🎖️​Best Smart Contract Security Tools in 2022

Quick list of Open Source tools that can be used to audit smart contracts written in Solidity language.

Smart Contract Security Tools by Category

Control flow analysis

Mythril

  • Last commit: 8fbe2e2 5 days ago
  • Mythril is a security analysis tool for EVM bytecode. It detects security vulnerabilities in smart contracts built for Ethereum, Hedera, Quorum, Vechain, Roostock, Tron and other EVM-compatible blockchains. It uses symbolic execution, SMT solving and taint analysis to detect a variety of security vulnerabilities. It’s also used (in combination with other tools and techniques) in the MythX security analysis platform.
  • https://github.com/ConsenSys/mythril

Easy on-chain smart contract audits for Ethereum, BSC, Polygon, Arbitrum and Avalanche

Solgraph

Dynamic code analysis

Manticore

Vulnerability analysis

Oyente

Taint analysis / symbolic execution

Mythril

  • Last commit: 8fbe2e2 5 days ago

Test coverage

solidity-coverage

Linting

Static Analysis

Slither

  • Last commit: f11d896 yesterday
  • Slither is a Solidity static analysis framework written in Python 3. It runs a suite of vulnerability detectors, prints visual information about contract details, and provides an API to easily write custom analyses. Slither enables developers to find vulnerabilities, enhance their code comprehension, and quickly prototype custom analyses.
  • https://github.com/crytic/slither

securify2

Fuzzers

Echidna: A Fast Smart Contract Fuzzer

  • Echidna is a Haskell program designed for fuzzing/property-based testing of Ethereum smarts contracts. It uses sophisticated grammar-based fuzzing campaigns based on a contract ABI to falsify user-defined predicates or Solidity assertions. We designed Echidna with modularity in mind, so it can be easily extended to include new mutations or test specific contracts in specific cases.
  • https://github.com/crytic/echidna

EVM tools

pyevmasm

  • Last commit: 17403de on Jun 17 2022
  • pyevmasm is an assembler and disassembler library for the Ethereum Virtual Machine (EVM). It includes a commandline utility and a Python API.
  • https://github.com/crytic/pyevmasm

Quick Install

# npm installs
## Solidity Compiler tool: solcjs
npm -g install solc
## Tools
npm install solint
npm install solidity-coverage #(No longer a shell command)
npm install solhint
npm install solgraph
npm install solium
npm install solcheck #(Fails)
# pip3 installs
pip3 install slither-analyzer
pip3 install mythril
# pip installs
pip install manticore
# pip2 installs
pip2 install oyente

Debian Development Packages

The following method has become deprecated as of 2022:

$ sudo apt-get install software-properties-common
$ sudo add-apt-repository -y ppa:ethereum/ethereum #(Fails on latest Debian)
$ sudo apt-get update
$ sudo apt-get install ethereum solc

In newer Linux systems, try the following to install solc:

apt-get install cmake libboost-all-dev
git clone --recursive https://github.com/ethereum/solidity.git
cd solidity/
git submodule update --init --recursive
sudo ./scripts/build.sh

IMPORTANT: You will need to install cmake and libboost-all-dev dependencies before trying to build solc.

Learn more about how to build and install solc in this blog post:

How useful was this post?

Click on a star to rate it!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?