This repository contains scripts to create a Docker container preinstalled and preconfigured with all of Trail of Bits’ Ethereum security tools, including:
- Echidna property-based fuzz tester
- Medusa fuzz tester based on go-ethereum
- Slither static analysis tool
- solc-select to quickly switch between Solidity compiler versions
- Building secure contracts repository
Other useful tools developed by third-parties are also included:
- Foundry, a toolkit for Ethereum app development
- Vyper, a Pythonic Smart Contract language for the EVM
- n, a Node version manager
- npm and Yarn
- Python
Use our prebuilt Docker container to quickly install and run the toolkit:
docker pull ghcr.io/trailofbits/eth-security-toolbox:nightly
docker run -it ghcr.io/trailofbits/eth-security-toolbox:nightly
Alternatively, build the image from scratch:
git clone https://github.com/trailofbits/eth-security-toolbox.git
cd eth-security-toolbox
docker build -t eth-security-toolbox .
Simply start an instance of the Docker container:
docker run -it ghcr.io/trailofbits/eth-security-toolbox:nightly
Several Solidity versions are preinstalled via solc-select
. By default, solc
corresponds to the latest release. This can be changed using the solc-select
tool:
$ solc --version
solc, the solidity compiler commandline interface
Version: 0.8.22+commit.4fc1097e.Linux.g++
$ solc-select use 0.4.26
$ solc --version
solc, the solidity compiler commandline interface
Version: 0.4.26+commit.4563c3fc.Linux.g++
You can also view the installed versions and install new ones:
$ solc-select versions
0.8.22 (current, set by /home/ethsec/.solc-select/global-version)
0.7.6
0.6.12
0.5.17
0.4.26
ethsec@f95fb29a709d:~$ solc-select install 0.8.0
Installing solc '0.8.0'...
Version '0.8.0' installed.
ethsec@f95fb29a709d:~$ solc-select use 0.8.0
Switched global version to 0.8.0
$ solc --version
solc, the solidity compiler commandline interface
Version: 0.8.0+commit.c7dfd78e.Linux.g++
The toolbox comes preinstalled with a LTS version of Node, and
n, the Node version manager. You can install other
versions of Node if needed by using n
. Refer to their website for further
instructions.
$ sudo n 14
installing : node-v14.21.3
mkdir : /usr/local/n/versions/node/14.21.3
fetch : https://nodejs.org/dist/v14.21.3/node-v14.21.3-linux-arm64.tar.gz
copying : node/14.21.3
installed : v14.21.3 (with npm 6.14.18)
$ node --version
v14.21.3
Feel free to stop by our Slack channel for help on using or extending this toolbox.
The Ethereum Security Toolbox is licensed and distributed under the AGPLv3 license. Contact us if you’re looking for an exception to the terms.