Will Nundy

Static analysis tools in Web3 are getting an upgrade. Reintroducing: Aderyn - Rust-based Solidity AST Static Analysis tool - Open sourced - Bird themed Going to be giving away prizes for building detectors in the upcoming Scroll hackathon.

@cyfrin's mission is to level up Web3 security. Aderyn is a puzzle piece in that mission 🦜 Who is it for? 1. Solidity Developers 2. Security Researchers Why? 👇 1. Solidity Developers As a new generation of developers enters the space, we (the security community) are responsible for using our knowledge and experience to create tools that facilitate secure development practices. We need to make it easy to avoid repeating the mistakes of the past. From an intermediate dev's perspective, the cost of finding bugs in Solidity code is exorbitantly high. Engaging top-tier security firms like @cyfrin or competitive audits like @CodeHawks requires serious cash. That's because the security knowledge required to stamp out bugs is pooled amongst security firms and competitive auditors. They are in demand. This is partly because it's so damn easy to write bugs in smart contracts. We need to scale this industry. To do that, we must make writing bugs much more difficult. We must drive the cost of finding bugs, especially the common and known ones, towards zero. We do that by creating tools that make development secure by its very nature. That's what Aderyn is built for. Lightening fast, open source, static analysis that hooks into your existing development workflow. 2. Security Researchers Security Researchers are the gigabrain guardians of the onchain world. They are the people you engage with when you're undergoing an audit. They study solodit.xyz every day, they uncover crazy complex bugs and break your beautiful code with no remorse. Many auditors start every audit with a very long checklist. They read through your codebase, ensuring the code doesn't fall foul of any items on their list. If it does, it's an issue for the report. Once they've finished with this list, they get creative and try out other techniques. (A security community-driven example of this list can be found on @SoloditOfficial: solodit.xyz/checklist). What if that list were coded into a tool that could be run on codebases so that security researchers didn't have to spend days manually going through this list? What if that tool could do it in one second? That's Aderyn. Aderyn's detector framework enables Security Researchers to encode the patterns they look for in their checklist into Aderyn detectors. By doing this, the research community can focus on the deeper, more complex bugs, knowing that tooling has uncovered the repetitive checklist of issues so they don't have to. Developers write more secure code before they even engage Security Researchers, and when they do, the Researchers can spend more time on the complex bugs instead of getting bogged down with the low-hanging fruit. More secure devs = More secure Web3. Aderyn is just getting started; we have many items on the roadmap to make it the most usable security tool in the space and welcome all open-source contributors. If you're into Solidity, Security, or Rust, please reach out and open a PR. Also, stay tuned for Aderyn detector hackathons! 👀

This is awesome!

.@cyfrin has established a strategic alliance with @chainlinklabs. This alliance helps #Chainlink BUILD and SCALE members access high-quality public and private audits. cyfrin.io/blog/cyfrin-an…