Hi there
Since season 4 projects have to be pushed to mainnet and professional audits cost between 5k-10k I thought I post here a tutorial on how to do a quick automated “audit” using a static analysis tool called slither.
So there are some companies out there that offer cheap code review and they usually use this tool, so you can do it yourself and it will identify some serious vulnerabilities like reentry.
It does not help to identify bad decisions but more like issues that can be automatically detected.
here is the github repo:
This is a tutorial for Linux and I use Ubuntu!
So if you use something else the commands may be different.
Install python3-pip
sudo apt install python3-pip
Install slither
pip3 install slither-analyzer
for me slither installed in /home/user/.local/bin
Your user name may be different.
So open bashrc and add a line to it, export the path
vim ~/.bashrc
export PATH=$PATH:/home/user/.local/bin
then close vim
source ~/.bashrc
Now you are ready to navigate to the root of your project, I use hardhat but works with other frameworks too. Run
slither .
Now you will see a lot of output. Go ahead and analyze it. Slither will detect some serious vulnerability issues like reentry. You will also get false positives.
This does not substitute a real audit conducted by a company but still will help with securing your application.
You can also run Slither with different flags to get different outputs
try
slither . --print human-summary
For a more readable output. Check out the docs in the source code for more!