By Lab | June 4, 2018
Tools are an important part of any ecosystem. While tooling generally won’t solve your problems, it will often assist you, as the developer, in solving a problem.
Static analysis is a proactive measure for improving the quality of your code BEFORE pushing it to production.
Here are a few tools specifically for conducting static analysis on smart contracts.
It is free and open source (Awesome!!) and the source is available on Github: https://github.com/trailofbits/manticore.
Myhril is a security analysis engine/platform for Ethereum Smart Contracts. It uses Python and can be integrated with several common IDEs.
It is free and open source (Awesome!!) and the source is available on Github: https://github.com/ConsenSys/mythril
Oyente is another analysis tool for smart contracts available on Github: https://github.com/melonproject/oyente. It was one of the original analysis tools but is under less active development than other tools now.
Solgraph is a pretty cool tool for visualizing data flow throughout a Solidity contract. It’s available on Github: https://github.com/raineorshine/solgraph.
SmartCheck is a cloud based static analysis tool. It attempts to highlight potential security vulnerabilities by highlighting them in the code after submitting them to the SmartCheck portal. It can actually scan your code directly from your Github repo. The code does not appear to be open soure, but you can check out the service at smartdec.net.