More +
Scroll down
Close -

Verifying Smart Contracts with CredShields SolidityScan

Published on: 14 February, 2024

This article is part of Rootstock’s series “Building DeFi on Bitcoin” exploring different solutions and integrations on the Rootstock blockchain that enable scaling Bitcoin, bringing DeFi capabilities to the world’s first blockchain. 

CredShields, the entity behind SolidityScan, has recently announced its integration with Rootstock, enabling smart contract scans, source code vulnerability analysis, and automated smart contract security audits on the Rootstock blockchain.

In this developer guide, we explore how you can compute a contract’s security score, conduct a scan on a verified smart contract, read the vulnerability results, and publish an audit report. Scroll to the end for a list of discounted prices for Rootstock users.

Read on to learn, but first…

What is SolidityScan

SolidityScan leads the way as an AI-driven tool specifically tailored for Smart Contract Vulnerability Detection within the web3 ecosystem. The platform boasts a range of pivotal features designed to fortify smart contracts:

  • Advanced Vulnerability Detection: Leveraging over 160 evolving vulnerability detectors, SolidityScan conducts rapid analysis to precisely identify vulnerabilities and detect code anti-patterns with exceptional accuracy.
  • Effortless Code Management: Seamlessly upload code, automate scans, and gain invaluable insights into code quality trends using our intuitive AI-driven features. Simplify the management and monitoring of smart contract security effortlessly.
  • Comprehensive Security Reports: Generate detailed audit reports that highlight vulnerabilities and provide targeted suggestions for remediation. Share these reports securely or publicly, underscoring a commitment to robust security practices and transparency in addressing identified issues.
  • Seamless Integration: SolidityScan seamlessly integrates into development pipelines, facilitating the scanning of public/private code repositories on GitHub. Supporting various networks such as Ethereum, Binance Smart Chain, Polygon, Avalanche, and Fantom, this integration enhances accessibility and versatility across diverse blockchain ecosystems.

With advanced vulnerability detection, effortless code management, and comprehensive security reports, SolidityScan ensures a proactive approach to identifying and addressing vulnerabilities, instilling confidence in secure smart contract deployment while streamlining auditing processes.

1. Finding a Contract’s Security Score

The powerful AI algorithms in SolidityScan compute a contract’s security score in real-time. Their automated technique evaluates contract processes and trends to determine a safety rating.

To see the score, simply navigate to a verified contract in Rootstock and wait a few seconds while it is calculated. When finished, the score appears next to the shield icon. Clicking on the icon displays further information as well as a link to the full report.

The full report contains details about different functions, upgradeability, ownership and more, including an overall threat score.

2. Conducting a scan on a verified smart contract directly through a supported Block Explorer

SolidityScan supports various blockchain platforms including Rootstock, XDC, Ethereum, Binance, Avalanche, Polygon, etc.

To scan a verified contract using SolidityScan, follow these steps:

  1. Obtain the contract’s verified address from the Rootstock’s Blockscout Explorer.
  2. Copy the verified contract’s address and paste it into the input field for the contract address on SolidityScan.
  3. Select the blockchain platform and the specific chain where the contract has been deployed.
  4. Click on “Start Scan” to initiate the scanning process and ensure the security of the contract on the web.
  5. Users can also scan a GitHub project on Solidityscan.
  6. Specify if the GitHub repository is public or private.
  7. If public, select the branch of the repository to scan and choose the specific files to include in the scan.
  8. If private, select the GitHub account they want to connect to and choose the repositories they want SolidityScan to have access to.

3. Navigating through Vulnerability results after conducting a successful scan

Please note that the video below will guide you in identifying vulnerabilities and comprehending the nomenclature. Whether it’s a deployed contract or a GitHub project, the scanning process will remain consistent.

Here’s what you’ll be able to do:

  • Users have access to detailed scan results and can filter vulnerabilities based on severity, confidence, and other parameters.
  • The code view feature enables users to locate vulnerabilities precisely within their code.
  • Additionally, users can flag vulnerabilities by choosing options like “Won’t Fix” or “False Positive.”
  • Marking bugs as False positives will automatically update the scan score, indicating the exclusion of those bugs.

4. Generating, customizing, and publishing an audit report

SolidityScan provides users with the capability to generate security audit reports for their projects. Here’s how:

  1. Users can initiate the report generation process by clicking on the “Generate Report” button post the successful scanning of their project.
  2. Initially, the generated report is in private mode, limiting public sharing. Users have the option to review and customize their private reports before making them publicly accessible.
  3. To share the report, users are required to fill out a form containing their name, email, website, and organization details (note: personal details are optional).
  4. The published report undergoes a review and approval process by the SolidityScan team. Upon approval, users can either copy the link or download the report as a PDF.

 

Start auditing your Rootstock contracts with a discount

The Credshields integration with Rootstock comes with great advantages for developers, including:

  1. Priority Queue: Rootstock projects will receive immediate and dedicated attention from Credshields, ensuring prompt resolution of urgent security needs while upholding high service standards.
  2. Smart Contract Audits: Enjoy a 15% discount on Credshields’ cutting-edge smart contract audits. Our thorough assessment meticulously examines smart contract codes, identifying vulnerabilities to uphold the integrity and security of the codebase.
  3. dApp Audits: Unlock a 15% discount on Credshields’ dApp audits, guaranteeing end-to-end security for decentralized applications. Our meticulous review process aims to fortify user trust and confidence in your application.
  4. Node Audits: Leverage a 20% discount on Credshields’ node audits, ensuring comprehensive security for your decentralized application nodes. Our assessment aims to fortify the underlying infrastructure, enhancing overall network security.
  5. Blockchain SDK Audits: Obtain a 20% discount on Credshields’ blockchain SDK audits. Our in-depth analysis ensures the robustness and security of your blockchain development kit, safeguarding the integrity of your development tools.
  6. Web & Mobile Application Audits: Access a 15% discount on Credshields’ audits for web and mobile applications. Our thorough assessments aim to secure every facet of your applications, bolstering user confidence.
  7. Internal & External Network Audits: Avail a 15% discount on Credshields’ network audits, covering both internal and external network security. Our assessments aim to fortify your network infrastructure against potential threats.
  8. Cloud Configuration Audits (AWS & GCP): Enjoy a 20% discount on Credshields’ cloud configuration audits for AWS and GCP. Our detailed assessments ensure the security of your cloud configurations, minimizing vulnerabilities.
  9. API Audits: Benefit from a 15% discount on Credshields’ API audits, guaranteeing the security and reliability of your application programming interfaces. Our meticulous review aims to strengthen API security.
  10. Cross-Chain Bridge Audits: Ensure secure asset movement across blockchains with a 15% discount on Credshields’ cross-chain bridge audits. Our assessments focus on fortifying cross-chain interoperability.
  11. Bonus Advantages: In addition to discounts, Rootstock projects will receive integration support and a 25% discount on all SolidityScan plans for automated vulnerability analysis, further securing their projects.

Here’s how you can make use of these discounts:

  1. Manual Audits: Mention that you’re building on Rootstock when submitting a request for a manual audit to Credshields or drop a message in the telegram community.
  2. SolidityScan Plan: Utilize Coupon code ROOTSTOCK25 to grab these discounts on the SolidityScan Website.

Rootstock is the first, and longest-lasting Bitcoin sidechain. It is the only layer 2 solution that combines the security of Bitcoin’s proof-of-work, with Ethereum’s smart contract capabilities.

Rootstock is open-source, EVM-compatible, and secured by over 60% of Bitcoin’s hashing power, which makes it a gateway to a vibrant ecosystem of dApps that continues to evolve to become fully trustless. 

Start building DeFi on Bitcoin using Rootstock now.

 

About Credshields

Credshields, established in 2021, is a Web 3.0 Security organization offering top-notch auditing services and building affordable and accessible products to meet the growing demands of the blockchain space. Its flagship product, SolidityScan, is a comprehensive platform for smart contract scans, source code vulnerability analysis, and automated smart contract security audits.