Learning Goals:

Gain an…

1. Ability to run and configure a real static analysis tool to find bugs in smart contracts.
2. Understanding of the limitations of slither and an understanding of the limitations of static analysis.
3. Understanding of the benefits and utility of a static analysis tool.

Suggested Academic Readings:

1. Slither: A Static Analysis Framework For Smart Contracts
2. Static Program Analysis (Book)
3. Lessons from Building Static Analysis at Google

Resources:

• https://github.com/crytic/slither

Setup:

1. Download the development environment and benchmark set:

hw5.zip

1. Once you have your dev container open, set an environment variable for the path to your node modules. For me it looked like:

   export OPENZEP="/workspaces/web3-security-class/hw5/node_modules/@openzeppelin/contracts/"

Instructions

In this homework, you will run the static analysis tool Slither on a bug benchmark of 8 programs. 6 of these were the ethernaut programs from HW2.

Level 1: Fallback

Level 2: Fal1out