My Web3 full stack Solicity smart contract & blockchain development journey along with
» this course from Patrick Collins
-4D21FC?style=for-the-badge&logo=blockchaindotcom){kind=icon}
- Clone the repo
git clone https://github.com/levblanc/web3-security-hardhat.git- Install dependencies with
yarn installornpm install
- Check and make sure python3 & pip3 are installed
$ python3 --version
Python 3.9.9
$ pip3 --version
pip 21.3.1 from /opt/homebrew/lib/python3.9/site-packages/pip (python 3.9)- Install
solc-select& set target Solidity version
# install solc-select
pip3 install solc-select
# install solidity compiler
solc-select install 0.8.17
# output
Installing '0.8.17'...
Version '0.8.17' installed.
# set solidity version
solc-select use 0.8.17
# output
Switched global version to 0.8.17- Install
slither-analyzer
pip3 install slither-analyzer
# verify installation
slither --help- Run command to spin up slither check
yarn slitherOfficial docs: https://github.com/trailofbits/eth-security-toolbox
- Install docker on your machine
- Pull docker image of
eth-security-toolbox
docker pull trailofbits/eth-security-toolbox- Spin up toolbox shell
yarn toolbox- Run test
echidna-test /src/contracts/test/fuzzing/VaultFuzzTest.sol --contract VaultFuzzTest --config /src/contracts/test/fuzzing/config.yaml- Exit toolbox shell
exit# Lint only
yarn lint
# Lint & fix
yarn lint:fixyarn format
- Learn about
slitheras a static and fast auditing tool - Learn about
eth-security-toolboxas an auditing toolkit and run with docker - Learn about the standard auditing process
- Learn about known attacks and how to avoid them
- Reentrancy
- Oracle Manipulation
- ALWAYS run
slither - Look MANUALLY for oracle manipulation examples or reentrancy
- Don't get anything from a centralized location (use Chainlink oracle instead)