25 Tips for Solidity Code Auditors

Gaining the most elusive of tips. Add your input and let’s collect them all!

  1. Did you know that you can utilize VSCode on your iPad (preferably with a Magic Keyboard) using the Blink App? If not, watch the following video! I hope you find this tip useful in your work!

  2. Clone any project, then upload extension into vscode2nd link -> add key from sourcegraph, select the contract and the AI analyzes the structure of your project for you! Check out this example!

  3. Try auditwizard.io — revolutionize your workflow today!

  4. Check out pre-built security properties for commonly forked DeFi protocols.

  5. MEV / Sandwich / Front-run & Back-run: Compilation & advanced info.

  6. Try Slither Detectors by Pessimistic.io & check out SolCurity.

  7. Give a try: Pyrometer & Sporalyzer.

  8. Explore Web3 with full confidence guarded by Web3Antivirus security browser extension & learn evm attacks! Consider auditing as part of a team.

  9. Try using obsidian.md for notes!, set it up correctly & check out Audit Quality!

  10. Check out R.xyz (link!) and apply for a closed beta (here)!

  11. Follow my own blog & Hexens’ blog!

  12. This project was created to support Code4rena Bot Races with useful stats and tools. Read more about it here & try 4naly3er!

  13. Bot Racing: The Rise of Web3 Bots. & Code4Rena Bot Racing explained!

  14. Check out GasBad which is an open-source project that evaluates gas efficiency in Solidity libraries!

  15. Try out this tool — it scans constructor of solidity smart contract for checks to zero address.

  16. DeFi Common Fork Bugs List.

  17. There was also an incredible tool, and I really like this idea, since it is probably a logical continuation of an old script and this service, but this is actually lot better than another simulator (it probably uses simulation like in this list).

  18. Try using Semgrep rules for smart contracts based on DeFi exploits!

  19. Complete this set of tasks!

  20. Check out this curated list of web3Security materials and resources For Pentesters and Bug Hunters!

  21. Let’s break down such a concept as mind-mapping — study this list & check out AuditorsRoadmap mind-map!

  22. Explorer Bookmark is a fantastic VS Code extension for all the code4rena Wardens, Sherlockdefi Watsons, and CodeHawks Hawks out there. No more struggling to find contracts in scope among a sea of others. With this extension, you can easily collect in one place and access all the contracts within the scope of your audit. Enjoy a more streamlined workflow!

  23. Also use the “Hide Comments” VSCode extension when auditing. It helps you cut through the noise, remain unbiased and focus on what the code truly does! Study audits anomalies archive.

  24. Use the “Solidity Visual Developer” extension which comes with the @audit, @audit-info, @audit-ok, @audit-issue to categorize your notes!

  25. Also Use Inline Bookmarks VSCode Extension by ConsenSys Audits to organize all your audit comments & findings! Thoroughly document/explain each function using simple language to reason about it. How To Learn Fast? | How to make better decisions?

Also Check Out wiki.r.security:


… and visit my own repo here:

The best thing is to support me directly by donating to my address on Ethereum Main-net or any of the compatible networks or to any address from the list below:

Thank you! Stay safe!

Subscribe to Officer's Blog
Receive the latest updates directly to your inbox.
Mint this entry as an NFT to add it to your collection.
This entry has been permanently stored onchain and signed by its creator.