Tool-based analysis refers to the analysis of computer programs using various tools. In the world of smart contracts, many tools can be useful for finding some of the common and known smart contract vulnerabilities.
We can also distinguish between static and dynamic code analysis. Static analysis is performed without executing the contract, whereas dynamic analysis identifies defects when running the contracts.
Here are some of the tools that we like to use when auditing EVM smart contracts written in Solidity:
- Slither – a static analysis framework written in Python 3, automatically detects common vulnerabilities;
- Brownie – Python-based development and testing framework;
We are developing Woke – a static analyzer and symbolic execution engine for Solidity.