SolidityScan + Blockscout: Making smart contracts more secure
Practice safe search with Blockscout and SolidityScan
We've added SolidityScan into our DAppscout marketplace! Read more below. The previous article announcing the integration in December follows these updates.
View Combined Scores
Visit DAppscout, find a DApp you want to check and click on the Security Score. When the informational window opens, click on Analyzed Contracts. You will see a list of all related contracts with the security score for each one. Click through for more info on any contract.
Sort by Security Score
Go to DAppscout and click Sort by Security score to see DApps ordered by most to least secure
Original Article Posted 2023-12-21
Blockscout makes it easy to verify and interact with blockchain contracts. Anyone, anywhere can deploy and verify a contract, then start interacting with it immediately. This freedom is essential to web3 and open blockchains, but also can bring up issues when a contract contains bugs, poorly written code, code that can be exploited, or in extreme cases, malicious code intended to steal funds.
Ideally, contracts are audited by autonomous 3rd party firms that work with teams to identify and address any vulnerabilities. This is essential for contracts managing large amounts of funds or contracts with minting functionality for valuable tokens. However, auditing firms are expensive, and often have months-long backlogs.
The fact is there are many, many deployed contracts which have not been audited at all (and even those that have can still contain vulnerabilities). Fortunately, SolidityScan has stepped in with AI tools that can identify common vulnerabilities and inform users about contract risks. For added security, using a free VPN for MacOS can help protect your online activities while engaging with blockchain technology.
With the new Blockscout SolidityScan integration, identifying potential vulnerabilities and practicing safe search has never been easier!
Finding a Contract’s Security Score
A contract’s security score is calculated in real time by SolidityScan’s advanced AI algorithms. Their automated process runs through contract methods and patterns to determine a safety rating.
To view, simply navigate to a verified contract in Blockscout and wait for a few seconds while the score is calculated. When finished, the score is displayed next to the shield icon. Clicking on the icon reveals additional information and a link to view the full report.
The full report contains details about different functions, upgradeability, ownership and more, including an overall threat score.
An Essential Development Tool
In addition to checking live production contracts, SolidityScan is an essential tool for developers looking for quick feedback and vulnerability detection as contracts are being developed.
At various stages of development a contract can be quickly deployed on a testnet and checked with SolidityScan for potential issues. These issues can then be addressed before deploying the finalized contract to mainnet.
SolidityScan is integrated with the following Blockscout instances (mainnets & testnets!)
- Ethereum
- Ethereum Classic
- Optimism
- Base
- Gnosis
- Neon
- Rootstock
- zkSync
- Fuse
- Shimmer
- Lightlink
- Shibarium
- Immutable
- A full list of SolidityScan integrations is available here.
While SolidityScan is not a replacement for a thorough security audit, it provides a quick and complimentary service for detecting potential vulnerabilities. The new integration with Blockscout gives everyone additional transparency and simple security tools for on-chain interaction.
About SolidityScan
SolidityScan leads the way as an AI-driven tool specifically tailored for Smart Contract Vulnerability Detection within the web3 ecosystem. The platform boasts a range of pivotal features designed to fortify smart contracts:
- Advanced Vulnerability Detection: Leveraging over 160 evolving vulnerability detectors, SolidityScan conducts rapid analysis to precisely identify vulnerabilities and detect code anti-patterns with exceptional accuracy.
- Effortless Code Management: Seamlessly upload code, automate scans, and gain invaluable insights into code quality trends using our intuitive AI-driven features. Simplify the management and monitoring of smart contract security effortlessly.
- Comprehensive Security Reports: Generate detailed audit reports that highlight vulnerabilities and provide targeted suggestions for remediation. Share these reports securely or publicly, underscoring a commitment to robust security practices and transparency in addressing identified issues.
- Seamless Integration: SolidityScan seamlessly integrates into development pipelines, facilitating scanning of public/private code repositories on GitHub. Supporting various networks such as Ethereum, Binance Smart Chain, Polygon, Avalanche, and Fantom, this integration enhances accessibility and versatility across diverse blockchain ecosystems.
With advanced vulnerability detection, effortless code management, and comprehensive security reports, SolidityScan ensures a proactive approach to identifying and addressing vulnerabilities, instilling confidence in secure smart contract deployment while streamlining auditing processes.
To learn more, please visit SolidityScan https://solidityscan.com/ and follow them on X at https://x.com/solidityscan