Static and Dynamic Analysis

  • MythX - MythX is a professional-grade cloud service that uses symbolic analysis and input fuzzing to detect common security bugs and verify the correctness of smart contract code. Using MythX requires an API key from
  • Mythril - The Swiss army knife for smart contract security.
  • Slither - Static analysis framework with detectors for many common Solidity issues. It has taint and value tracking capabilities and is written in Python.
  • Contract-Library - Decompiler and security analysis tool for all deployed contracts.
  • MadMax - Static analysis tool for gas DoS vulnerabilities.
  • Gigahorse - Fast binary lifter and program analysis framework written in Datalog.
  • Echidna - The only available fuzzer for Ethereum software. Uses property testing to generate malicious inputs that break smart contracts.
  • Manticore - Dynamic binary analysis tool with EVM support.
  • Oyente - Analyze Ethereum code to find common vulnerabilities, based on this paper.
  • Securify - Fully automated online static analyzer for smart contracts, providing a security report based on vulnerability patterns.
  • SmartCheck - Static analysis of Solidity source code for security vulnerabilities and best practices.
  • Octopus - Security Analysis tool for Blockchain Smart Contracts with support of EVM and (e)WASM.
  • sFuzz - Efficient fuzzer inspired from AFL to find common vulnerabilities.
  • Vertigo - Mutation Testing for Ethereum Smart Contracts.
Back to top