity support and more
-
Are there cases where installing a command line tool via pipx won't work, but installing via pip will?
I don't know these tools but took a look at the slither-analyze deps, and see that solc-select is not a hard dependency, but part of the extra dep group called dev. So with a normal pipx install slither-analyze, solc-select is probably absent from the relevant venv.
-
WTS: certiK audit credit ?
Congrats, you just wasted money for an audit you could have done for free with https://github.com/crytic/slither.
-
Crypto devs, what tools am I missing? Trying to build a decent list of dev resources.
Vulnerability Infrastructure: Slither
-
Solidity documentation using AI
What are the differences of your solution to `slither documentation`?
- Slither 0.9.2: finds bugs and auto-creates docs with GPT
What are some alternatives?
eth-security-toolbox - A Docker container preconfigured with all of the Trail of Bits Ethereum security tools.
solc-select - Manage and switch between Solidity compiler versions
pooltogether-community-ui - UI to use when creating your own custom pools, prize strategies or as reference code for integrating your own pools.
manticore - Symbolic execution tool
coreth - Code and wrapper to extract Ethereum blockchain functionalities without network/consensus, for building custom blockchain services.
echidna - Ethereum smart contract fuzzer
avalanche-faucet - Avalanche Faucet for Fuji Network and Subnets.
mythril - Security analysis tool for EVM bytecode. Supports smart contracts built for Ethereum, Hedera, Quorum, Vechain, Rootstock, Tron and other EVM-compatible blockchains.
avalanchego - Go implementation of an Avalanche node.
publications - Publications from Trail of Bits