• Reading through the code thoroughly is a must
• Security centric syntax and semantic highlighting
• Find external calls, developer notes in comments, storage modifiers, access modifiers,
• Uses Surya for generating call graphs
• Hover over keywords to show basic security notes
• Solidity source code analyzer
• Detects many common issues such as reentrancy, functions that allow users to self-destruct the contract and uninitialized variables, and more
• Low false positives
• Can create a graphic representation of function calls
• Symbolic execution vulnerability scanner
• Can scan bytecode directly
• Free and open source
• Static analysis, symbolic analysis & fuzzing
• Has an API you can submit scan jobs to
• Integrates into dev frameworks
• Not free