Hi,
I want to develop a dynamic analysis tool for detecting vulnerabilities in EVM smart contracts. Somebody please guide me what are the steps for it and how can I use openZeppelin environment for it?
Zulfi.
3 Likes
HI @zak100,
At a high level I assume you would need a list of vulnerabilities and then a way to check for each vulnerability in the bytecode.
I assume that Etherscan does this process for warning of Solidity bugs in contracts.
See their list of Solidity bugs: https://etherscan.io/solcbuginfo
1 Like
Hi,
Right now I am focusing on this.
Zulfi.
1 Like
Hi,
Somebody please tell me what is the difference between the EVM Solidity and OppenZeppelin Solidity? What are the other differences between EVM and openZeppelin?
Zulfi.
1 Like
Hi @zak100,
OpenZeppelin Contracts are written in Solidity. There isn’t a variant of Solidity for OpenZeppelin.
Smart contracts written in Solidity are compiled to target a specific EVM version: https://docs.soliditylang.org/en/v0.8.0/using-the-compiler.html?highlight=evm#setting-the-evm-version-to-target
1 Like
Good morning, I am attaching an academic paper that I published in 2020. I am working on a web tool called OpenBalthazar that statically analyzes Solidity and Vyper and looks for bugs in the code.
Link: https://drops.dagstuhl.de/opus/volltexte/2020/13015/pdf/OASIcs-SLATE-2020-2.pdf
2 Likes
Hi marganaraz,
Thanks for sharing your work. I like your paper. I read some pages.
Zulfi.
2 Likes
Hi @marganaraz,
Welcome to the community 
Thank you for sharing your paper. Is there any links for OpenBalthazar?
For anyone coming on this thread or if you know anyone who might be suitable, OpenZeppelin are hiring:
1 Like
Hi Andrew
Thanks for the welcome.
I’m still in the prototype stage and focused on static analysis techniques. When I release a stable version I will publish it on these sides.
1 Like
Hi,
Good work.
I think it is your great achievement that you completed the prototype of your tool.
Zulfi.
1 Like