Target:
detect common security bugs
verify the correctness of smart contract code
Solidity:
Install Solidity && Solc
By brew:
run
npm install -g solc
to install solcrun
npm install -g solc-cli
to install solc-clirun
brew install solidity
to install solidityrun
brew link solidity
to link solidity
By source code:
download solidity_${version}.tar.gz
tar -zxvf solidity_${version}.tar.gz
cmake . -DTESTS=OFF && make install
Check install success
1
2
3$ solc --version
solc, the solidity compiler commandline interface
Version: 0.6.2+commit.bacdbe57.Darwin.appleclang
Mythx:
register account at: https://dashboard.mythx.io/
generate API KEY at: https://dashboard.mythx.io/#/console/tools
Sabre:
Sabre is a security analysis tool for smart contracts written in Solidity. It uses the MythX cloud service(https://mythx.io/) which detects a wide range of security issues.
Note: This client is not officially supported by MythX and may not optimally leverage all API features. Consider using the MythX command line client for serious business.
Github Url:
Use Doc:
Install Sabre:
$ npm install -g sabre-mythx
Set the MYTHX_API_KEY environment variable in your~/.bashrc for added convenience:
$ export MYTHX_API_KEY=[API_KEY]
Analyze Solidity files:
$ sabre analyze <FILENAME> [CONTRACT_NAME]
Mode:
quick: free(default)
standard: need pay
deep: need pay