slither
mythril
Our great sponsors
slither | mythril | |
---|---|---|
36 | 12 | |
4,992 | 3,706 | |
2.1% | 0.9% | |
9.5 | 8.2 | |
1 day ago | 8 days ago | |
Python | Python | |
GNU Affero General Public License v3.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
slither
-
Hidden Risks Lurking in Ethereum's Smart Contract Proxies
Yes exactly! However, >99% of the time this wouldn't happen unintentionally, and typically static analysis frameworks will detect function clashing like slither: https://github.com/crytic/slither.
- Slither 0.9.3 is out - improvements to the detectors, solidity support and more
-
Are there cases where installing a command line tool via pipx won't work, but installing via pip will?
I don't know these tools but took a look at the slither-analyze deps, and see that solc-select is not a hard dependency, but part of the extra dep group called dev. So with a normal pipx install slither-analyze, solc-select is probably absent from the relevant venv.
-
WTS: certiK audit credit ?
Congrats, you just wasted money for an audit you could have done for free with https://github.com/crytic/slither.
-
Crypto devs, what tools am I missing? Trying to build a decent list of dev resources.
Vulnerability Infrastructure: Slither
-
Solidity documentation using AI
What are the differences of your solution to `slither documentation`?
- Slither 0.9.2: finds bugs and auto-creates docs with GPT
mythril
-
Fuzzing Around: Better Smart Contract Testing through the Power of Random Inputs
Fuzzing has been around for a while in traditional full-stack development, but a new class of tools is here that can apply fuzzing to smart contract testing in web3. Some of the fuzzing tools include the open source Echidna and MythX.
-
Mythril an easy way to audit your smart contracts.
Mythril is part of the core tools of Consensys Mythx one of the biggest Smart Contract security services for Ethereum, which main goal is to ensure development teams avoid costly errors and make Ethereum more secure and trustworthy… or at least that is what their page says.
-
How do you guarantee the security of your smart contracts?
Other than audits and testing, there's automated security checking: https://github.com/ConsenSys/mythril I'm yet to try this in one of my projects
-
Launching your Ethereum dApp on Avalanche
Mythril
-
A Comprehensive Guide on Web3 Programming Languages and Tools
MythX, Mythril, Manticore, and Echidna are other tools for security audits.
-
Tools to verify solidity code
Smart Contract Weakness Classification and Test Cases: https://swcregistry.io/ OKO Contract Explorer: https://oko.palkeo.com/txview Slither: https://github.com/crytic/slither MythX: https://mythx.io/ Tenderly: https://tenderly.dev/ Spot check program: https://docs.google.com/document/d/16...
-
Static analysis of smartcontracts?
There are some paid tools and some free ones. A few that come to mind are ConsenSys MythX (based in part on the open-source Mythril), ShiftLeft, Oyente, Octopus… maybe best to just check out ETHSecurity’s list.
-
Formal Verification Methods in industry
When you say "formal verification methods", what kind of techniques are you interested in? While using interactive theorem provers will most likely not become very widespread, there are plenty of tools that use formal techniques to give more correctness guarantees. These tools might give some guarantees, but do not guarantee complete functional correctness. WireGuard (VPN tunnel) is I think a very interesting application where they verified the protocol. There are also some tools in use, e.g. Mythril and CrossHair, that focus on detecting bugs using symbolic execution. There's also INFER from Facebook/Meta which tries to verify memory safety automatically. The following GitHub repo might also interest you, it lists some companies that use formal methods: practical-fm
-
Please check this if you are looking for a good tokenomics project.
- Audited by MythX.io
-
What kind of Ethereum node/API/setup do I need for these use cases?
ability to run security analysis on contracts using for .e.g. https://github.com/ConsenSys/mythril
What are some alternatives?
solc-select - Manage and switch between Solidity compiler versions
manticore - Symbolic execution tool
truffle - :warning: The Truffle Suite is being sunset. For information on ongoing support, migration options and FAQs, visit the Consensys blog. Thank you for all the support over the years.
echidna - Ethereum smart contract fuzzer
smart-contract-best-practices - A guide to smart contract security best practices
eth-security-toolbox - A Docker container preconfigured with all of the Trail of Bits Ethereum security tools.
pyteal - Algorand Smart Contracts in Python
publications - Publications from Trail of Bits
tatum-js - 🚀 Tatum SDK: A 💪 powerful, 🌟 feature-rich TypeScript/JavaScript 📚 library that streamlines the 🛠️ development of 🌐 blockchain applications.
chai - BDD / TDD assertion framework for node.js and the browser that can be paired with any testing framework.