- Sūrya - Utility tool for smart contract systems, offering a number of visual outputs and information about the contracts' structure. Also supports querying the function call graph.
- Solgraph - Generates a DOT graph that visualizes function control flow of a Solidity contract and highlights potential security vulnerabilities.
- EVM Lab - Rich tool package to interact with the EVM. Includes a VM, Etherchain API, and a trace-viewer.
- ethereum-graph-debugger - A graphical EVM debugger. Displays the entire program control flow graph.
Static and Dynamic Analysis¶
- MythX - Professional security analysis tools and extensions for Truffle, Embark and other environments (awesome list).
- Mythril - The Swiss army knife for smart contract security.
- Slither - Static analysis framework with detectors for many common Solidity issues. It has taint and value tracking capabilities and is written in Python.
- Echidna - The only available fuzzer for Ethereum software. Uses property testing to generate malicious inputs that break smart contracts.
- Manticore - Dynamic binary analysis tool with EVM support.
- Oyente - Analyze Ethereum code to find common vulnerabilities, based on this paper.
- Securify - Fully automated online static analyzer for smart contracts, providing a security report based on vulnerability patterns.
- SmartCheck - Static analysis of Solidity source code for security vulnerabilities and best practices.
- Octopus - Security Analysis tool for Blockchain Smart Contracts with support of EVM and (e)WASM.
Weakness OSSClassifcation & Test Cases¶
- SWC-registry - SWC definitions and a large repository of crafted and real-world samples of vulnerable smart contracts.
- SWC Pages - The SWC-registry repo published on Github Pages
- solidity-coverage - Code coverage for Solidity testing.
Linters improve code quality by enforcing rules for style and composition, making code easier to read and review.
- Solcheck - A linter for Solidity code written in JS and heavily inspired by eslint.
- Solint - Solidity linting that helps you enforce consistent conventions and avoid errors in your Solidity smart-contracts.
- Solium - Yet another Solidity linting.
- Solhint - A linter for Solidity that provides both Security and Style Guide validations.