Aderyn
Lightning-Fast Security
Rust-powered static analyzer for Solidity smart contracts
What is Aderyn?
Aderyn is an open-source, public-good developer tool — a Rust-based Solidity smart contract static analyzer designed to help protocol engineers and security researchers find vulnerabilities in Solidity codebases.
Lightning-Fast Vulnerability Detection
Thanks to its collection of static vulnerability detectors, running Cyfrin Aderyn on your Solidity codebase will highlight all the potential vulnerabilities, drastically reducing the potential for unknown issues in your Solidity code.
This gives you the time to focus on more complex problems.
Built for Speed and Flexibility
Built using Rust, Aderyn integrates seamlessly into small and enterprise-level development workflows.
It offers lightning-fast command-line functionality and a framework to build custom detectors to adapt to your specific needs.
What Aderyn Does
At its core, Aderyn helps you in three key ways:
1. Identify Solidity Smart Contract Vulnerabilities
Solidity developers and security auditors use Cyfrin Aderyn to identify potential vulnerabilities in Solidity code and highlight parts of the codebase for further investigation.
2. Build Custom Detectors
Protocols and security researchers use the Cyfrin Aderyn detectors framework to build custom vulnerability detectors for any codebase.
3. Protect Your Value
Competitive auditing platforms can use Cyfrin Aderyn to detect and filter out known issues inside protocol codebases, protecting customers' and auditors' time and value.
Check out the Cyfrin Aderyn repo on GitHub.
Cyfrin Aderyn Key Features
Static Analysis of Solidity Smart Contracts
Aderyn excels in parsing and analyzing Solidity smart contracts, providing insights into potential security risks and inefficiencies. Jump to Aderyn quickstart.
Adapt Aderyn to any codebase
Aderyn allows developers to create custom detectors to analyze and find specific code-based vulnerabilities.
Command Line Interface
Aderyn offers a developer-friendly CLI to customize its settings and your Solidity smart contracts analysis and reports.
Analyse only what matters
Aderyn allows specifying particular contracts to be analyzed or excluded, giving users control over the scope of the analysis.
Full control over your reports
The analysis results can be outputted in different formats, including Markdown and JSON, catering to different needs, such as human-readable reports or CI (Continuous Integration) pipeline integration.
Lighting fast execution
Written in Rust, Aderyn keeps its analysis times under the second.
Use Cases
Aderyn is versatile and can be used in various scenarios:
Pre-audit Analysis
Developers can use Aderyn to identify and address critical, high, and medium-severity issues in smart contracts before sending them for formal audits.
Automated Testing in CI Pipelines
Integrating Aderyn into CI pipelines allows automated scanning of contracts with each build, ensuring continuous security.
Smart Contract Development and Debugging
Developers can use Aderyn during the development phase to catch issues early in the development lifecycle.
Custom Security Analysis
By creating custom detectors, users can tailor the analysis to specific needs or concerns unique to their projects.
Competitive Audit Finding Exclusion
Use Aderyn in your competitive audit platform to list findings as "known issues". This is the official tool run before CodeHawks competitions.
Contributing
Aderyn is a fully open-source smart contract security and auditing tool powered by Cyfrin. It continually evolves, with future updates expected to streamline the installation process, enhance configuration options, and expand analytical capabilities.
Cyfrin loves open-source contributions! Please provide feedback or help us improve Aderyn by following the Contribution Guidelines on the official GitHub repo.