Solidity Testing Framework & Security Scanners

Rekt News (Hacked Amount & Audit Status)

• Rekt - Leaderboard

Testing Framework

• Foundry (the most popular tool among auditors)
  • Foundry
  • 合約開發框架 Foundry 介紹及使用心得
• Hardhat, Remix, …
  (80% 以上的 bugs 都是 business logic implementation)

Testing Mechanism

• Static Analysis - check with best practices & well-known vulnerabilities by AI tools (e.g., Slither)
• Fuzzy Testing - an automated testing technique that provides invalid, unexpected, or random data as input to a program
• Differential Test (aka differential fuzzing) - a popular software testing technique that attempts to detect bugs, by providing the same input to a series of similar applications (or to different implementations of the same application), and observing differences in their execution.
• Formal Verification - For Solidity, formal verification is done with the use of Satisfiability Modulo Theories (SMT) and Horn solving. SMT is an automated reasoning technique that helps Solidity contract auditors verify complex logical formulas and constraints in their smart contracts.
• Symbolic Execution - a technique for exploring all possible execution paths of a program without actually executing it. It works by treating variables in the program as symbolic values, rather than concrete values.

Slither: the smart contract static analyzer

• https://github.com/crytic/slither

Mythril: the security analysis tool for EVM bytecode

• https://github.com/Consensys/mythril

Other Smart Contract Scanners

• SolidityScan-Most Accurate Scanner for Quick Security Audits
• De.Fi - DeFi Investing & Yield Farming Platform
• Audit Wizard