practical-fm
mythril
Our great sponsors
practical-fm | mythril | |
---|---|---|
4 | 12 | |
460 | 3,717 | |
- | 1.2% | |
4.1 | 8.1 | |
about 1 month ago | 6 days ago | |
Python | ||
- | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
practical-fm
-
We Need Simpler Types (speculations on what can be improved in future type systems and on erasing the boundaries between types and values)
https://github.com/ligurio/practical-fm Look for Coq, Agda, Idris, MS - F*.
-
Interested in pursuing a PhD in Formal Methods
Does your current company have FM positions? Maybe you could work and learn at the same time. There are a lot of big name companies that are really investing in FM now that more tools are available. Here’s a list someone compiled that can give you an idea of where it’s being used in industry. I see some info is not quite up-to-date (e.g., IBM does have FM, or formal verification, in the US but I think most research is out of their Israel lab; Rockwell Collins is now Collins Aerospace after being acquired by UTC Aerospace).
-
Formal Verification Methods in industry
When you say "formal verification methods", what kind of techniques are you interested in? While using interactive theorem provers will most likely not become very widespread, there are plenty of tools that use formal techniques to give more correctness guarantees. These tools might give some guarantees, but do not guarantee complete functional correctness. WireGuard (VPN tunnel) is I think a very interesting application where they verified the protocol. There are also some tools in use, e.g. Mythril and CrossHair, that focus on detecting bugs using symbolic execution. There's also INFER from Facebook/Meta which tries to verify memory safety automatically. The following GitHub repo might also interest you, it lists some companies that use formal methods: practical-fm
- A list of companies that use formal verification methods
mythril
-
Fuzzing Around: Better Smart Contract Testing through the Power of Random Inputs
Fuzzing has been around for a while in traditional full-stack development, but a new class of tools is here that can apply fuzzing to smart contract testing in web3. Some of the fuzzing tools include the open source Echidna and MythX.
-
Mythril an easy way to audit your smart contracts.
Mythril is part of the core tools of Consensys Mythx one of the biggest Smart Contract security services for Ethereum, which main goal is to ensure development teams avoid costly errors and make Ethereum more secure and trustworthy… or at least that is what their page says.
-
How do you guarantee the security of your smart contracts?
Other than audits and testing, there's automated security checking: https://github.com/ConsenSys/mythril I'm yet to try this in one of my projects
-
Launching your Ethereum dApp on Avalanche
Mythril
-
A Comprehensive Guide on Web3 Programming Languages and Tools
MythX, Mythril, Manticore, and Echidna are other tools for security audits.
-
Tools to verify solidity code
Smart Contract Weakness Classification and Test Cases: https://swcregistry.io/ OKO Contract Explorer: https://oko.palkeo.com/txview Slither: https://github.com/crytic/slither MythX: https://mythx.io/ Tenderly: https://tenderly.dev/ Spot check program: https://docs.google.com/document/d/16...
-
Static analysis of smartcontracts?
There are some paid tools and some free ones. A few that come to mind are ConsenSys MythX (based in part on the open-source Mythril), ShiftLeft, Oyente, Octopus… maybe best to just check out ETHSecurity’s list.
-
Formal Verification Methods in industry
When you say "formal verification methods", what kind of techniques are you interested in? While using interactive theorem provers will most likely not become very widespread, there are plenty of tools that use formal techniques to give more correctness guarantees. These tools might give some guarantees, but do not guarantee complete functional correctness. WireGuard (VPN tunnel) is I think a very interesting application where they verified the protocol. There are also some tools in use, e.g. Mythril and CrossHair, that focus on detecting bugs using symbolic execution. There's also INFER from Facebook/Meta which tries to verify memory safety automatically. The following GitHub repo might also interest you, it lists some companies that use formal methods: practical-fm
-
Please check this if you are looking for a good tokenomics project.
- Audited by MythX.io
-
What kind of Ethereum node/API/setup do I need for these use cases?
ability to run security analysis on contracts using for .e.g. https://github.com/ConsenSys/mythril
What are some alternatives?
magmide - A dependently-typed proof language intended to make provably correct bare metal code possible for working software engineers.
manticore - Symbolic execution tool
ouroboros-high-assurance - High-assurance implementation of the Ouroboros protocol family
truffle - :warning: The Truffle Suite is being sunset. For information on ongoing support, migration options and FAQs, visit the Consensys blog. Thank you for all the support over the years.
CommunityModules - TLA+ snippets, operators, and modules contributed and curated by the TLA+ community
slither - Static Analyzer for Solidity and Vyper
hacl-star - HACL*, a formally verified cryptographic library written in F*
smart-contract-best-practices - A guide to smart contract security best practices
silveroak - Formal specification and verification of hardware, especially for security and privacy.
solc-select - Manage and switch between Solidity compiler versions
timewinder - Temporal Logic of Actions in Rust via Starlark
pyteal - Algorand Smart Contracts in Python