Skip to content

Testing

Ethereum Testing

Ethereum Testing IDE

Enumeration

To start, it is important to take an inventory of all functions and their attributes (e.g. visibility and modifiers). This can be done using the Solidity Function Profiler and optionally visualized using SolGraph. Looking at public functions can quickly reveal contract entry points. In addition, looking at modifiers can quickly reveal forms of authorization and other validation logic that may (or may not) exist.

If the contract being reviewed calls other contracts, this interaction should be analyzed and documented as well.

Outdated Dependencies

The version of the Solidity compiler should be noted, which is typically referenced in the pragma declaration at the beginning of a Solidity source code file. The latest bugs by version file should be consulted for any known vulnerabilities affecting that version of the compiler.

If third-party dependencies are used (e.g. OpenZeplin), these should be documented with version numbers. Outdated dependencies should be noted and research should be conducted to determine if any known security vulnerabilities exist.

Additional Resources

Tools

The following is a list of tools that can be leveraged during an Ethereum smart contract review.

  • Solidity Function Profiler - Returns a list of functions and their associated visibilities, modifiers, and return types.
  • SolGraph - Generates a graph of contract functions.
  • The Remix IDE comes with a number of security analyzers that should always be run during a review.
  • Mythil - A security analysis tool that leverages concolic analysis, taint analysis and control flow checking to detect a number of bugs, including integer underflows, owner-overwrite-to-Ether-withdrawal, and more.
  • Oyente - A security analysis tool that leverages symbolic execution to look for bugs such as reentrancy, mishandled exceptions, and timestamp dependence.
  • Solium - A Solidity linter with security checks.
  • SolHint - Another Solidity linter with security checks.
  • Manticore - An dynamic binary analysis framework with support for the Ethereum virtual machine. Run as a CLI, the tool generates new test cases (sample inputs) with symbolic execution. Run as an Python API, it can do much more.

Manual Review

As is the case with any other form of code review, it is important that we perform manual review in addition to running tools. Areas of interest for manual review include:

  • Storage reads and writes
  • External function calls
  • Authorization and other forms of validation
  • Contract suicide