Hardhat Security

This is a repository focused on smart contract security. It includes a docker container with all the tools you need and a few example contracts to help you get started.

• Tools
• Games
• Blogs
• Audit Examples:
• Articles
• Getting Started
  • Requirements
  • Quickstart
• Usage
  • Slither
  • Echidna
• Linting
• Formatting

Tools

• Slither
  • Static analysis from Trail of Bits.
• Echidna
  • Fuzzing from Trail of Bits.
• Manticore
  • Symbolic execution tool from Trail of Bits.
• MythX
  • Paid service for smart contract security.
• Mythrill
  • MythX free edition.
• ETH Security Toolbox
  • Script to create docker containers configured with Trail of Bits security tools.
• ethersplay
  • ETH Disassembler
• Consensys Security Tools
  • A list of Consensys tools.

Games

• Ethernaut (This is a must play!)
• Damn Vulnerable Defi (This is a must play!)

Blogs

• rekt
  • A blog that keeps up with all the "best" hacks in the industry.
• Trail of bits blog
  • Learn from one of the best auditors in the space.
• Openzeppelin Blog
  • Another blog of one of the best auditors in the space.

Audit Examples:

• Openzeppelin
• Sigma Prime
• Trail of Bits

Articles

• Smart Contract Security Best Practices
  • Consensys blog on security vulnerabilities. Also check out their tools.
• Chainlink X Certik Blog on Security
• More attacks

Getting Started

Requirements

• Git
  • You'll know you did it right if you can run git --version and you see a response like git version x.x.x
• Nodejs
  • You'll know you've installed nodejs right if you can run:
    • node --version and get an ouput like: vx.x.x
• Docker
  • You'll know you've installed docker right if you can run:
  • docker --version and get an ouput like Docker version xx.xx.xx, build xxxxx

Quickstart

git clone https://github.com/0x963D/hardhat-security
cd hardhat-security
npm install

Usage

Slither

Open the docker shell:

npm run toolbox

Then, run:

slither /src/contracts/ --solc-remaps @openzeppelin=/src/node_modules/@openzeppelin --exclude naming-convention,external-function,low-level-calls

To exit:

exit

Echidna

Open the docker shell:

npm run toolbox

Then, run this:

echidna-test /src/contracts/mock/test/fuzzing/VaultFuzzTest.sol --contract VaultFuzzTest --config /src/contracts/mock/test/fuzzing/config.yaml

To exit:

exit

Linting

To check linting / code formatting:

npm run lint

or, to fix:

npm run lint:fix

Formatting

npm run format