CryptoAudit on Nostr: Finding bugs in solidity language, smart contracts and static code analysis is ...
Finding bugs in solidity language, smart contracts and static code analysis is divided into 2 periods for me.
Before familiarizing with the @semgrep tool and after that.
Before that, I used to choose Linux tools and commands and by chaining them, I found the pattern I was looking for, which sometimes became difficult.
But after getting familiar with this excellent tool, the work became much easier, and by writing a rule and taking some points into consideration, it is possible to reduce the false positive a lot.
I intend to publish some information about this tool and the bugs I found with it.
Published at
2024-09-12 21:33:14Event JSON
{
"id": "c3a7aa6f078c505b873ceb5c9f554f7237652b146bf04ad155af0679eff8a56f",
"pubkey": "daf7f4ccb8f4129d093c5b72d94423d8ff76b894dcf2789931aa62cf429e95a6",
"created_at": 1726176794,
"kind": 1,
"tags": [],
"content": "Finding bugs in solidity language, smart contracts and static code analysis is divided into 2 periods for me.\n\nBefore familiarizing with the @semgrep tool and after that.\n\nBefore that, I used to choose Linux tools and commands and by chaining them, I found the pattern I was looking for, which sometimes became difficult. \n\nBut after getting familiar with this excellent tool, the work became much easier, and by writing a rule and taking some points into consideration, it is possible to reduce the false positive a lot.\n\nI intend to publish some information about this tool and the bugs I found with it.",
"sig": "c8638b46cb368bdb1140cdcc7c2f57f71d199fd15240728cdad6f03428b83e31b7122c5ed7479b5a8dea8e4871f880c3c4369e54e1a72226935d67b3d01e0601"
}
