bluemsi/2nd
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
95cd8bb891bf94ea5dd50e4a490ee17d5707ecf2
2nd/10_Wiki/Topics/AI_and_ML/Smart-Contract-Auditing.md
T
Antigravity Agent f8b21af4be Wiki cleanup: error-doc removal, dedup merge, link normalization 
10_Wiki/Topics 대규모 정리:
- 오류 캡처/미완성 stub 문서 227개 제거
- 교차폴더 중복 43클러스터 병합 (63파일 → redirect)
- 링크명 정규화: 깨진 링크 수정·redirect 직결·개념 매핑 ~2,400건
- 카테고리 MOC 6개 신규 생성
- Graph 섹션 미해결 related-keyword 링크 10,058건 제거

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-20 23:52:15 +09:00

6.5 KiB
Raw Blame History

id, title, category, status, canonical_id, aliases, duplicate_of, source_trust_level, confidence_score, verification_status, tags, raw_sources, last_reinforced, github_commit, tech_stack
id title category status canonical_id aliases duplicate_of source_trust_level confidence_score verification_status tags raw_sources last_reinforced github_commit tech_stack
wiki-2026-0508-smart-contract-auditing Smart Contract Auditing 10_Wiki/Topics verified self
Solidity Audit
Web3 Security Audit
Contract Security Review
none A 0.9 applied
security
web3
solidity
audit
ai-security
2026-05-10 pending
language framework
solidity foundry/slither/mythril

Smart Contract Auditing

매 한 줄

"매 smart contract audit 의 layered defense — static (Slither) + symbolic (Mythril/Manticore) + fuzz (Echidna/Foundry invariant) + formal (Certora) + AI (Claude / GPT-5 audit) + human review". 매 2026 의 reality 의 single tool 의 X — 매 ensemble + AI-augmented review 의 ROI 의 best. 매 SWC registry, 매 Trail of Bits 의 building security in 의 reference.

매 핵심

매 Tool layers

  • Static (Slither, Aderyn): 매 known pattern detector — reentrancy, tx.origin, ...
  • Symbolic (Mythril, Manticore): 매 path explore + SMT solver.
  • Fuzz (Echidna, Foundry invariant): 매 property-based.
  • Formal (Certora Prover, halmos): 매 spec proof.
  • AI (Claude Opus 4.7, GPT-5, OpenZeppelin AI): 매 nuanced logic bug, NatSpec 의 intent vs code 의 mismatch.

매 Common vuln (SWC)

  • Reentrancy (SWC-107): CEI pattern, ReentrancyGuard.
  • Integer over/underflow: Solidity 0.8+ checked, 매 unchecked block 의 careful.
  • Access control: onlyOwner, role-based, 매 init function 의 protect.
  • Oracle manipulation: 매 single-block TWAP X, Chainlink + heartbeat.
  • MEV / front-run: commit-reveal, private mempool.

매 응용

  1. Pre-deploy audit — 매 mainnet deploy 의 prerequisite.
  2. CI gate — 매 PR 의 Slither / Foundry test 의 fail 의 block.
  3. Bug bounty — Immunefi 등록 의 ongoing.
  4. Upgrade audit — UUPS / Transparent proxy 의 upgrade diff review.

💻 패턴

Slither CI (GitHub Actions)

name: slither
on: [push, pull_request]
jobs:
  analyze:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: crytic/slither-action@v0.4.0
        with:
          fail-on: medium
          slither-args: "--exclude-informational --filter-paths node_modules"

Foundry invariant test

// test/Invariant.t.sol
import "forge-std/Test.sol";
import {Vault} from "src/Vault.sol";

contract VaultInvariant is Test {
    Vault vault;
    address[] users;

    function setUp() public {
        vault = new Vault();
        for (uint i; i < 5; i++) users.push(makeAddr(string(abi.encodePacked("u", i))));
    }

    function invariant_totalShares_eq_sumBalances() public view {
        uint sum;
        for (uint i; i < users.length; i++) sum += vault.balanceOf(users[i]);
        assertEq(vault.totalSupply(), sum);
    }
}

Reentrancy (CEI + Guard)

import "@openzeppelin/contracts/utils/ReentrancyGuard.sol";

contract Pool is ReentrancyGuard {
    mapping(address => uint) public balance;

    // BAD
    function withdrawBad() external {
        uint b = balance[msg.sender];
        (bool ok,) = msg.sender.call{value: b}("");  // 매 external before state
        require(ok);
        balance[msg.sender] = 0;
    }

    // GOOD: CEI + nonReentrant
    function withdraw() external nonReentrant {
        uint b = balance[msg.sender];
        balance[msg.sender] = 0;                      // Effects
        (bool ok,) = msg.sender.call{value: b}("");   // Interaction
        require(ok, "send fail");
    }
}

Echidna property test

contract VaultEchidna is Vault {
    function echidna_no_negative_balance() public view returns (bool) {
        // 매 reachable balance 의 always >= 0 (uint, but check via burn)
        return totalSupply() >= 0;
    }

    function echidna_total_eq_deposits() public view returns (bool) {
        return address(this).balance == totalDeposited;
    }
}
// echidna . --contract VaultEchidna --test-mode property

AI audit (Claude 4.7)

import anthropic
client = anthropic.Anthropic()

def ai_audit(contract_src: str) -> str:
    msg = client.messages.create(
        model="claude-opus-4-7",
        max_tokens=4000,
        system="""You are a senior smart contract auditor. Review for:
1. Reentrancy, access control, integer issues
2. Oracle / price manipulation
3. Logic bugs vs NatSpec intent
4. Gas / DoS
5. Upgrade safety
For each finding: severity (H/M/L), location, exploit, fix.""",
        messages=[{"role": "user", "content": f"```solidity\n{contract_src}\n```"}],
    )
    return msg.content[0].text

Certora spec

// MyToken.spec
methods {
    function balanceOf(address) external returns (uint) envfree;
    function totalSupply() external returns (uint) envfree;
}

invariant totalSupply_eq_sum_balances()
    totalSupply() == sumOfBalances()
    { preserved transfer(address to, uint amt) with (env e) {
        require balanceOf(e.msg.sender) >= amt;
    } }

Chainlink oracle (safe)

import "@chainlink/contracts/src/v0.8/shared/interfaces/AggregatorV3Interface.sol";

contract PriceConsumer {
    AggregatorV3Interface immutable feed;
    uint constant STALE = 3600;

    function price() public view returns (uint) {
        (, int answer,, uint updatedAt,) = feed.latestRoundData();
        require(answer > 0, "neg price");
        require(block.timestamp - updatedAt < STALE, "stale");
        return uint(answer);
    }
}

매 결정 기준

상황 Tool
CI gate Slither + Foundry test
Pre-deploy Slither + Mythril + Echidna + AI + human
High-value protocol + Certora formal
Upgrade diff + storage layout check
Bounty Immunefi

기본값: Slither CI + Foundry invariant + AI review + manual senior review before mainnet.

🔗 Graph

🤖 LLM 활용

언제: NatSpec vs code intent diff, logic bug, gas optimization, exploit hypothesis 의 generate. 언제 X: deterministic detection (Slither faster), formal proof (Certora).

안티패턴

  • Single tool reliance: 매 Slither alone 의 logic bug miss.
  • No mainnet rehearsal: 매 fork test X.
  • Owner = EOA: 매 multisig / timelock 의 use.
  • Unchecked external call: low-level call 의 return 의 ignore.

🧪 검증 / 중복

  • Verified (Trail of Bits, OpenZeppelin, ConsenSys Diligence).
  • 신뢰도 A.

🕓 Changelog

날짜 변경
2026-05-08 Phase 1
2026-05-10 Manual cleanup — full content with tool stack + AI audit pattern
Reference in New Issue View Git Blame Copy Permalink