Home page of solidityShield, showing a scan.

SolidityShield

Website

SolidityShield is an advanced web application created by a team of students during the blockchain minor at Amsterdam University of Applied Sciences. It was developed in collaboration with Byont to help developers strengthen the security of their Solidity smart contracts. The application uses powerful security analyzers such as Mythril and Slither, along with Nuxt.js for the frontend and Supabase for the backend.

The Power of Mythril and Slither

Mythril and Slither are the core of SolidityShield's security analysis. They are specialized tools designed to scan Ethereum smart contracts for potential vulnerabilities and bugs.

  1. Mythril: This tool uses symbolic execution and concolic testing techniques to analyze smart contracts, identifying security issues in their logic.
  2. Slither: Slither performs static analysis and pattern detection, detecting security pitfalls and suggesting best practices for secure contract development.

Frontend with Nuxt.js

We built SolidityShield with the goal offering a user-friendly interface built with Nuxt.js, a framework based on Vue.js.

This frontend design simplifies the process of uploading smart contracts and provides real-time monitoring of the analysis progress using database webhooks provided by Supabase.

Backend with Supabase and Express

The backend of SolidityShield is powered by Supabase, an open-source platform that streamlines database-driven web applications. We used features such as Authentication and Database management. This ensures efficient storage and retrieval of contract data. Express, a web application framework for Node.js, facilitates the connection between the frontend and the Docker containers that run the Mythril and Slither analyzers.

Blockchain

To further enhance the efficiency of the analysis process, SolidityShield leverages blockchain technology. The application stores the hash of each uploaded smart contract on the blockchain. This enables quick retrieval of previously analyzed contracts' results from the database, saving time and computational resources.

Home page of solidityShield, showing a scan.

How SolidityShield Works

  1. Authentication: Users can easily authenticate into the website using Github.
  2. Contract Upload: Developers can easily upload their Solidity smart contracts to SolidityShield for analysis. It is also possible to select which analyzer to use.
  3. Mythril and Slither Analysis: The uploaded contracts are scanned using Mythril and Slither analyzers running in Docker containers. These tools meticulously analyze the contracts to uncover potential vulnerabilities.
  4. Vulnerability Reports: Once the analysis is complete, developers receive a report highlighting any identified security issues, along with recommended fixes.
  5. Blockchain: After analyzing the contract, we store it in the blockchain, allowing is to retrieve the results if the same contract is uploaded again. This allows the accelarate the process of analyzing the contracts.

Conclusion

SolidityShield has been an incredibly rewarding project that I am grateful to have been a part of. Collaborating with a real client and building a tangible product provided us with invaluable hands-on experience. Throughout the 10-week journey, we delved into various cutting-edge technologies, expanding our skill set and knowledge significantly. The progress we made in such a short time frame fills me with immense pride.

But what truly made this project remarkable was the incredible team I had the privilege to work alongside.