Link to this headingSmart Contract Scanning

Blockchain Security 101

How Coinbase made a tool to automate Smart Contract Scanning

https://github.com/crytic/rattle
https://swcregistry.io/

Link to this headingCode Review Smart Contracts

Link to this headingEthereum Smart Contracts

https://consensys.github.io/smart-contract-best-practices/security-tools/

Example Bad Contracts:
https://swcregistry.io/
https://github.com/crytic/not-so-smart-contracts
https://github.com/smartbugs/smartbugs-wild
https://www.damnvulnerabledefi.xyz/
https://github.com/cclabsInc/BlockChainExploitation

Smart Contract Scanners:
https://github.com/crytic/medusa
https://github.com/crytic/slither
https://github.com/smartbugs/smartbugs
https://github.com/crytic/building-secure-contracts

Link to this headingSolana Smart Contracts

https://medium.com/coinmonks/how-to-audit-solana-smart-contracts-part-1-a-systematic-approach-56a434f6c9ed
https://medium.com/coinmonks/how-to-audit-solana-smart-contracts-part-2-automated-scanning-ceb88830ae6d

Paid Programs

Link to this headingSlither

Slither, the Solidity source analyzer

  • The installed solc version must be exactly the same as the version being used.

Run on a Token Address:

slither-check-erc 0x2A46f2fFD99e19a89476E2f62270e0a35bBf0756 DigitalMediaCore --erc ERC721 Installing '0.4.25'... Version '0.4.25' installed. WARNING:CryticCompile:Warning: crytic-export/etherscan-contracts/0x2A46f2fFD99e19a89476E2f62270e0a35bBf0756-DigitalMediaCore.sol:169:3: Warning: Defining constructors as functions with the same name as the contract is deprecated. Use "constructor(...) { ... }" instead. function Ownable() public { ^ (Relevant source part starts here and spans across multiple lines). Warning: crytic-export/etherscan-contracts/0x2A46f2fFD99e19a89476E2f62270e0a35bBf0756-DigitalMediaCore.sol:960:3: Warning: Defining constructors as functions with the same name as the contract is deprecated. Use "constructor(...) { ... }" instead. function ERC721Token(string _name, string _symbol) public { ^ (Relevant source part starts here and spans across multiple lines). Warning: crytic-export/etherscan-contracts/0x2A46f2fFD99e19a89476E2f62270e0a35bBf0756-DigitalMediaCore.sol:362:17: Warning: This function only accepts a single "bytes" argument. Please use "abi.encodePacked(...)" or a similar function to encode the data. require(keccak256(candidateCreatorRegistryStore.typeOfContract()) == keccak256("approvedCreatorRegistry")); ^-------------------------------------------------------^ Warning: crytic-export/etherscan-contracts/0x2A46f2fFD99e19a89476E2f62270e0a35bBf0756-DigitalMediaCore.sol:362:17: Warning: The provided argument of type string memory is not implicitly convertible to expected type bytes memory. require(keccak256(candidateCreatorRegistryStore.typeOfContract()) == keccak256("approvedCreatorRegistry")); ^-------------------------------------------------------^ # Check DigitalMediaCore ## Check functions [] balanceOf(address) is present [] balanceOf(address) -> () (correct return value) [] balanceOf(address) is view [] ownerOf(uint256) is present [] ownerOf(uint256) -> () (correct return value) [] ownerOf(uint256) is view [] safeTransferFrom(address,address,uint256,bytes) is present [] safeTransferFrom(address,address,uint256,bytes) -> () (correct return type) [] Transfer(address,address,uint256) is emitted [] safeTransferFrom(address,address,uint256) is present [] safeTransferFrom(address,address,uint256) -> () (correct return type) [] Transfer(address,address,uint256) is emitted [] transferFrom(address,address,uint256) is present [] transferFrom(address,address,uint256) -> () (correct return type) [] Transfer(address,address,uint256) is emitted [] approve(address,uint256) is present [] approve(address,uint256) -> () (correct return type) [] Approval(address,address,uint256) is emitted [] setApprovalForAll(address,bool) is present [] setApprovalForAll(address,bool) -> () (correct return type) [] ApprovalForAll(address,address,bool) is emitted [] getApproved(uint256) is present [] getApproved(uint256) -> () (correct return value) [] getApproved(uint256) is view [] isApprovedForAll(address,address) is present [] isApprovedForAll(address,address) -> () (correct return value) [] isApprovedForAll(address,address) is view [] supportsInterface(bytes4) is present [] supportsInterface(bytes4) -> () (correct return value) [] supportsInterface(bytes4) is view [] name() is present [] name() -> () (correct return value) [] name() is view [] symbol() is present [] symbol() -> () (correct return value) [] tokenURI(uint256) is present [] tokenURI(uint256) -> () (correct return value) ## Check events [] Transfer(address,address,uint256) is present [] parameter 0 is indexed [] parameter 1 is indexed [ ] parameter 2 should be indexed [] Approval(address,address,uint256) is present [] parameter 0 is indexed [] parameter 1 is indexed [ ] parameter 2 should be indexed [] ApprovalForAll(address,address,bool) is present [] parameter 0 is indexed [] parameter 1 is indexed

Run on a Single File:

slither tests/uninitialized.sol

Run on a Folder:

slither .

Run with Docker:

docker pull trailofbits/eth-security-toolbox docker run -it -v /home/share:/share trailofbits/eth-security-toolbox

Link to this headingEchidna

TODO: https://secure-contracts.com/program-analysis/echidna/exercises/Exercise-2.html

>>> bat testtoken.sol pragma solidity ^0.8.0; import "./token.sol"; /// @dev Run the template with /// ``` /// solc-select use 0.8.0 /// echidna program-analysis/echidna/exercises/exercise1/template.sol /// ``` contract TestToken is Token { address echidna = tx.origin; constructor() { balances[echidna] = 10_000; } function echidna_test_balance() public view returns (bool) { return balances[echidna] <= 10_000; } } >>> echidna testtoken.sol [2025-06-26 20:17:06.32] Compiling testtoken.sol... Done! (0.647776s) Multiple contracts found, only analyzing the first Analyzing contract: /Users/brian.ridings/Documents/echidna_tests/testtoken.sol:TestToken [2025-06-26 20:17:06.97] Running slither on testtoken.sol... Done! (0.767738s) echidna_test_balance: failed!💥 Call sequence: TestToken.transfer(0x10000,10001) Time delay: 487078 seconds Block delay: 57071 Traces: Unique instructions: 641 Unique codehashes: 1 Corpus size: 3 Seed: 642813754373980386 Total calls: 404

Link to this headingManticore

ERROR: This has been abandoned and has many bugs.

From Docker:

>>> docker pull trailofbits/manticore >>> docker run --rm -it -v $(pwd):/wd --name manticore-docker trailofbits/manticore bash root@5c1b5456ab44:/# solc-select install 0.8.25 Installing solc '0.8.25'... Version '0.8.25' installed. root@5c1b5456ab44:/# solc-select use 0.8.25 Switched global version to 0.8.25 root@5c1b5456ab44:/# manticore /wd/ExampleERC20.sol

Link to this headingPublished Bytecode on Blockchain

Getting Blocks from the Mainnet:

karl --rpc https://mainnet.infura.io/

Blockchain Scanners: