Security Tools

Static Analysis

  • Manticore - Dynamic binary analysis tool with EVM support
  • Mythril Platform API - SaaS platform and tools ecosystem for smart contract security.
  • Mythril OSS - Open-source security analysis tool for Solidity code and Ethereum bytecode.
  • Oyente - Analyze Ethereum code to find common vulnerabilities, based on this paper.
  • Solgraph - Generates a DOT graph that visualizes function control flow of a Solidity contract and highlights potential security vulnerabilities.
  • SmartCheck - Static analysis of Solidity source code for security vulnerabilities and best practices.
  • Securify - Fully automated online static analyzer for smart contracts, providing a security report based on vulnerability patterns.
  • Sūrya - Utility tool for smart contract systems, offering a number of visual outputs and information about the contracts' structure. Also supports querying the function call graph.
  • EVM Lab - Rich tool package to interact with the EVM. Includes a VM, Etherchain API, and a trace-viewer.
  • Slither - Static analysis framework with detectors for many common Solidity issues. It has taint and value tracking capabilities and is written in Python.

Test Coverage

Linters

Linters improve code quality by enforcing rules for style and composition, making code easier to read and review.

  • Solcheck - A linter for Solidity code written in JS and heavily inspired by eslint.
  • Solint - Solidity linting that helps you enforce consistent conventions and avoid errors in your Solidity smart-contracts.
  • Solium - Yet another Solidity linting.
  • Solhint - A linter for Solidity that provides both Security and Style Guide validations.