Smart Contract Static Analysis Tools

By Lab | June 4, 2018

Tools are an important part of any ecosystem. While tooling generally won’t solve your problems, it will often assist you, as the developer, in solving a problem.

Static analysis is a proactive measure for improving the quality of your code BEFORE pushing it to production.

Here are a few tools specifically for conducting static analysis on smart contracts.

Static Analysis

Manticore

Manticore is a tool created by Trail of Bits for binary analysis. Not only does Manticore operate on x86, x64, and ARM binaries, it can also execute on Ethereum smart contracts.

It is free and open source (Awesome!!) and the source is available on Github: https://github.com/trailofbits/manticore.

Mythril

Myhril is a security analysis engine/platform for Ethereum Smart Contracts. It uses Python and can be integrated with several common IDEs.

It is free and open source (Awesome!!) and the source is available on Github: https://github.com/ConsenSys/mythril

Oyente

Oyente is another analysis tool for smart contracts available on Github: https://github.com/melonproject/oyente. It was one of the original analysis tools but is under less active development than other tools now.

Solgraph

Solgraph is a pretty cool tool for visualizing data flow throughout a Solidity contract. It’s available on Github: https://github.com/raineorshine/solgraph.

SmartCheck

SmartCheck is a cloud based static analysis tool. It attempts to highlight potential security vulnerabilities by highlighting them in the code after submitting them to the SmartCheck portal. It can actually scan your code directly from your Github repo. The code does not appear to be open soure, but you can check out the service at smartdec.net.