mythril VS smart-contract-best-practices

Fuzzing has been around for a while in traditional full-stack development, but a new class of tools is here that can apply fuzzing to smart contract testing in web3. Some of the fuzzing tools include the open source Echidna and MythX.

Mythril is part of the core tools of Consensys Mythx one of the biggest Smart Contract security services for Ethereum, which main goal is to ensure development teams avoid costly errors and make Ethereum more secure and trustworthy… or at least that is what their page says.

Other than audits and testing, there's automated security checking: https://github.com/ConsenSys/mythril I'm yet to try this in one of my projects

Mythril

MythX, Mythril, Manticore, and Echidna are other tools for security audits.

Smart Contract Weakness Classification and Test Cases: https://swcregistry.io/ OKO Contract Explorer: https://oko.palkeo.com/txview Slither: https://github.com/crytic/slither MythX: https://mythx.io/ Tenderly: https://tenderly.dev/ Spot check program: https://docs.google.com/document/d/16...

There are some paid tools and some free ones. A few that come to mind are ConsenSys MythX (based in part on the open-source Mythril), ShiftLeft, Oyente, Octopus… maybe best to just check out ETHSecurity’s list.

When you say "formal verification methods", what kind of techniques are you interested in? While using interactive theorem provers will most likely not become very widespread, there are plenty of tools that use formal techniques to give more correctness guarantees. These tools might give some guarantees, but do not guarantee complete functional correctness. WireGuard (VPN tunnel) is I think a very interesting application where they verified the protocol. There are also some tools in use, e.g. Mythril and CrossHair, that focus on detecting bugs using symbolic execution. There's also INFER from Facebook/Meta which tries to verify memory safety automatically. The following GitHub repo might also interest you, it lists some companies that use formal methods: practical-fm

- Audited by MythX.io

ability to run security analysis on contracts using for .e.g. https://github.com/ConsenSys/mythril

Then i delved into best practises (https://consensys.github.io/smart-contract-best-practices/) and patterns (https://fravoll.github.io/solidity-patterns/) to improve.

Search for solidity exploits on Google, useful one: https://consensys.github.io/smart-contract-best-practices/ there are a lot of possible exploits so deploying one by yourself without audits is a no-go imo

Consensys' Smart Contract Best Practices is a good start for security related stuff (super important because you'll be dealing with people's money in smart contracts) https://consensys.github.io/smart-contract-best-practices/

The first question which any auditing interview concerns is mostly regarding what is your preferred audit process? Answers could be subjective, but I like to follow the industry standard as in this ‘Solcurity Standard’ article by Rari-Capital along with the Consensys’ best practices set of guidelines which pave a path for a thorough audit process.

Security should always be a major priority when developing smart contracts. Millions of dollars are lost to hackers on what seems like a regular basis. As a Web3 developer, you need to continuously stay up to date on the latest security best practices.

Solidity basics and best practices

Smart Contracts Best Practices