GitHub - Dervoo/SolidityAuditToolsSecurity: Audit Tools

Security commands:

Run Slither -> npm run slither

Run Smartcheck -> npx smartcheck -p ./contracts

https://github.com/smartdec/smartcheck/tree/master/rule_descriptions

Verifying on Etherscan:

-> Fill env/secret.json with private data
-> Deploy contract: npx hardhat run --network <network_name> scripts/<file_name>.js
-> Verify deployed contract: npx hardhat verify --network <network_name> <contract_address> <constructor_arguments>

https://goerli.etherscan.io/address/0x00d8b563854d24BCD2f03164b6Fe8d5eBEb24026#code

Mainnet Fork:

-> Create script within scripts folder with functionalities
-> Run node with fork mainnet: npx hardhat node --fork <mainnet_url>
-> Run script: node scripts/<name_of_script>.js (in new terminal, DO NOT CLOSE node)

Gas Reporter:

-> Create tests for your contract functions that you are interested in
-> Use setup for marketcap API key from hardhat.config.js and run npx hardhat test
-> Get your report inside the repository called gas-report.txt

Solidity Coverage:

-> Create tests to cover their %% amount
-> Run npm run coverage to get outputs and results

Mythril:

-> pip3 install mythril
-> myth analyze (by default Mythril analyses for 24 hours, to make it faster add --execution-timeout )
-> if you are trying to use @openzepplin library you have to create file.json with the path, the example of that is remapping.json in home directory path and then you have to run command < myth analyze contracts/<contract_name>.sol --solc-json remapping.json --execution-timeout >
-> In the end it prints issues, if not then "No issues were detected."

Solidity Visual Developer:

-> Install Solidity Visual Developer extension
-> ctrl + shift + p -> type Surya and choose option

Can be used via Remix IDE -> Sourcify, MythX

Solhint: (you can set parameters in solhint.json and control the contract's format and behaviour)

-> npx solhint 'contracts/**/*.sol' -> checks all files
-> npx solhint contracts/File_Name.sol -> checks specific file

Manticore: (it takes a lot of time to produce the report)

-> pip install manticore
-> manticore . --contract <contract_name>

https://github.com/trailofbits/manticore/issues/1382
https://github.com/trailofbits/manticore/issues/705
https://github.com/trailofbits/manticore/pull/712

Vertigo: (few minutes)

-> pip3 install --user eth-vertigo
-> vertigo run --hardhat-parallel <number_of_networks_to_check>
!!! IMPORTANT !!! -> before running vertigo comment nearly all of the requires in hardhat config instead of hardhat waffle and hardhat ethers !!!

Octopus:

-> pip3 install octopus
-> WIP
https://github.com/FuzzingLabs/octopus

Example raports you can find in example_raports file

In addition create Forta listener on openzeppelin defender including media of your choice to get all information about suspicious behaviour.

Name		Name	Last commit message	Last commit date
Latest commit History 22 Commits
.github/workflows		.github/workflows
contracts		contracts
example_raports		example_raports
manticoreReport		manticoreReport
scripts		scripts
tasks		tasks
test		test
utils		utils
.gitignore		.gitignore
.prettierignore		.prettierignore
.prettierrc		.prettierrc
.solhint.json		.solhint.json
README.md		README.md
example.env		example.env
example.secret.json		example.secret.json
gas-report.txt		gas-report.txt
hardhat.config.js		hardhat.config.js
helper-hardhat-config.js		helper-hardhat-config.js
package-lock.json		package-lock.json
package.json		package.json
remapping.json		remapping.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

About

Releases

Packages

Languages

Dervoo/SolidityAuditToolsSecurity

Folders and files

Latest commit

History

Repository files navigation

About

Topics

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages