|
| 1 | +--- |
| 2 | +layout: default |
| 3 | +title: Verazt |
| 4 | +[//]: # (parent: Hyperledger Labs) |
| 5 | +[//]: # (grand_parent: Active Labs) |
| 6 | +--- |
| 7 | +# Lab Name |
| 8 | +[Verazt](https://github.com/hyperledger-labs/verazt) |
| 9 | + |
| 10 | +# Short Description |
| 11 | + |
| 12 | +Verazt is a smart contract security toolkit that provides a set of tools performing static analysis, formal verification, and fuzz-testing to find security vulnerabilities in smart contracts. |
| 13 | + |
| 14 | +# Scope of Lab |
| 15 | + |
| 16 | +This lab aims to provide a comprehensive set of static analysis, formal verification, and fuzz testing tools to automatically analyze and find security vulnerabilities in smart contracts. |
| 17 | + |
| 18 | +At the current state, we focus on analyzing Solidity smart contracts on EVM-based blockchains. We apply different techniques to analyze different code representation levels in the compilation pipeline of Solidity smart contracts. More specifically: |
| 19 | + |
| 20 | +1. At the Solidity source code level, we implement a lightweight static analysis framework to find bugs based on checking bug patterns on the smart contracts' Abstract Syntax Tree (ASTs). |
| 21 | + |
| 22 | +2. At the Yul intermediate code level, we implement a formal verification framework to symbolically execute smart contracts and verify if their execution states violate any pre-defined or user-defined specifications that constrain the safety, security, and correctness of smart contracts. |
| 23 | + |
| 24 | +3. At the EVM bytecode level, we implement a fuzz testing framework to dynamically test smart contracts by generating random inputs and executing them to find potential bugs. |
| 25 | + |
| 26 | +In the future, we will expand the scope of this lab to support other smart contract languages such as Vyper, Move, or other Rust-based smart contracts, and other blockchain platforms such as Solana, Aptos, Sui. |
| 27 | + |
| 28 | +# Initial Committers |
| 29 | + |
| 30 | +We are a team of researchers and engineers from the [Singapore Blockchain Innovation Programme (SBIP)](https://sbip.sg/), a research lab hosted at [School of Computing](https://www.comp.nus.edu.sg/), [National University of Singapore](https://www.nus.edu.sg/). We have been researching and working on smart contract security for several years and have developed several tools and techniques to analyze and verify smart contracts. |
| 31 | + |
| 32 | +Our initial committers are: |
| 33 | + |
| 34 | +- https://github.com/taquangtrung |
| 35 | +- https://github.com/cassc |
| 36 | +- https://github.com/minhhn2910 |
| 37 | +- https://github.com/thanhtoantnt |
| 38 | + |
| 39 | +# Sponsor |
| 40 | + |
| 41 | +N/A |
| 42 | + |
| 43 | +# Pre-existing repository |
| 44 | + |
| 45 | +We are maintaining several repositories implementing the tools and techniques mentioned above. We will squash them into one commit and transfer them to the new repository created by Hyperledger Labs organization. |
0 commit comments