25 Tips for Solidity Code Auditors
Gaining the most elusive of tips. Add your input and let’s collect them all!
-
Did you know that you can utilize VSCode on your iPad ( preferably with a Magic Keyboard) using the Blink App ? If not, watch the following video ! I hope you find this tip useful in your work!
-
Clone any project, then upload extension into vscode , 2nd link -> add key from sourcegraph , select the contract and the AI analyzes the structure of your project for you! Check out this example !
-
Try auditwizard.io — revolutionize your workflow today!
-
Check out pre-built security properties for commonly forked DeFi protocols.
-
MEV / Sandwich / Front-run Back-run: Compilation advanced info.
-
Try Slither Detectors by Pessimistic.io check out SolCurity .
-
Give a try: Pyrometer Sporalyzer .
-
Explore Web3 with full confidence guarded by Web3Antivirus security browser extension learn evm attacks ! Consider auditing as part of a team.
-
Try using obsidian.md for notes! , set it up correctly check out Audit Quality !
-
Check out R.xyz ( link! ) and apply for a closed beta ( here )!
-
Follow my own blog Hexens’ blog !
-
This project was created to support Code4rena Bot Races with useful stats and tools. Read more about it here try 4naly3er !
-
Bot Racing: The Rise of Web3 Bots. Code4Rena Bot Racing explained !
-
Check out GasBad which is an open-source project that evaluates gas efficiency in Solidity libraries!
-
Try out this tool — it scans constructor of solidity smart contract for checks to zero address.
-
DeFi Common Fork Bugs List .
-
There was also an incredible tool , and I really like this idea , since it is probably a logical continuation of an old script and this service , but this is actually lot better than another simulator ( it probably uses simulation like in this list).
-
Try using Semgrep rules for smart contracts based on DeFi exploits!
-
Complete this set of tasks !
-
Check out this curated list of web3Security materials and resources For Pentesters and Bug Hunters!
-
Let’s break down such a concept as mind-mapping — study this list check out AuditorsRoadmap mind-map!
-
Explorer Bookmark is a fantastic VS Code extension for all the code4rena Wardens, Sherlockdefi Watsons, and CodeHawks Hawks out there. No more struggling to find contracts in scope among a sea of others. With this extension , you can easily collect in one place and access all the contracts within the scope of your audit. Enjoy a more streamlined workflow!
-
Also use the “Hide Comments” VSCode extension when auditing . It helps you cut through the noise, remain unbiased and focus on what the code truly does! Study audits anomalies archive .
-
Use the “ Solidity Visual Developer ” extension which comes with the @audit, @audit-info, @audit-ok, @audit-issue to categorize your notes!
-
Also Use Inline Bookmarks VSCode Extension by ConsenSys Audits to organize all your audit comments findings! Thoroughly document/explain each function using simple language to reason about it. How To Learn Fast? | How to make better decisions?
Also Check Out wiki.r.security :
… and visit my own repo here:
The best thing is to support me directly by donating to my address on Ethereum Main-net or any of the compatible networks or to any address from the list below:
-
0xB25C5E8fA1E53eEb9bE3421C59F6A66B786ED77A — ERC20 ETH officercia.eth
-
17Ydx9m7vrhnx4XjZPuGPMqrhw3sDviNTU — BTC
-
4AhpUrDtfVSWZMJcRMJkZoPwDSdVG6puYBE3ajQABQo6T533cVvx5vJRc5fX7sktJe67mXu1CcDmr7orn1CrGrqsT3ptfds — Monero/XMR
-
You can also support me by minting one of my Mirror articles NFTs !
Thank you! Stay safe!
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
ACT breaks through $0.78, with a 24-hour increase of 38.0%
US spot Bitcoin ETFs saw a net inflow of $320 million yesterday
US spot Ethereum ETF had a net inflow of $332.9 million yesterday