7 - Security II
Tutorial objectives
- Advanced techniques in security auditing
- Static analysis tools
- Introduction to fuzz testing
Tutorial pre-requisites
- Solidity, Python, Git fundamentals
- Installed Wake framework (https://ackee.xyz/wake/docs/latest/), Solidity (Wake) VSCode Extension (VS Marketplace Link) and Foundry toolchain (https://book.getfoundry.sh/).
- Wake is automatically installed with the VSCode extension.
For manual installation, use the following:
pip3 install eth-wake
curl -L https://foundry.paradigm.xyz | bash # insecure install, you know
source ~/.bashrc && foundryupStatic analysis
Static analysis is a method of debugging by examining source code before a program is run. It’s done by analyzing a set of code against a set of coding rules (detectors). This technique can help find errors and bugs that might not be picked up by compilers and interpreters.
Static analysis tools, often referred to as SAST (Static Application Security Testing) tools, can be used to analyze code for potential security vulnerabilities, code quality issues, and adherence to coding standards.
For static analysis in this tutorial, we will use the Wake testing framework (see documentation: https://ackee.xyz/wake/docs/latest/static-analysis/using-detectors/).
Other static analysis tools include:
- Slither - https://github.com/crytic/slither
- Aderyn - https://github.com/Cyfrin/aderyn
Practical example
To show how static analysis works, we can also use the code from the previous tutorial and run the Wake detectors on it.
- Clone the repository from https://github.com/Ackee-Blockchain-Education/NIE-BLO-tutorial-6.
- Edit the
wake.tomlfile and the excluded detectors block. - Analyze the output of the detectors in the VSCode window through the Solidity (Wake) extension.
- Run
wake detect allin the terminal in the project directory to see the output of the detectors on the command line.
Fuzzing
Fuzzing is a technique for testing software that involves providing invalid, unexpected, or random data as inputs to a computer program.
Fuzz tests are beneficial for example for black box testing, when manual testing or review will be more time-consuming, or to catch bugs that are unlikely to be spotted by human eye.
For fuzzing in this tutorial, we will use the Wake testing framework (see documentation: https://ackee.xyz/wake/docs/latest/testing-framework/fuzzing/).
Other fuzzing tools include:
- Foundry - https://github.com/foundry-rs/foundry
- Echidna - https://github.com/crytic/echidna
Practical example
The goal of this tutorial is explore the production code with security tooling and introduce manually guided fuzzing.
- Clone the repository from https://github.com/Ackee-Blockchain-Education/NIE-BLO-tutorial-7.
- Follow the tutorial instructions
Formal verification
Formal verification is a technique used in software testing to prove or disprove the correctness of intended algorithms underlying a system with respect to a certain formal specification or property.
This method is out of scope of our tutorial.
Tools/companies that provide formal verification include:
- Halmos - https://github.com/a16z/halmos
- Runtime Verification - https://runtimeverification.com/
- Certora - https://www.certora.com/