Static Analysis

 Our static analysis tool is a tool for analyzing the smart contract written in solidity, which can detect potential security risks and optimization points in solidity code, including general vulnerabilities, compiler bugs, gas optimization, code conventions etc., and give the specific location of the vulnerability in the source code and suggestions for improvement.

 Our static analysis tool detects by parsing solidity code and building an Abstract Syntax Tree (AST). An AST is a tree structure that represents the structure of code, where each node represents an element in the code, such as variables, functions, expressions, etc. By analyzing AST, our tools can analyze code data flow and control flow, so as to conduct a comprehensive analysis and detection of Solidity smart contracts, so as to improve code security, standardization and execution efficiency.

 The features of our tool are as follows:
  • Efficient: The detection speed is very fast, and Solidity contract with code less than 1000 lines can be detected within minutes.
  • Accurate: Through accurate code data flow and control flow analysis, potential problems and optimization points in the code can be identified, such as general vulnerabilities, compiler bugs, gas optimization, code conventions, etc., thereby improving code security and reliability .
  • Comprehensive: With 150+ rules, 110+ rules have been released so far, covering multiple categories such as general vulnerabilities, compiler bugs, gas optimization, code conventions, etc. It is currently the Solidity static analysis tool with the largest number of rules and the widest coverage.

 We have released the benchmark (involving 140+ Solidity contracts and 470 vulnerability points/optimization suggestions) of solidity static analysis tool, and each contract has marked the vulnerability point. We also randomly selected 27 projects from the well-known audit platform code4rena , and detected these 27 projects with our tool and the open source solidity static analysis tool Slither . We use code4rena's final audit report as a benchmark to compare the detection capabilities of these two tools for High, Medium, and Low level vulnerabilities. The final results show that the detection rate of our tool is significantly better than that of slither. For more detailed information, please refer to PublicStatistics .