bluemsi/2nd
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
95cd8bb891bf94ea5dd50e4a490ee17d5707ecf2
2nd/10_Wiki/Topics/AI_and_ML/Smart-Contract-Auditing.md
T
Antigravity Agent f8b21af4be Wiki cleanup: error-doc removal, dedup merge, link normalization 
10_Wiki/Topics 대규모 정리:
- 오류 캡처/미완성 stub 문서 227개 제거
- 교차폴더 중복 43클러스터 병합 (63파일 → redirect)
- 링크명 정규화: 깨진 링크 수정·redirect 직결·개념 매핑 ~2,400건
- 카테고리 MOC 6개 신규 생성
- Graph 섹션 미해결 related-keyword 링크 10,058건 제거

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-20 23:52:15 +09:00

213 lines
6.5 KiB
Markdown
Raw Blame History

---
id: wiki-2026-0508-smart-contract-auditing
title: Smart Contract Auditing
category: 10_Wiki/Topics
status: verified
canonical_id: self
aliases: [Solidity Audit, Web3 Security Audit, Contract Security Review]
duplicate_of: none
source_trust_level: A
confidence_score: 0.9
verification_status: applied
tags: [security, web3, solidity, audit, ai-security]
raw_sources: []
last_reinforced: 2026-05-10
github_commit: pending
tech_stack:
language: solidity
framework: foundry/slither/mythril
---
# Smart Contract Auditing
## 매 한 줄
> **"매 smart contract audit 의 layered defense — static (Slither) + symbolic (Mythril/Manticore) + fuzz (Echidna/Foundry invariant) + formal (Certora) + AI (Claude / GPT-5 audit) + human review"**. 매 2026 의 reality 의 single tool 의 X — 매 ensemble + AI-augmented review 의 ROI 의 best. 매 SWC registry, 매 Trail of Bits 의 building security in 의 reference.
## 매 핵심
### 매 Tool layers
- **Static (Slither, Aderyn)**: 매 known pattern detector — reentrancy, tx.origin, ...
- **Symbolic (Mythril, Manticore)**: 매 path explore + SMT solver.
- **Fuzz (Echidna, Foundry invariant)**: 매 property-based.
- **Formal (Certora Prover, halmos)**: 매 spec proof.
- **AI (Claude Opus 4.7, GPT-5, OpenZeppelin AI)**: 매 nuanced logic bug, NatSpec 의 intent vs code 의 mismatch.
### 매 Common vuln (SWC)
- **Reentrancy** (SWC-107): CEI pattern, ReentrancyGuard.
- **Integer over/underflow**: Solidity 0.8+ checked, 매 unchecked block 의 careful.
- **Access control**: onlyOwner, role-based, 매 init function 의 protect.
- **Oracle manipulation**: 매 single-block TWAP X, Chainlink + heartbeat.
- **MEV / front-run**: commit-reveal, private mempool.
### 매 응용
1. **Pre-deploy audit** — 매 mainnet deploy 의 prerequisite.
2. **CI gate** — 매 PR 의 Slither / Foundry test 의 fail 의 block.
3. **Bug bounty** — Immunefi 등록 의 ongoing.
4. **Upgrade audit** — UUPS / Transparent proxy 의 upgrade diff review.
## 💻 패턴
### Slither CI (GitHub Actions)
```yaml
name: slither
on: [push, pull_request]
jobs:
analyze:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: crytic/slither-action@v0.4.0
with:
fail-on: medium
slither-args: "--exclude-informational --filter-paths node_modules"
```
### Foundry invariant test
```solidity
// test/Invariant.t.sol
import "forge-std/Test.sol";
import {Vault} from "src/Vault.sol";
contract VaultInvariant is Test {
Vault vault;
address[] users;
function setUp() public {
vault = new Vault();
for (uint i; i < 5; i++) users.push(makeAddr(string(abi.encodePacked("u", i))));
}
function invariant_totalShares_eq_sumBalances() public view {
uint sum;
for (uint i; i < users.length; i++) sum += vault.balanceOf(users[i]);
assertEq(vault.totalSupply(), sum);
}
}
```
### Reentrancy (CEI + Guard)
```solidity
import "@openzeppelin/contracts/utils/ReentrancyGuard.sol";
contract Pool is ReentrancyGuard {
mapping(address => uint) public balance;
// BAD
function withdrawBad() external {
uint b = balance[msg.sender];
(bool ok,) = msg.sender.call{value: b}(""); // 매 external before state
require(ok);
balance[msg.sender] = 0;
}
// GOOD: CEI + nonReentrant
function withdraw() external nonReentrant {
uint b = balance[msg.sender];
balance[msg.sender] = 0; // Effects
(bool ok,) = msg.sender.call{value: b}(""); // Interaction
require(ok, "send fail");
}
}
```
### Echidna property test
```solidity
contract VaultEchidna is Vault {
function echidna_no_negative_balance() public view returns (bool) {
// 매 reachable balance 의 always >= 0 (uint, but check via burn)
return totalSupply() >= 0;
}
function echidna_total_eq_deposits() public view returns (bool) {
return address(this).balance == totalDeposited;
}
}
// echidna . --contract VaultEchidna --test-mode property
```
### AI audit (Claude 4.7)
```python
import anthropic
client = anthropic.Anthropic()
def ai_audit(contract_src: str) -> str:
msg = client.messages.create(
model="claude-opus-4-7",
max_tokens=4000,
system="""You are a senior smart contract auditor. Review for:
1. Reentrancy, access control, integer issues
2. Oracle / price manipulation
3. Logic bugs vs NatSpec intent
4. Gas / DoS
5. Upgrade safety
For each finding: severity (H/M/L), location, exploit, fix.""",
messages=[{"role": "user", "content": f"```solidity\n{contract_src}\n```"}],
)
return msg.content[0].text
```
### Certora spec
```
// MyToken.spec
methods {
function balanceOf(address) external returns (uint) envfree;
function totalSupply() external returns (uint) envfree;
}
invariant totalSupply_eq_sum_balances()
totalSupply() == sumOfBalances()
{ preserved transfer(address to, uint amt) with (env e) {
require balanceOf(e.msg.sender) >= amt;
} }
```
### Chainlink oracle (safe)
```solidity
import "@chainlink/contracts/src/v0.8/shared/interfaces/AggregatorV3Interface.sol";
contract PriceConsumer {
AggregatorV3Interface immutable feed;
uint constant STALE = 3600;
function price() public view returns (uint) {
(, int answer,, uint updatedAt,) = feed.latestRoundData();
require(answer > 0, "neg price");
require(block.timestamp - updatedAt < STALE, "stale");
return uint(answer);
}
}
```
## 매 결정 기준
| 상황 | Tool |
|---|---|
| CI gate | Slither + Foundry test |
| Pre-deploy | Slither + Mythril + Echidna + AI + human |
| High-value protocol | + Certora formal |
| Upgrade | diff + storage layout check |
| Bounty | Immunefi |
**기본값**: Slither CI + Foundry invariant + AI review + manual senior review before mainnet.
## 🔗 Graph
## 🤖 LLM 활용
**언제**: NatSpec vs code intent diff, logic bug, gas optimization, exploit hypothesis 의 generate.
**언제 X**: deterministic detection (Slither faster), formal proof (Certora).
## ❌ 안티패턴
- **Single tool reliance**: 매 Slither alone 의 logic bug miss.
- **No mainnet rehearsal**: 매 fork test X.
- **Owner = EOA**: 매 multisig / timelock 의 use.
- **Unchecked external call**: low-level call 의 return 의 ignore.
## 🧪 검증 / 중복
- Verified (Trail of Bits, OpenZeppelin, ConsenSys Diligence).
- 신뢰도 A.
## 🕓 Changelog
| 날짜 | 변경 |
|---|---|
| 2026-05-08 | Phase 1 |
| 2026-05-10 | Manual cleanup — full content with tool stack + AI audit pattern |
Reference in New Issue View Git Blame Copy Permalink