1. Introduction
  2. Development Guidelines
    ❱
    1. Code Maturity
    2. High-Level Best Practices
    3. Token Integration Checklist
    4. Known non-standard ERC20 tokens
    5. Incident Response Recommendations
    6. Secure Development Workflow
    7. Preparing for a Security Review
  3. Learn EVM
    ❱
    1. EVM Opcode Reference
    2. Transaction Tracing
    3. Arithmetic Checks
    4. Yellow Paper Guidance
    5. Forks <> EIPs
      ❱
      1. Forks <> CIPs
      2. Upgrades <> TIPs
      3. Forks <> BEPs
  4. Not so smart contracts
    ❱
    1. Algorand
      ❱
      1. Rekeying
      2. Unchecked Transaction Fees
      3. Closing Account
      4. Closing Asset
      5. Group Size Check
      6. Time-Based Replay Attack
      7. Access Controls
      8. Asset ID Check
      9. Denial of Service
      10. Inner Transaction Fee
      11. Clear State Transaction Check
    2. Cairo
      ❱
      1. Arithmetic Overflow
      2. L1 to L2 Address Conversion
      3. L1 to L2 failure
      4. Overconstrained L1 <-> L2 interaction
      5. Signature replays
      6. Unchecked from address in L1 Handler
    3. Cosmos
      ❱
      1. Incorrect Signers
      2. Non-Determinism
      3. Not Prioritized Messages
      4. Slow ABCI Methods
      5. ABCI Methods Panic
      6. Broken Bookkeeping
      7. Rounding Errors
      8. Unregistered Message Handler
      9. Missing Error Handler
    4. Solana
      ❱
      1. Arbitrary CPI
      2. Improper PDA Validation
      3. Ownership Check
      4. Signer Check
      5. Sysvar Account Check
      6. Improper Instruction Introspection
    5. Substrate
      ❱
      1. Arithmetic Overflow
      2. Don't Panic!
      3. Weights and Fees
      4. Verify First
      5. Unsigned Transaction Validation
      6. Bad Randomness
      7. Bad Origin
    6. Ton
      ❱
      1. Fake Jetton Contract
      2. Foward TON without gas check
      3. Int as boolean
  5. Program Analysis
    ❱
    1. Echidna
      ❱
      1. Introduction
        ❱
        1. Installation
        2. Introduction to Fuzzing
        3. How to Test a Property
      2. Basic
        ❱
        1. How to select the most suitable testing mode
        2. How to select the best testing approach
        3. How to filter functions
        4. How to test assertions
        5. How to write good properties step by step
        6. How to write properties that use ether
      3. Advanced
        ❱
        1. How to collect a corpus
        2. How to use optimization mode
        3. How to detect high gas consumption
        4. How to perform smart contract fuzzing at a large scale
        5. How to test bytecode-only contracts
        6. How and when to use cheat codes
        7. How to use hevm cheats to test permit
        8. How to seed Echidna with unit tests
        9. Understanding and using allContracts
        10. How to fuzz contracts with external libraries
        11. How to do on-chain fuzzing with state forking
        12. Interacting with off-chain data via FFI cheatcode
      4. Fuzzing tips
      5. Frequently Asked Questions
      6. Configuration options
      7. Exercises
        ❱
        1. Exercise 1
        2. Exercise 2
        3. Exercise 3
        4. Exercise 4
        5. Exercise 5
        6. Exercise 6
        7. Exercise 7
        8. Exercise 8
    2. Medusa
      ❱
      1. Installation
      2. First Steps
      3. Configuration Overview
        ❱
        1. Fuzzing Configuration
        2. Testing Configuration
        3. Chain Configuration
        4. Compilation Configuration
        5. Slither Configuration
        6. Logging Configuration
      4. CLI Overview
        ❱
        1. init
        2. fuzz
        3. completion
      5. Testing Overview
        ❱
        1. The Fuzzing Lifecycle
        2. Types of Invariants
        3. Writing Function-Level Invariants
        4. Writing System-Level Invariants (WIP)
        5. Reporting
      6. API Overview (WIP)
      7. Cheatcodes
        ❱
        1. warp
        2. roll
        3. fee
        4. difficulty
        5. prevrandao
        6. chainId
        7. store
        8. load
        9. etch
        10. deal
        11. snapshot
        12. getCode
        13. getNonce
        14. setNonce
        15. coinbase
        16. prank
        17. startPrank
        18. stopPrank
        19. prankHere
        20. ffi
        21. addr
        22. sign
        23. toString
        24. parseBytes
        25. parseBytes32
        26. parseInt
        27. parseUint
        28. parseBool
        29. parseAddress
      8. Console Logging
      9. FAQ
    3. Manticore
      ❱
      1. Introduction to symbolic execution
      2. Running under Manticore
      3. Getting throwing paths
      4. Adding constraints
      5. Exercises
        ❱
        1. Example
        2. Exercise 1
        3. Exercise 2
    4. Slither
      ❱
      1. Usage
      2. API
        ❱
        1. Static Analysis
        2. API
        3. SlithIR
        4. SSA
        5. Data dependency
        6. JSON output
      3. Detectors
        ❱
        1. Detectors
        2. Adding a detector
      4. Printers
      5. Tools
        ❱
        1. Adding a new tool
        2. Code Similarity
        3. Contract Flattening
        4. Documentation
        5. Doctor
        6. ERC Conformance
        7. Interface
        8. Mutator
        9. Path Finding Utility
        10. Property Generation
        11. Read Storage
        12. Format
        13. Upgradeability checks
      6. Tutorials
        ❱
        1. Exercise 1
        2. Exercise 2
        3. Exercise 3
  6. Resources
    ❱
    1. Security contact
    2. Blog posts

Building Secure Contracts

Writing System-Level Invariants with Medusa

WIP