25 Tips for Solidity Code Auditors

Gaining the most elusive of tips. Add your input and let’s collect them all!

1. Did you know that you  can  utilize  VSCode  on your iPad ( preferably  with a Magic Keyboard) using the  Blink App ? If not, watch the  following video ! I hope you find this  tip  useful in your work!

2. Clone any project, then upload extension into  vscode ,  2nd link  -> add key from  sourcegraph , select the contract and the AI analyzes the structure of your project for you! Check out this  example !

3. Try  auditwizard.io  — revolutionize your workflow today!

4. Check out pre-built  security properties  for commonly forked DeFi protocols.

5. MEV / Sandwich / Front-run Back-run:  Compilation    advanced  info.

6. Try  Slither Detectors by Pessimistic.io   check out  SolCurity .

7. Give a try:  Pyrometer    Sporalyzer .

8. Explore Web3 with full confidence guarded by  Web3Antivirus security browser extension    learn evm attacks ! Consider  auditing  as part of a team.

9. Try using obsidian.md for notes! , set  it up correctly   check out  Audit Quality !

10. Check out  R.xyz ( link! ) and apply for a closed beta ( here )!

11. Follow my  own blog    Hexens’ blog !

12. This project was created to support  Code4rena Bot Races with useful  stats and tools. Read  more  about it  here   try  4naly3er !

13. Bot Racing: The Rise of Web3 Bots.    Code4Rena Bot Racing explained !

14. Check out GasBad which is an open-source project that evaluates  gas efficiency in Solidity  libraries!

15. Try out this tool — it scans constructor of  solidity smart contract for checks  to zero address.

16. DeFi Common Fork Bugs List .

17. There was also an  incredible tool , and I really like  this idea , since it is probably a  logical continuation  of an  old script  and  this service , but this is actually lot better than another simulator ( it  probably uses simulation like in  this  list).

18. Try using  Semgrep rules for smart contracts  based on DeFi exploits!

19. Complete this  set of tasks !

20. Check out this curated  list of web3Security materials and resources  For Pentesters and Bug Hunters!

21. Let’s break down such a concept as mind-mapping —  study this list   check out  AuditorsRoadmap  mind-map!

22. Explorer Bookmark  is a fantastic VS Code extension for all the code4rena Wardens, Sherlockdefi Watsons, and CodeHawks Hawks out there. No more struggling to find contracts in  scope among  a sea of others.  With this extension , you can easily collect in one place and access all the contracts within the scope of your audit. Enjoy a more streamlined workflow!

23. Also  use the “Hide Comments”  VSCode extension when  auditing . It  helps  you cut through the noise, remain unbiased and focus on what the  code  truly does! Study  audits  anomalies  archive .

24. Use the “ Solidity Visual Developer ” extension  which comes with the  @audit, @audit-info, @audit-ok, @audit-issue to categorize your notes!

25. Also Use  Inline Bookmarks  VSCode Extension by ConsenSys Audits to organize all your audit comments findings! Thoroughly document/explain each function using simple language to  reason about  it.  How To Learn Fast?  |  How to make better decisions?

Also Check Out  wiki.r.security :

wiki.r.security/wiki/Main_Page

… and visit my own repo here:

The best thing is to support me directly by donating to my address on Ethereum Main-net or any of the compatible networks or to any address from the list below:

• 0xB25C5E8fA1E53eEb9bE3421C59F6A66B786ED77A  — ERC20 ETH  officercia.eth

• 17Ydx9m7vrhnx4XjZPuGPMqrhw3sDviNTU  — BTC

• 4AhpUrDtfVSWZMJcRMJkZoPwDSdVG6puYBE3ajQABQo6T533cVvx5vJRc5fX7sktJe67mXu1CcDmr7orn1CrGrqsT3ptfds — Monero/XMR

• You can also support me by minting one of my  Mirror articles NFTs !

Thank you! Stay safe!