Smart Contract Security Audit Tools CodeProof uses
Contract Fuzzer
Based on the ABI specification of smart contracts, a tool that uses this technology to find vulnerabilities in Ethereum smart contracts. In addition, the tool also defines a test language machine to detect security vulnerabilities, detect EVM to record smart contract runtime behavior, and analyze these logs to report security vulnerabilities.
Echidna
A Haskell program designed for fuzzing Ethereum smart contracts.
Ethlint
Analyzes Solidity code for style and security issues and helps fix them.
Firely
A quality assurance tool for smart contracts that allows smart contract developers to integrate with Truffle and leverage as many existing test suites and tools as possible before they have access to in-depth formal verification.
Foundry
A fast, portable and modular toolkit for Ethereum application development in Rust. Includes: Forge Ethereum testing frameworks (such as Truffle, Hardhat, and Dapptools) and Cast for interacting with EVM smart contracts, sending transactions, and fetching chain data.
Mythril
EVM bytecode security analysis tool that uses symbolic execution, SMT solving and taint analysis to detect various security vulnerabilities.
MythX
Automatically scans Ethereum and other EVM-based blockchain smart contracts for security vulnerabilities.
Manticore
Symbolic execution tool for analyzing smart contracts and binaries. It can analyze Ethereum smart contracts (EVM bytecode), Linux ELF binaries (x86, x86_64, aarch64 and ARMv7) and WASM modules.
Rattle
A static analysis framework for EVM binaries using flow-sensitive analysis.
Slither
Static analysis of Solidity source code for security vulnerabilities and best practices.
Solgraph
Generates a DOT graph that visualizes functional control flow and shows potential security holes.
Scribble
A specification language and runtime verification tool that converts high-level specifications into Solidity code.
Securify
A tool to statically analyze the Ethereum Virtual Machine and obtain information about all algorithms and data flows within it. This process is fully automated by using Souffle. Souffle is a programming language created for static analysis of Oracle and other software. The results are then examined to find vulnerabilities and provide recommendations on how to fix them.
SmartCheck
A scalable static analysis tool for finding vulnerabilities and other code issues in Ethereum smart contracts. It is capable of finding different types of vulnerabilities related to functional violations and operational issues such as operational issues and poor performance.
Slither and MythX are commonly used open source tools for some static analysis tests in the early stage. For higher level testing, there are mainly fuzzers such as Echidna, Forge+built in fuzzer.
The time to complete a smart contract security audit depends on the size and complexity of the code. While a simple token contract can be audited within 48 hours, a full decentralized application can take weeks to audit.
