{"id":299,"date":"2022-09-12T23:07:03","date_gmt":"2022-09-12T21:07:03","guid":{"rendered":"https:\/\/ackeeblockchain.com\/blog\/?post_type=glossary&#038;p=299"},"modified":"2022-09-12T23:07:03","modified_gmt":"2022-09-12T21:07:03","slug":"tool-based-analysis","status":"publish","type":"glossary","link":"https:\/\/ackee.xyz\/blog\/glossary\/tool-based-analysis\/","title":{"rendered":"Tool-based analysis"},"content":{"rendered":"<p class=\"p1\">Tool-based analysis refers to the <b>analysis of computer programs using various tools<\/b>. In the world of smart contracts, many tools can be useful for finding some of the <b>common and known<\/b> smart contract vulnerabilities.<\/p>\n<p class=\"p1\">We can also distinguish between <b>static and dynamic <\/b>code analysis. Static analysis is performed without executing the contract, whereas dynamic analysis identifies defects when running the contracts.<\/p>\n<p class=\"p1\">Here are some of the tools that we like to use when auditing <a href=\"https:\/\/ackeeblockchain.com\/blog\/glossary\/EVM\/\"><span class=\"s1\">EVM<\/span><\/a> smart contracts written in <a href=\"https:\/\/ackeeblockchain.com\/blog\/glossary\/solidity\/\"><span class=\"s1\">Solidity<\/span><\/a>:<\/p>\n<ul class=\"ul1\">\n<li class=\"li1\"><span class=\"s2\"><a href=\"https:\/\/github.com\/crytic\/slither\"><span class=\"s1\">Slither<\/span><\/a> &#8211;<\/span>\u00a0a static analysis framework written in Python 3, automatically detects common vulnerabilities;<\/li>\n<li class=\"li1\"><span class=\"s2\"><a href=\"https:\/\/eth-brownie.readthedocs.io\/en\/stable\/\"><span class=\"s1\">Brownie<\/span><\/a> &#8211; <\/span>Python-based development and testing framework;<\/li>\n<\/ul>\n<p class=\"p1\">We are developing <a href=\"https:\/\/github.com\/Ackee-Blockchain\/woke\"><span class=\"s3\">Woke<\/span><\/a> &#8211; a static analyzer and symbolic execution engine for Solidity.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Tool-based analysis refers to the analysis of computer programs using various tools. In the world of smart contracts, many tools can be useful for finding some of the common and known smart contract vulnerabilities. We can also distinguish between static and dynamic code analysis. Static analysis is performed without executing the contract, whereas dynamic analysis identifies defects when running the contracts. Here&hellip;<\/p>\n","protected":false},"author":12,"featured_media":0,"parent":0,"template":"","glossary-cat":[],"class_list":["post-299","glossary","type-glossary","status-publish","hentry"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/glossary\/299","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/glossary"}],"about":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/types\/glossary"}],"author":[{"embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/users\/12"}],"version-history":[{"count":0,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/glossary\/299\/revisions"}],"wp:attachment":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/media?parent=299"}],"wp:term":[{"taxonomy":"glossary-cat","embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/glossary-cat?post=299"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}