Static and Dynamic Analysis

  • MythX - MythX is a professional-grade cloud service that uses symbolic analysis and input fuzzing to detect common security bugs and verify the correctness of smart contract code. Using MythX requires an API key from mythx.io.
  • Mythril - The Swiss army knife for smart contract security.
  • Slither - Static analysis framework with detectors for many common Solidity issues. It has taint and value tracking capabilities and is written in Python.
  • Contract-Library - Decompiler and security analysis tool for all deployed contracts.
  • MadMax - Static analysis tool for gas DoS vulnerabilities.
  • Gigahorse - Fast binary lifter and program analysis framework written in Datalog.
  • Echidna - The only available fuzzer for Ethereum software. Uses property testing to generate malicious inputs that break smart contracts.
  • Manticore - Dynamic binary analysis tool with EVM support.
  • Oyente - Analyze Ethereum code to find common vulnerabilities, based on this paper.
  • Securify - Fully automated online static analyzer for smart contracts, providing a security report based on vulnerability patterns.
  • SmartCheck - Static analysis of Solidity source code for security vulnerabilities and best practices.
  • Octopus - Security Analysis tool for Blockchain Smart Contracts with support of EVM and (e)WASM.
  • sFuzz - Efficient fuzzer inspired from AFL to find common vulnerabilities.
  • Vertigo - Mutation Testing for Ethereum Smart Contracts.
Back to top