SolidityScan + Blockscout: Making smart contracts more secure

Practice safe search with Blockscout and SolidityScan

Smart contract security with SolidityScan and Blockscout
SolidityScan + Blockscout: Making smart contracts more secure
💡
👀 Update 7/4/24: Since the SolidityScan integration was introduced in December we've seen a huge influx of users scanning smart contracts and checking safety scores. We will continue to explore new chains and new ways we can incorporate this much needed feature.

We've added SolidityScan into our DAppscout marketplace! Read more below. The previous article announcing the integration in December follows these updates.
💡
New Feature: In DAppscout (The DApp marketplace available on some Blockscout instances) you can check the combined security scores for all contracts related to a DApp, and sort by Security Score to find the most (and least) secure DApps.

View Combined Scores

Visit DAppscout, find a DApp you want to check and click on the Security Score. When the informational window opens, click on Analyzed Contracts. You will see a list of all related contracts with the security score for each one. Click through for more info on any contract.

Dappscout access
Visit DAppscout on a supported Chain (DApps menu item)
Click on security score to view more info
Click on the score, then select Analyzed Contracts
Full list of analyzed contracts.
View the full list of analyzed contracts, sorted from high to low. Click on any contract to view more details.

Sort by Security Score

Go to DAppscout and click Sort by Security score to see DApps ordered by most to least secure

Change from the Default sort to Security score
Resorted by Security Score

Original Article Posted 2023-12-21

Blockscout makes it easy to verify and interact with blockchain contracts. Anyone, anywhere can deploy and verify a contract, then start interacting with it immediately. This freedom is essential to web3 and open blockchains, but also can bring up issues when a contract contains bugs, poorly written code, code that can be exploited, or in extreme cases, malicious code intended to steal funds.

Ideally, contracts are audited by autonomous 3rd party firms that work with teams to identify and address any vulnerabilities. This is essential for contracts managing large amounts of funds or contracts with minting functionality for valuable tokens. However, auditing firms are expensive, and often have months-long backlogs.

The fact is there are many, many deployed contracts which have not been audited at all (and even those that have can still contain vulnerabilities). Fortunately, SolidityScan has stepped in with AI tools that can identify common vulnerabilities and inform users about contract risks.  For added security, using a free VPN for MacOS can help protect your online activities while engaging with blockchain technology.

With the new Blockscout SolidityScan integration, identifying potential vulnerabilities and practicing safe search has never been easier!

Finding a Contract’s Security Score

A contract’s security score is calculated in real time by SolidityScan’s advanced AI algorithms. Their automated process runs through contract methods and patterns to determine a safety rating.

To view, simply navigate to a verified contract in Blockscout and wait for a few seconds while the score is calculated. When finished, the score is displayed next to the shield icon. Clicking on the icon reveals additional information and a link to view the full report.

Smart contract security details
Click the shield icon for additional details

The full report contains details about different functions, upgradeability, ownership and more, including an overall threat score.

Smart contract threat score with Blockscout and SolidityScan
This contract is looking good!

An Essential Development Tool

In addition to checking live production contracts, SolidityScan is an essential tool for developers looking for quick feedback and vulnerability detection as contracts are being developed.

At various stages of development a contract can be quickly deployed on a testnet and checked with SolidityScan for potential issues. These issues can then be addressed before deploying the finalized contract to mainnet.

SolidityScan is integrated with the following Blockscout instances (mainnets & testnets!)

While SolidityScan is not a replacement for a thorough security audit, it provides a quick and complimentary service for detecting potential vulnerabilities. The new integration with Blockscout gives everyone additional transparency and simple security tools for on-chain interaction.

About SolidityScan

SolidityScan leads the way as an AI-driven tool specifically tailored for Smart Contract Vulnerability Detection within the web3 ecosystem. The platform boasts a range of pivotal features designed to fortify smart contracts:

  1. Advanced Vulnerability Detection: Leveraging over 160 evolving vulnerability detectors, SolidityScan conducts rapid analysis to precisely identify vulnerabilities and detect code anti-patterns with exceptional accuracy.
  2. Effortless Code Management: Seamlessly upload code, automate scans, and gain invaluable insights into code quality trends using our intuitive AI-driven features. Simplify the management and monitoring of smart contract security effortlessly.
  3. Comprehensive Security Reports: Generate detailed audit reports that highlight vulnerabilities and provide targeted suggestions for remediation. Share these reports securely or publicly, underscoring a commitment to robust security practices and transparency in addressing identified issues.
  4. Seamless Integration: SolidityScan seamlessly integrates into development pipelines, facilitating scanning of public/private code repositories on GitHub. Supporting various networks such as Ethereum, Binance Smart Chain, Polygon, Avalanche, and Fantom, this integration enhances accessibility and versatility across diverse blockchain ecosystems.

With advanced vulnerability detection, effortless code management, and comprehensive security reports, SolidityScan ensures a proactive approach to identifying and addressing vulnerabilities, instilling confidence in secure smart contract deployment while streamlining auditing processes.

To learn more, please visit SolidityScan https://solidityscan.com/ and follow them on X at https://x.com/solidityscan