This series of blog posts provides a guided walk-through for using different smart contract security tools. These articles are for readers who wish to level-up their Ethereum and solidity security skills. Even if you’re familiar with these tools, these guides may reveal some hidden features.
Motivation
If you’ve heard about blockchain and smart contract security, you’ve also heard about the massive crypto hacks. There is currently a severe shortage and high demand for security know-how in the smart contract ecosystem. yAcademy strives to grow security talent in the blockchain ecosystem, and sharing knowledge of common building blocks is an important piece of that. While the latest major hacks are (usually) beyond the ability of automated security tools, it’s important that good how-to guides for current security tools exist to make it easier to onboard people new to smart contract security. And if we want smart contract security tooling to improve, which would be very helpful given the security skillset shortage, the best way to incentivize tool improvement is to use and show appreciation for what already exists. Or even better, after you get familiar with these tools, you can start contributing to the tools, upgrading them, or building new improved tools. While it is true that manual code reviews are mostly what the top smart contract auditing firms get paid for, those same auditors run these tools to catch low-hanging fruit.
The Tools
The obvious question now is: what’s in the engn33r’s toolbox? These are what I think are the most useful and commonly-used tools in the Ethereum security space. If the tool listed below doesn’t have a hyperlink, the article is still being written — check again soon!
- Slither
- Echidna
- Mythril
- VS Code Extensions
- Etherscan
- Seth
- Tenderly
- Misc. web tools (ethtx.info, contract-library.com, etc.)
