Top 10 solidity smart contract audit tools

Blockchain Security + blog + secure coding Z. Oualid today

Background
share close

Due to the immutability of smart contracts, checking their security before deploying them in any Blockchain is one of the most critical steps in their development lifecycle. However, this process could be very challenging in terms of both required knowledge and time to perform such an audit. Therefore, using tools to automate this process could be very helpful. So what are the best 10 solidity smart contract audit tools that both developers and auditors use during their audit?

  1. VulnDetector
  2. Slither
  3. SmartCheck
  4. Oyente
  5. Mythril
  6. ContractFuzzer
  7. Remix IDE static analysis plug-in
  8. Manticore
  9. sFuzz
  10. MadMax

It is really recommended to use at least one of the following tools once you have finished writing your smart contract to eliminate all obvious vulnerabilities that may cost you so much money in the future.

In this blog post, we are going to discuss some of the most used solidity smart contract auditing tools. Moreover, we are going to show you what kind of results (in terms of vulnerabilities) you can expect them to find in your code. In addition, we are going to give you an idea about how each one of them works and what it does to find vulnerabilities.

* If you want me to create a tutorial to explain how you can use one or multiple tools, please just comment below and I will be very happy to do it.

* The content of this blog post is purely educational. We are not responsible for any misuse of those tools.

Vulndetector


Vulndetector, a cutting-edge addition to the smart contract toolkit and the forefront leader in effectiveness. This tool seamlessly integrates the key advantages highlighted in this blog post, offering unparalleled precision in identifying vulnerabilities. Boasting a robust capability, Vulndetector surpasses by detecting over 500 types of vulnerabilities. Moreover, it goes the extra mile by proposing gas optimizations, a boon for both users and deployers, aiming to streamline and reduce gas consumption.

Below, is a list of some of the vulnerabilities this powerful tool detect, underscoring its comprehensive and innovative approach to smart contract security:

  • Functions of wstETH Utilize stETH Units Instead of Eth
  • get_dy_underlying() lacks resistance to flash loans for pricing.
  • Contracts are vulnerable to fee-on-transfer-token-related accounting issues
  • Solmate’s SafeTransferLib does not check for token contract’s existence
  • Missing checks for whether the L2 Sequencer is active
  • Transaction Order Dependence
  • Write to Arbitrary Storage Location
  • Shadowed State Variable
  • Unrestricted Self destruct
  • Uninitialized State Variable
  • Uninitialized Storage
  • Unrestricted Delegate Call
  • Reentrancy
  • Unexpected Ether balance
  • Useing _mint() instead of _safeMint() for NFTs can lead to tokens being irrecoverable
  • Unsafe use of transfer()/transferFrom() with IERC20

The community eagerly anticipated the launch of this tool, especially given its demonstrated effectiveness and superiority in auditing various well-known protocols. The tool has now entered the launch phase and is extending compelling discounts for early subscribers, making it an enticing opportunity for those keen on advanced auditing capabilities.

Slither

Slither is one of the most popular tools in the smart contract security audit industry. This tool was developed by trailofbits and was one of the very first tools in the market. Slither is developed by Python 3 and offers a nice API that helps security professionals to write their own analyzers quickly.

Slither solidity smart contract security audit tool

Slither was extremely optimized to detect vulnerabilities with a very low false-positive rate and with an average execution time that is less than 1 second per contract. However, this average time depends mainly on the complexity of the audited smart contract. More complex smart contracts may require more time to be audited.

Slither is able to analyze contracts built with a solidity version starting from 0.4, which makes it cover a wide range of existing smart contracts. In addition, Slither could easily be integrated into a CI/CD environment, which adds more automation to it and ease of use for developers.

Slither is capable of discovering the following vulnerabilities:

  • Suicidal functions
  • Uninitialized state variables
  • Uninitialized storage variables
  • Functions that send ether to an arbitrary destination
  • Reentrancy vulnerabilities
  • Contracts that lock ether
  • Dangerous usage of tx.origin
  • Dangerous low level calls

In addition to that, slither is capable of discovering even source code quality issues and code optimizations that may have an impact on gas fees.

Unfortunately, with all those capabilities, slither still miss so many other vulnerabilities that could have a big impact on your smart contract. However, the core of this tool allows it to be easily upgradable to start finding other vulnerabilities and perform better checks.

SmartCheck

Another popular smart contract security audit tool is SmartCheck. This tool uses static analysis to discover vulnerabilities in the source code of smart contracts. SmartCheck evaluates Solidity source code against XPath patterns after converting it to an XML-based intermediate representation. This intermediate representation is generated using a lexical and syntactical analysis of Solidity source code.  

Here is a list of some of the critical vulnerabilities that can be discovered using SmartCheck:

  • Re-entrancy
  • Unchecked external call
  • Transfer forwards all gas
  • DoS by external contract
  • Timestamp dependence
  • Unsafe type inference
  • Using tx.origin

In addition, SmartCheck is capable of discovering different types of vulnerabilities related to Functionalities violations and operational issues like runtime problems and bad performance.

However, SmartCheck has also its limits, since certain issues require more advanced approaches like taint analysis or even manual auditing to identify.

Oyente

Oyente is one of the oldest tools in the market that perform security audit against the smart contract. This tool has served as a base for developing other ones and has served for many years as a reference for them.

Oyente checks for execution traces where transaction order can influence Ether flow, where the result of a computation depends on the timestamp of the block, where exceptions raised by calls are not properly caught, or where a contract can be re-entered multiple times by executing EVM bytecode symbolically.

This tool is developed using python and it is essentially a command-line tool, but offers also a web interface.

To my best knowledge, Oyente is capable of discovering the following vulnerabilities only:

  • Transaction Order Dependence
  • Timestamp
  • Reentrancy
  • integer overflow

Which makes it very limited in terms of issues that it can discover. As I have already said, this tool remains a reference only for future solidity scanners development and it could be used in the CI/CD environment to reduce the probability to miss a vulnerability that other tools could not find. For example, it was proved that Oyente is capable of discovering the integer overflow vulnerability with better precision than Mythril.

Mythril

One of the most famous tools in the industry of smart contract auditing is Mythril. This tool was developed by CONSENSYS on python and could easily be installed using pip. The tool makes use of all the latest analysis techniques, from symbolic execution, taint analysis, and many more techniques.

Mythril solidity smart contract security audit tool

The tool supports the analysis of multiple Blockchains other than Ethereum that make use of EVM and only require the EVM bytecode to analyze the smart contract.

One of the best features of this tool is that you can just specify the address of the deployed contract and the tool can start analyzing it. In addition, the number of vulnerabilities that this tool can discover is also good compared to the others due to the used techniques.

The Mythril tool can discover the following vulnerabilities:

  • Transaction order dependency
  • Random number
  • Timestamp
  • Callstack depth
  • Reentrancy
  • Unchecked call
  • Tx.origin
  • Send
  • Unchecked math
  • Bad coding pattern
  • Deprecated elements

Moreover, Consensys is now offering a SaaS solution based on Mythril that allows developers and security professionals, to audit their smart contracts without the need to install anything. This solution is called MythX.

However, Mythril is also not able to discover business logic vulnerabilities that can cause some serious financial losses.

ContractFuzzer

Among all the existing code analysis and vulnerability detection techniques, the one that has proved to be effective over the years is Fuzzing. This technique is based on executing the smart contract with multiple and different inputs to try to trigger a strange behavior. This behavior is usually a sign of an existing vulnerability.

ContractFuzzer is a tool that makes use of this technique to find vulnerabilities in Ethereum smart contracts, based on the ABI specifications of smart contracts. In addition, the tool defines test oracles to detect security vulnerabilities, instruments the EVM to log smart contracts runtime behaviors, and analyzes these logs to report security vulnerabilities.

The ContractFuzzer tool is capable of discovering the following vulnerabilities:

  • Gasless Send
  • Exception Disorder
  • Reentrancy
  • Timestamp dependency
  • Block number dependency
  • Dangerous delegateCall
  • Freezing Ether contract

Even with all these types of vulnerabilities, the tool remains less effective in detecting vulnerabilities, compared to the previously mentioned tools in the market. In addition, the tool suffers from a high false-negative rate, which may lead to not detecting some types of vulnerabilities.

Remix IDE static analysis plug-in

This tool may not be as useful for security auditors as for developers. Actually, this is not only one tool, but actually a bunch of tools that can be integrated by both Remix IDE and VScode. Those plugins help developers to detect vulnerabilities before they even compile them. Usually, those plugins use static analysis with pattern matching to find vulnerabilities during the coding phase.

Here are two of the most known plugins that can perform such a check:

  • Solidity Static Analysis
  • MythX plugin

Here is a list of some vulnerabilities that you can expect those plugins to find in your source code:

  • tx.origin
  • reentrancy
  • Inline assembly use
  • Timestamp
  • Dangerous low-level calls
  • Blockhash usage
  • Selfdestruct

In addition, those plugins are capable of discovering problems related to gas consumption and optimization and code quality problems.

It is true that most of those tools could have a high false-positive but they can be very useful to detect and fix simple vulnerabilities. In addition to plugins with vulnerability scanning capacity, there are so many plugins that can help both developers and security auditors to find business logic vulnerabilities.

Here is a list of some popular plugins:

  • Control Flow Graph
  • Sol2UML

However, those kinds of scanners remain very limited in terms of vulnerabilities that they can discover as an effective scanning require both static and dynamic analysis.

Manticore

Manticore is another well-known symbolic execution based tool for detecting vulnerabilities in smart contracts. The tool is fully developed using python and already exists in Python default repository. The most interesting feature of this tool is that it can be used not only to scan Ethereum-based programs (smart contract binaries) but also x86/64, ARM binaries.

Manticore solidity smart contract security audit tool

The ability to run a symbolic execution against a smart contract enhances the code coverage of a smart contract. This simply means that the probability to find a vulnerability using this technique is higher than the one that does not use it. Unfortunately, and like all the previously discussed tools, this one is also unable to find business logic vulnerabilities. However, here is a list of some vulnerabilities The Manticore tool can discover inside a smart contract:

  • Detect the use of environment instruction
  • Suicidal
  • Dangerous external call and leak
  • Invalid instruction detection
  • Reentrancy
  • Integer overflow
  • Dangerous delegate call
  • Uninitialized Memory
  • Uninitialized Storage
  • Transaction order dependencies
  • Detect manipulable balance

sFuzz

sFuzz is another Ethereum-based fuzzer for smart contracts. In comparison to other Solidity fuzzers, sFuzz combines the AFL fuzzer’s method with a lightweight multi-objective adaptive strategy that targets those difficult-to-cover branches.

This fuzzer is based on a feedback-guided adaptive fuzzing technique. The main idea of this technique is to transform the test generation problem into an optimization problem and use some form of feedback as an objective function in solving the optimization problem.

sFuzz is capable of discovering the following vulnerabilities:

  • Gasless Send
  • Exception disorder
  • Reentrancy
  • Timestamp Dependency
  • Block Number Dependency
  • Dangerous DelegateCall
  • Integer Overflow
  • Integer Underflow
  • Freezing ether

Compared to other tools sFuzz is very fast and covers a wide range of vulnerabilities in a smart contract. However, this tool could be used as complementary to other symbolic execution tools to enhance the code coverage of the fuzzer.

MadMax

MadMax is a pretty different smart contract vulnerability scanner, as it is developed with the main focus on discovering vulnerabilities related to gas consumption. The MadMax tool uses static dataflow analysis and control flow analysis to locate the following vulnerabilities:

  • Unbounded mass operations
  • Nonisolated calls (wallet griefing)
  • Integer overflows

Unfortunately, this tool is very limited in terms of the number of vulnerabilities it can discover or even the used techniques for that. Therefore, combining it with other tools is mandatory to enhance the chances to discover more vulnerabilities.

Conclusion:

Using auditing tools to find vulnerabilities, in the beginning, is a very good practice to remove standard vulnerabilities. However, relying only on their results is a big mistake.

Auditing a smart contract requires both the use of automated and manual code review. Most existing tools in the market are designed to find a pattern-based vulnerability and may miss so many other types of vulnerabilities, especially those related to the business logic.

Therefore, performing a manual security check on your smart contract once everything is correctly working, is necessary to avoid any future hacks.

Written by: Z. Oualid

Rate it

About the author
Avatar

Z. Oualid

I am a Cyber Security Expert, I have worked with many companies around the globe to secure their applications and their networks. I am certified OSCP and OSCE which are the most recognized and hard technical certifications in the industry of cybersecurity. I am also a Certifed Ethical hacker (CEH). I hope you enjoy my articles :).


Previous post

Post comments (0)

Leave a reply

Your email address will not be published. Required fields are marked *