Quick list of Open Source tools that can be used to audit smart contracts written in Solidity language.
Smart Contract Security Tools by Category
Control flow analysis
Mythril
- Last commit: 8fbe2e2 5 days ago
- Mythril is a security analysis tool for EVM bytecode. It detects security vulnerabilities in smart contracts built for Ethereum, Hedera, Quorum, Vechain, Roostock, Tron and other EVM-compatible blockchains. It uses symbolic execution, SMT solving and taint analysis to detect a variety of security vulnerabilities. It’s also used (in combination with other tools and techniques) in the MythX security analysis platform.
- https://github.com/ConsenSys/mythril
Solgraph
- Last commit: d3e6f43 on 30 Jan 2019
- https://github.com/raineorshine/solgraph
Dynamic code analysis
Manticore
- Last commit: 904f336 15 days ago
- https://github.com/trailofbits/manticore
Vulnerability analysis
Oyente
- Last commit: 69dc0a9 on 6 Nov 2020
- An Analysis Tool for Smart Contracts. Needs solc installed.
- https://github.com/enzymefinance/oyente
Taint analysis / symbolic execution
Mythril
- Last commit: 8fbe2e2 5 days ago
Test coverage
solidity-coverage
- Published a month ago
- https://www.npmjs.com/package/solidity-coverage
Linting
- Solium / Ethlint Published 3 years ago
- Solcheck Last commit: 682d3c6 on 5 Oct 2017
- Solint Last commit: 70b0b1b on 16 Aug 2016
- Solhint Last commit: 3443eee on 29 May 2021
Static Analysis
Slither
- Last commit: f11d896 yesterday
- Slither is a Solidity static analysis framework written in Python 3. It runs a suite of vulnerability detectors, prints visual information about contract details, and provides an API to easily write custom analyses. Slither enables developers to find vulnerabilities, enhance their code comprehension, and quickly prototype custom analyses.
- https://github.com/crytic/slither
securify2
- Last commit: def1e30 on Sep 5, 2021
- Securify 2.0 is a security scanner for Ethereum smart contracts
- https://github.com/eth-sri/securify2
Fuzzers
Echidna: A Fast Smart Contract Fuzzer
- Echidna is a Haskell program designed for fuzzing/property-based testing of Ethereum smarts contracts. It uses sophisticated grammar-based fuzzing campaigns based on a contract ABI to falsify user-defined predicates or Solidity assertions. We designed Echidna with modularity in mind, so it can be easily extended to include new mutations or test specific contracts in specific cases.
- https://github.com/crytic/echidna
EVM tools
pyevmasm
- Last commit: 17403de on Jun 17 2022
- pyevmasm is an assembler and disassembler library for the Ethereum Virtual Machine (EVM). It includes a commandline utility and a Python API.
- https://github.com/crytic/pyevmasm
Quick Install
# npm installs ## Solidity Compiler tool: solcjs npm -g install solc ## Tools npm install solint npm install solidity-coverage #(No longer a shell command) npm install solhint npm install solgraph npm install solium npm install solcheck #(Fails) # pip3 installs pip3 install slither-analyzer pip3 install mythril # pip installs pip install manticore # pip2 installs pip2 install oyente
Debian Development Packages
The following method has become deprecated as of 2022:
$ sudo apt-get install software-properties-common $ sudo add-apt-repository -y ppa:ethereum/ethereum #(Fails on latest Debian) $ sudo apt-get update $ sudo apt-get install ethereum solc
In newer Linux systems, try the following to install solc:
apt-get install cmake libboost-all-dev git clone --recursive https://github.com/ethereum/solidity.git cd solidity/ git submodule update --init --recursive sudo ./scripts/build.sh
IMPORTANT: You will need to install cmake and libboost-all-dev dependencies before trying to build solc.
Learn more about how to build and install solc in this blog post:
