₿ Smart Contract Security Tools in 2022

Penetration Testing Wiki



Quick list of Open Source tools that can be used to audit smart contracts written in Solidity language.

By Name

Slither

Slither is a Solidity static analysis framework written in Python 3. It runs a suite of vulnerability detectors, prints visual information about contract details, and provides an API to easily write custom analyses. Slither enables developers to find vulnerabilities, enhance their code comprehension, and quickly prototype custom analyses.

Mythril

Mythril is a security analysis tool for EVM bytecode. It detects security vulnerabilities in smart contracts built for Ethereum, Hedera, Quorum, Vechain, Roostock, Tron and other EVM-compatible blockchains. It uses symbolic execution, SMT solving and taint analysis to detect a variety of security vulnerabilities. It’s also used (in combination with other tools and techniques) in the MythX security analysis platform.

Oyente

An Analysis Tool for Smart Contracts. Needs solc installed.

By Category

Control flow analysis

  • Mythril Last commit: 8fbe2e2 5 days ago
  • Solgraph Last commit: d3e6f43 on 30 Jan 2019

Dynamic code analysis

Vulnerability analysis

  • Oyente Last commit: 69dc0a9 on 6 Nov 2020

Taint analysis / symbolic execution

  • Mythril Last commit: 8fbe2e2 5 days ago

Test coverage

Linting

Static Analysis

  • Slither Last commit: f11d896 yesterday

Quick Install

# npm installs
## Solidity Compiler tool: solcjs
npm -g install solc
## Tools
npm install solint
npm install solidity-coverage #(No longer a shell command)
npm install solhint
npm install solgraph
npm install solium
npm install solcheck #(Fails)
# pip3 installs
pip3 install slither-analyzer
pip3 install mythril
# pip installs
pip install manticore
# pip2 installs
pip2 install oyente

Debian Development Packages

The following method has become deprecated as of 2022:

$ sudo apt-get install software-properties-common
$ sudo add-apt-repository -y ppa:ethereum/ethereum #(Fails on latest Debian)
$ sudo apt-get update
$ sudo apt-get install ethereum solc

In newer Linux systems, try the following to install solc:

apt-get install cmake libboost-all-dev
git clone --recursive https://github.com/ethereum/solidity.git
cd solidity/
git submodule update --init --recursive
sudo ./scripts/build.sh

IMPORTANT: You will need to install cmake and libboost-all-dev dependencies before trying to build solc.

Learn more about how to build and install solc in this blog post:

How useful was this post?

Click on a star to rate it!

Average rating 5 / 5. Vote count: 1

No votes so far! Be the first to rate this post.