My Web3 full stack Solicity smart contract & blockchain development journey along with
» this course from Patrick Collins
- Clone the repo
git clone https://github.com/levblanc/web3-security-hardhat.git
- Install dependencies with
yarn install
ornpm install
- Check and make sure python3 & pip3 are installed
$ python3 --version
Python 3.9.9
$ pip3 --version
pip 21.3.1 from /opt/homebrew/lib/python3.9/site-packages/pip (python 3.9)
- Install
solc-select
& set target Solidity version
# install solc-select
pip3 install solc-select
# install solidity compiler
solc-select install 0.8.17
# output
Installing '0.8.17'...
Version '0.8.17' installed.
# set solidity version
solc-select use 0.8.17
# output
Switched global version to 0.8.17
- Install
slither-analyzer
pip3 install slither-analyzer
# verify installation
slither --help
- Run command to spin up slither check
yarn slither
Official docs: https://github.com/trailofbits/eth-security-toolbox
- Install docker on your machine
- Pull docker image of
eth-security-toolbox
docker pull trailofbits/eth-security-toolbox
- Spin up toolbox shell
yarn toolbox
- Run test
echidna-test /src/contracts/test/fuzzing/VaultFuzzTest.sol --contract VaultFuzzTest --config /src/contracts/test/fuzzing/config.yaml
- Exit toolbox shell
exit
# Lint only
yarn lint
# Lint & fix
yarn lint:fix
yarn format
- Learn about
slither
as a static and fast auditing tool - Learn about
eth-security-toolbox
as an auditing toolkit and run with docker - Learn about the standard auditing process
- Learn about known attacks and how to avoid them
- Reentrancy
- Oracle Manipulation
- ALWAYS run
slither
- Look MANUALLY for oracle manipulation examples or reentrancy
- Don't get anything from a centralized location (use Chainlink oracle instead)