Tips for Solidity Code Auditors

Gaining the most elusive of tips. Add your input and let’s collect them all!


General Tips & Suggestions

  1. Did you know that you can utilize VSCode on your iPad (preferably with a Magic Keyboard) using the Blink App? If not, watch the following video! I hope you find this tip useful in your work!

  2. Clone any project, then upload extension into vscode2nd link -> add key from sourcegraph, select the contract and the AI analyzes the structure of your project for you! Check out this example!

  3. Try auditwizard.io - revolutionize your workflow today!

  4. Check out pre-built security properties for commonly forked DeFi protocols.

  5. MEV / Sandwich / Front-run & Back-run: Compilation & advanced info.

  6. Try Slither Detectors by Pessimistic.io & check out SolCurity.

  7. Give a try: Pyrometer & Sporalyzer.

  8. Explore Web3 with full confidence guarded by Web3Antivirus security browser extension & learn evm attacks!

  9. Try using obsidian.md for notes! & check out Audit Quality!

  10. Check out R.xyz (link!) and apply for a closed beta (here)!

  11. Follow my own blog & Hexens' blog!

  12. This project was created to support Code4rena Bot Races with useful stats and tools. Read more about it here & try 4naly3er!

  13. Bot Racing: The Rise of Web3 Bots. & Code4Rena Bot Racing explained!

  14. Check out GasBad which is an open-source project that evaluates gas efficiency in Solidity libraries!

  15. Try out this tool - it scans constructor of solidity smart contract for checks to zero address.

  16. DeFi Common Fork Bugs List.

  17. Try using Semgrep rules for smart contracts based on DeFi exploits!

  18. Complete this set of tasks & check out this curated list of web3Security materials and resources For Pentesters and Bug Hunters!

  19. Let's break down such a concept as mind-mapping - study this list & check out AuditorsRoadmap mind-map!

  20. How To Learn Fast?


Tools & Services


Useful Resources — by officercia.eth


Awesome GitHub Lists


Additional Resources

Front-end Security


Work…?


Support

The best thing is to support me directly by donating to my address on Ethereum Main-net or any of the compatible networks or to any address from the list below:

Thank you!

Subscribe to Officer's Blog
Receive the latest updates directly to your inbox.
Mint this entry as an NFT to add it to your collection.
Verification
This entry has been permanently stored onchain and signed by its creator.