What is Caracal?
Caracal is a static analyzer tool over the SIERRA representation for Starknet smart contracts.
What about its Features?
👉Detectors to detect vulnerable Cairo code
👉Printers to report information
👉Taint analysis
👉Data flow analysis framework
👉Easy to run in Scarb projects
Any overview of its detectors?
1) controlled-library-call
Library calls with a user controlled class hash
2) unchecked-l1-handler-from
Detect L1 handlers without from address check
3) reentrancy
Detect when a storage variable is read before an external call and written after
4) unused-events
Events defined but not emitted
5) unused-return
Unused return values
6) unenforced-view
Function has view decorator but modifies state
7) unused-arguments
Unused arguments
8) reentrancy-benign
Detect when a storage variable is written after an external call but not read before
9) reentrancy-events
Detect when an event is emitted after an external call leading to out-of-order events
10) dead-code
Private functions never used
More info on how to install it and its limitations can be found in the repo below 👇
https://github.com/crytic/caracal
@ethers_security
Caracal is a static analyzer tool over the SIERRA representation for Starknet smart contracts.
What about its Features?
👉Detectors to detect vulnerable Cairo code
👉Printers to report information
👉Taint analysis
👉Data flow analysis framework
👉Easy to run in Scarb projects
Any overview of its detectors?
1) controlled-library-call
Library calls with a user controlled class hash
2) unchecked-l1-handler-from
Detect L1 handlers without from address check
3) reentrancy
Detect when a storage variable is read before an external call and written after
4) unused-events
Events defined but not emitted
5) unused-return
Unused return values
6) unenforced-view
Function has view decorator but modifies state
7) unused-arguments
Unused arguments
8) reentrancy-benign
Detect when a storage variable is written after an external call but not read before
9) reentrancy-events
Detect when an event is emitted after an external call leading to out-of-order events
10) dead-code
Private functions never used
More info on how to install it and its limitations can be found in the repo below 👇
https://github.com/crytic/caracal
@ethers_security
GitHub
GitHub - crytic/caracal: Static Analyzer for Starknet smart contracts
Static Analyzer for Starknet smart contracts. Contribute to crytic/caracal development by creating an account on GitHub.
Forwarded from Sun (Will never DM first)
Web3 DevSecOps is very important!
https://twitter.com/1nf0s3cpt/status/1684573117765898242
https://twitter.com/1nf0s3cpt/status/1684573117765898242
X (formerly Twitter)
SunSec (@1nf0s3cpt) on X
Web3 DevSecOps is very important!
I have learned a lot during the process of deploying the Protocol to the Mainnet recently.
I will share some thoughts on how to protect your protocol in🧵
#web3sec #devops #sre
I have learned a lot during the process of deploying the Protocol to the Mainnet recently.
I will share some thoughts on how to protect your protocol in🧵
#web3sec #devops #sre
❤3
Some people are still unaware of this masterpiece. Hopefully, you ain't one of them. If you are, it's not too late to start using it 🙏
https://medium.com/cyfrin/the-best-security-education-tool-in-web3-dd23717fbe58
@ethers_security
https://medium.com/cyfrin/the-best-security-education-tool-in-web3-dd23717fbe58
@ethers_security
Medium
The Best Security Education Tool in Web3
The Birth of Solodit, the best smart contract security audit tool in Web3
NFTek News 🗞️ NFTek.eth
https://nftnow.com/news/sim-swap-attacks-rising-in-web3/
GitHub
GitHub - OffcierCia/Crypto-OpSec-SelfGuard-RoadMap: Here we collect and discuss the best DeFi, Blockchain and crypto-related OpSec…
Here we collect and discuss the best DeFi, Blockchain and crypto-related OpSec researches and data terminals - contributions are welcome. - OffcierCia/Crypto-OpSec-SelfGuard-RoadMap
🔥2❤1👍1
Forwarded from Vladimir S. | Officer's Channel (officercia)
2nd part is out 👀
Link: officercia.mirror.xyz/AoRdvL3Lp5K5JHjlgpWaOHo_CehH-amZSAm9pxuFdwQ
More at @officercia 🫡️️
#security #audit
Link: officercia.mirror.xyz/AoRdvL3Lp5K5JHjlgpWaOHo_CehH-amZSAm9pxuFdwQ
More at @officercia 🫡️️
#security #audit
👍3
Forwarded from Officer’s Articles
❤2👍1
Forwarded from EthSecurity
Kebabsec
Squashing a Pesky Bug in UniswapX
About a week after the launch of UniswapX I submitted a bug report to Uniswap Labs’ bug bounty program. The bug was regarding an unsafe user balance check performed during order settlement. This was a high risk vulnerability that put any user creating an…
🤯4
Forwarded from Vladimir S. | Officer's Channel (officercia)
Great compilation 👀
Link: https://tropical-comb-1dc.notion.site/b7df825e3f0f4278bb297b1eda576494?v=01376a29af164585a380840b02bb9dd3
#audit #web3 #solidity
Link: https://tropical-comb-1dc.notion.site/b7df825e3f0f4278bb297b1eda576494?v=01376a29af164585a380840b02bb9dd3
#audit #web3 #solidity
tropical-comb-1dc on Notion
web3 audit treasures✨ | Notion
https://twitter.com/y0biz
🤯1