# Test-evni

**Repository Path**: fengpangzi_space/test-evni

## Basic Information

- **Project Name**: Test-evni
- **Description**: 智能合约代码审计/合约漏洞测试环境-By_hardhat，包含示例
- **Primary Language**: Unknown
- **License**: MIT
- **Default Branch**: master
- **Homepage**: None
- **GVP Project**: No

## Statistics

- **Stars**: 0
- **Forks**: 1
- **Created**: 2022-12-14
- **Last Updated**: 2023-04-08

## Categories & Tags

**Categories**: Uncategorized

**Tags**: hardhat, 智能合约安全

## README

# Hardhat 智能合约测试环境

-   [资源](#资源)
    -   [工具](#工具)
    -   [靶场](#靶场)
    -   [审计实例:](#审计实例)
    -   [事件与最佳实践](#事件与最佳实践)
-   [Getting Started](#getting-started)
    -   [Requirements](#requirements)
    -   [Quickstart](#quickstart)
-   [Usage](#usage)
    -   [Slither](#slither)
    -   [Echidna](#echidna)
    -   [And](#and)
-   [Linting](#linting)
-   [Formatting](#formatting)

# 资源

These are some of the best places to learn even MORE about security:

PRs welcome to improve the list.

## 工具

-   [Slither](https://github.com/crytic/slither)
    -   Static analysis from Trail of Bits.
-   [Echidna](https://github.com/crytic/echidna)
    -   Fuzzing from Trail of Bits.
-   [Manticore](https://github.com/trailofbits/manticore)
    -   Symbolic execution tool from Trail of Bits.
-   [MythX](https://mythx.io/)
    -   Paid service for smart contract security.
-   [Mythrill](https://github.com/ConsenSys/mythril)
    -   MythX free edition.
-   [ETH Security Toolbox](https://github.com/trailofbits/eth-security-toolbox)
    -   Script to create docker containers configured with Trail of Bits security tools.
-   [ethersplay](https://github.com/crytic/ethersplay)
    -   ETH Disassembler
-   [Consensys Security Tools](https://consensys.net/diligence/tools/)
    -   A list of Consensys tools.

## 靶场

-   [Ethernaut](https://ethernaut.openzeppelin.com/) (This is a must play!)
-   [Damn Vulnerable Defi](https://www.damnvulnerabledefi.xyz/) (This is a must play!)

## 审计实例:

-   [Openzeppelin](https://blog.openzeppelin.com/fei-audit-2/)
-   [Sigma Prime](https://tracer.finance/radar/sigma-prime-audit/)
-   [Trail of Bits](https://alephzero.org/blog/trail-of-bits-audit-security/)

## 事件与最佳实践

-   [Smart Contract Security Best Practices](https://consensys.github.io/smart-contract-best-practices/)
    -   Consensys blog on security vulnerabilities. Also [check out their tools.](https://consensys.net/diligence/tools/)
-   [Chainlink X Certik Blog on Security](https://www.certik.com/resources/blog/technology/top-10-defi-security-best-practices)
    -   I helped write this. 😊
-   [More attacks](https://consensys.github.io/smart-contract-best-practices/attacks/denial-of-service/)

# Getting Started

## Requirements

-   [Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)
    -   You'll know you did it right if you can run `git --version` and you see a response like `git version x.x.x`
-   [Nodejs](https://nodejs.org/en/)
    -   You'll know you've installed nodejs right if you can run:
        -   `node --version` and get an ouput like: `vx.x.x`
-   [Yarn](https://classic.yarnpkg.com/lang/en/docs/install/) instead of `npm`
    -   You'll know you've installed yarn right if you can run:
        -   `yarn --version` and get an output like: `x.x.x`
        -   You might need to install it with npm
-   [Docker](https://docs.docker.com/get-docker/)
    -   You'll know you've installed docker right if you can run:
    -   `docker --version` and get an ouput like `Docker version xx.xx.xx, build xxxxx`

## Quickstart

```
git clone https://gitee.com/fengpangzi_space/simple_security.git
cd hardhat-security
yarn
```

Then, go right into [usage](#usage)

# Usage

## Slither

Open the docker shell:

```
yarn toolbox
```

Then, run:

```
slither /src/contracts/ --solc-remaps @openzeppelin=/src/node_modules/@openzeppelin --exclude naming-convention,external-function,low-level-calls
```

To exit:

```
exit
```

## Echidna

Open the docker shell:

```
yarn toolbox
```

Then, run this:

```
echidna-test /src/contracts/test/fuzzing/VaultFuzzTest.sol --contract VaultFuzzTest --config /src/contracts/test/fuzzing/config.yaml
```

To exit:

```
exit
```

# Linting

To check linting / code formatting:

```
yarn lint
```

or, to fix:

```
yarn lint:fix
```

# Formatting

```
yarn format
```

# And

## some script from that project

```
   "hh": "yarn hardhat",
        "deploy-local": "yarn hardhat deploy --network localnethost",
        "deploy-testnet": "yarn hardhat deploy --network Goerli",
        "test-local": "yarn hardhat test --network localnetwork",
        "test-staging": "yarn hardhat test --network Goerli",
        "lint": "yarn solhint 'contracts/*.sol'",
        "lint-fix": "yarn solhint 'contracts'/*.sol --fix ",
        "format": " yarn prettier --write .",
        "slither": "slither ./contracts --solc-remaps '@openzeppelin=node_modules/@openzeppelin @chainlink=node_modules/@chainlink' --exclude naming-convention,external-function,low-level-calls"
```