IQ.wiki

읽기

편집

역사

알림

공유

SolidityScan

SolidityScan is a cloud-based tool that scans code to find vulnerabilities and generate audit reports post-mitigation. It scans smart contract code to detect security vulnerabilities and anti-patterns. The tool integrates into development pipelines to analyze code and flag vulnerabilities. It produces audit reports highlighting potential security risks in the code. [1]

Overview

SolidityScan provides a comprehensive suite of features aimed at bolstering smart contract security: [1]

  1. Quickscan for Deployed Contracts: Users can swiftly scan contracts deployed on supported explorers.

  2. Project Scanning: The platform supports scanning of both public and private repositories hosted on GitHub.

  3. On-Chain Contract Scanning: It enables users to initiate scans for contracts deployed across Ethereum, Binance Smart Chain, Polygon, Avalanche, and Fantom networks.

  4. File Upload and Scan: Users can upload and scan .sol files directly on the platform.  

  5. Report Generation and Publication: The tool facilitates the generation of detailed vulnerability reports, which can be shared via public links once issues are addressed.   

  6. Integrations: SolidityScan integrates seamlessly with GitHub repositories, allowing for automated scanning of private repositories.   

  7. SolidityScan SDK and Visual Studio Code Extension: Additional functionalities are available through the SDK and Visual Studio Code extension, enhancing development workflows.

Quickscan

Quickscan allows users to quickly assess deployed smart contracts by checking their code on supported explorers for various networks. Supported networks include (etherscan.io), (bscscan.com), (polygonscan.com), (ftmscan.com), (snowtrace.io), (cronoscan.com), (arbiscan.io), (celoscan.io), Aurora (explorer.aurora.dev), ReefScan (reefscan.com), (optimism.io), Buildbear (buildbear.io), XDC (xdc.blocksscan.io), Blockscout (blockscout.com), and Routescan (routescan.io). [2]

This feature simplifies the process of identifying vulnerabilities in deployed contracts, ensuring efficient security assessments across multiple blockchain ecosystems. [2]

Scanning a Online Git Repository

​​SolidityScan provides a straightforward process for scanning projects. Users begin by creating an account on SolidityScan's website. Once logged in, they can initiate scanning for their solidity projects. [3]

To start, users enter project details like the project name and its Git repository link. They should ensure the link leads to a repository containing Solidity (.sol) files, supported on platforms like Gitlab, GitHub, and Bitbucket. For private repositories, users integrate their GitHub/Gitlab/Bitbucket accounts from the Integrations tab and specify if the repository is public or private. [3]

Next, users select the branch containing the project to scan, defaulting to the primary branch on GitHub. They can also choose specific .sol files and folders for scanning; other file types are excluded. [3]

SolidityScan offers the option to set up webhooks for Git Actions, triggering scans automatically when new commits are pushed to the branch. This feature supports GitHub, Bitbucket, and Gitlab repositories owned by the user. [3]

After configuring settings, users start the scan by clicking Start Scan. They monitor progress and review detailed results upon completion. [3]

Post-scan, users access comprehensive results, including an overview of security status and specifics on identified issues and vulnerabilities. Detailed results provide insights into individual issues, with options to expand descriptions and manage code view visibility. [3]

SolidityScan allows users to filter and update bug statuses based on severity, confidence in vulnerability detection, and bug status (e.g., Won't Fix or False Positive). Users can provide comments to improve scanner performance. [3]

A scan history feature lets users review past and re-scans, while settings allow updates to files and directories for future scans. Webhook settings manage ongoing security monitoring via GitHub Actions. [3]

Scanning Deployed Contracts

SolidityScan offers a feature to scan specific deployed contracts whose code is accessible on supported explorers across various blockchain networks. These networks include Ethereum (etherscan.io), Binance Smart Chain (bscscan.com), Polygon (polygonscan.com), Fantom (ftmscan.com), Avalanche (snowtrace.io), Cronos (cronoscan.com), Arbitrum (arbiscan.io), Celo (celoscan.io), Aurora (explorer.aurora.dev), ReefScan (reefscan.com), Optimism (optimism.io), Buildbear (buildbear.io), XDC (xdc.blockscan.io), Blockscout (blockscout.com), and Routescan (routescan.io). [4]

This functionality allows users to assess the security and integrity of deployed smart contracts by leveraging the respective explorer platforms. It enables verification of code vulnerabilities and ensures transparency in blockchain-based application security assessments. [4]

Organizations

SolidityScan allows Pro and Custom plan users to create and manage organizations. This feature enables users to add members to their organization and assign specific roles based on resource access needs. Importantly, members added to the organization do not require an active plan themselves, facilitating seamless collaboration and resource management within the platform. [5]

Buddy Program

SolidityScan's Buddy Program offers several partnership opportunities across different verticals: [6]

  • Strategic Partners or Affiliates focus on promoting SolidityScan within their networks without rebranding. They earn 15% of the sale value post taxes.
  • Innovation Partners or Security Layer Partners integrate SolidityScan into their web3 projects, providing users with dedicated promo codes for trial scans. They benefit from unlimited API calls per month and participate in joint marketing activities.
  • Audit Partners, specifically for Credshields, follow a commission structure similar to Innovation Partners.
See something wrong? Report to us.

SolidityScan

커밋 정보

편집자

편집 날짜

June 27, 2024

편집 이유:

New Wiki Created 🎉

피드백

평균 평점

Based on over 1 ratings

경험은 어땠나요?

빠른 평가를 해서 우리에게 알려주세요!

트위터 타임라인

Loading...

로딩 중

미디어

참고 문헌.

IQ Brainlist 가입

IQ Brainlist에 가입하면 IQ.wiki 사이트에서 편집 권한을 얻을 수 있습니다!

지금 가입하기

뉴스레터를 구독하세요

IQ 생태계 보고서는 IQ에 대한 모든 정보를 계속 업데이트합니다.

구독하기

IQ.wiki

IQ.wiki의 비전은 블록체인 지식을 세계에 전하고 지식을 블록체인 위에 구현하는 것입니다. 그룹의 일부입니다Brainfund

https://twitter.com/IQWIKIhttps://www.reddit.com/r/Everipedia/https://t.me/everipediahttps://www.instagram.com/iqwiki_/https://github.com/EveripediaNetworkhttps://discord.gg/x9EWvTcPXthttps://www.facebook.com/iqdotwiki

아이큐

IQ란?스테이킹채권

회사

소개채용 정보인재 채용 중브랜딩IQ GPTIQ 대시보드

© 2024 IQ.wiki, BrainDAO & IQ가 지원합니다