EVM Security Tools

This repository contains a Dockerfile for building an image pre-installed and pre-configured with essential tools for Ethereum smart contract security testing. Primary tools include:

• Foundry: Ethereum application development toolkit
• Slither: Static Analyzer for Solidity and Vyper
• Aderyn: Static Analyzer for Solidity
• hevm: Symbolic and concrete EVM execution engine
• Certora CLI: Formal verification
• solc-select: Manage and switch between Solidity compiler versions
• Vyper: Pythonic Smart Contract Language for the EVM

Other tools are also included:

• n: Node version management
• Node: Node.js JavaScript runtime
• Yarn: Package manager
• Python 3: with pip and venv
• Z3: Theorem Prover
• CVC5: Theorem Prover
• jq: Command-line JSON processor
• just: Command runner
• cloc: Count lines of code

Usage

Pull the Image

docker pull ghcr.io/tsxo/evm-security-tools:latest

Run Interactive Container

docker run -it --rm -v $(pwd):/workspace ghcr.io/tsxo/evm-security-tools:latest

This mounts your current directory to /workspace inside the container.

Example: Analyze a Contract with Slither

docker run -it --rm -v $(pwd):/workspace ghcr.io/tsxo/evm-security-tools:latest slither /workspace/src/MyContract.sol

Example: Run Foundry Tests

docker run -it --rm -v $(pwd):/workspace ghcr.io/tsxo/evm-security-tools:latest forge test

Example: Symbolic Execution with HEVM

docker run -it --rm -v $(pwd):/workspace ghcr.io/tsxo/evm-security-tools:latest hevm test

Building from Source

git clone git@github.com:tsxo/evm-security-tools.git
cd evm-security-tools
docker build -t evm-security-tools .

License

This project is licensed under the MIT License - see the LICENSE file for details.

Inspired By

Inspired by Trail of Bits' eth-security-toolbox.