Check vulnerabilities on the smart contracts

oceanprotocol / pm

Zenhub needs each issue associated with one repo. This repo is a workaround, to mark issues that span >1 repos.

4 stars 0 forks source link

Check vulnerabilities on the smart contracts #136

Closed LoznianuAnamaria closed 2 years ago

LoznianuAnamaria commented 2 years ago

Besides solidity code audits. Run tools like https://github.com/crytic/slither & https://github.com/crytic/echidna with github actions to check for vulnerabilities in the smart contract code and deployed smart contracts PS: I’ve heard good things about MythX as well but it’s a paid tool.

MantisClone commented 2 years ago

Slither recently added SARIF support, which allows Slither to report issues through the Github code scanning app. An official Github action is not yet released but was teased in the 0.8.1 release notes.

I found this issue asking for the status of the official Slither Github action, but no response from the maintainers has been given.

From there, I saw that @htadashi had created their own Slither Github action. I will copy this and see if I can get it working.

htadashi commented 2 years ago

Hey @DMats, thanks for the mention. Just saw OceanProtocol website and I am looking forward to learn more about it!

I am writing this comment to note that, coincidentally, Trail of Bits released an official version of Slither Github action today, so you may try to use it first before using mine :)

MantisClone commented 2 years ago

Thanks for the info @htadashi!

MantisClone commented 2 years ago

Since https://github.com/oceanprotocol/contracts/pull/500 is merged, I'm closing this issue.

We briefly discussed using echidna, but ultimately chose to favor the fuzzing being implemented in ocean.py https://github.com/oceanprotocol/ocean.py/pull/726