Web3Bugs icon indicating copy to clipboard operation
Web3Bugs copied to clipboard

Published 20 hours ago verified publisher icon ZhangZhuoSJTU

Requesting add new Publicly Available Security Analysis Techniques

Open soaphorn opened this issue 1 year ago • 2 comments

Hello Admin, I would like to requesting add some new tool relate to Cairo and Rust.

  • Thoth: Developed by Fuzzing Labs, It Symbolic Execution Framework for Cario Program Language also has some feature such as decompiler, static analysis...
  • link: https://github.com/FuzzingLabs/thoth
  • Horus: Development by Nethermind, it is Formal Verification for StarkNet Contract.
  • link: https://github.com/NethermindEth/horus-checker
  • Kani Rust Verification: Developed by N/A, It is a bit-precise model checker for Rust.
  • link: https://github.com/model-checking/kani
  • Use case: https://osec.io/blog/2023-01-26-formally-verifying-solana-programs
  • Prusti: Developed by N/A,it is a prototype verifier for Rust, built upon the Viper verification infrastructure.
  • link: https://github.com/viperproject/prusti-dev

Thank, Soaphorn

soaphorn avatar Mar 15 '23 09:03 soaphorn

Hi @soaphorn!

I am grateful for your contribution and would like to express my appreciation for the valuable material you have provided. I will review the material and update the list with your contributions shortly. Thank you for your positivity and willingness to assist with this project!

ZhangZhuoSJTU avatar Mar 15 '23 14:03 ZhangZhuoSJTU

Hi @soaphorn!

Upon careful examination of the tools you suggested, I have decided to temporarily delay their integration into the list.

Regarding Kani and Prusti, it appears that they primarily serve as general Rust analyzers. As such, I believe it would be more appropriate not to include them in the list. However, I welcome and encourage you to share your thoughts on this matter.

As for the first two tools, I must admit that I am not an expert in Cario/StarkNet, which makes it difficult for me to accurately assess their value. Additionally, they have garnered a limited number of stars, leading me to wait for further community input before making a decision.

Your opinions are highly valued, so please feel free to share your thoughts and any additional information that you believe may be relevant. Thanks again for your understanding and collaboration.

ZhangZhuoSJTU avatar Mar 21 '23 02:03 ZhangZhuoSJTU