Tools¶

EVM Development, Testing, and Debugging¶

Tool	Tier	Use
Foundry	Must learn	Compile, test, fuzz, fork, script, and debug EVM systems.
Hardhat	Use in real audits	Common project framework; many scopes still use it.
Remix	Situational / advanced	Quick experiments and education.
Tenderly	Use in real audits	Transaction simulation and debugging.
Sourcify	Use in real audits	Verified source metadata and contract lookup.
Etherscan	Use in real audits	Contract, transaction, and event inspection.
Dune	Situational / advanced	On-chain analytics and incident queries.

Tool	Tier	Use
Slither	Use in real audits	Static analysis, printers, inheritance, and call graph views.
Aderyn	Use in real audits	Solidity static analysis with report output.
Mythril	Situational / advanced	Symbolic analysis for EVM bytecode.
Manticore	Situational / advanced	Symbolic execution platform.
Semgrep	Use in real audits	Custom source-code rules for frontends, APIs, and Solidity patterns.
Solhint	Use in real audits	Solidity linting and style/security rules.
Wake	Watchlist	Python-based Solidity testing and static analysis framework.

Tool	Tier	Use
Foundry Fork Testing	Must learn	Reproduce mainnet state and incident paths locally.
Tenderly	Use in real audits	Transaction simulation, trace debugging, and monitoring.
Dune	Situational / advanced	Incident dashboards, protocol queries, and anomaly research.
DeFiHackLabs	Must learn	Runnable exploit reproductions for historical incidents.

Tool	Tier	Use
Foundry Invariant Testing	Must learn	Invariant and stateful fuzz testing in the standard EVM workflow.
Echidna	Use in real audits	Property-based fuzzing.
Medusa	Use in real audits	Stateful EVM fuzzing.
ItyFuzz	Situational / advanced	Snapshot-based fuzzing and exploit-generation research.
Wake	Watchlist	Python-driven Solidity tests, fuzzing, and analysis.

Tool	Tier	Use
Halmos	Use in real audits	Symbolic testing from Foundry tests.
hevm	Situational / advanced	EVM symbolic execution and testing.
Certora Prover	Paid / certification	Formal verification with executable specs.
Kontrol	Situational / advanced	Foundry-integrated formal verification using K semantics.
K Framework	Situational / advanced	Semantics framework behind several verification efforts.

Tool	Tier	Use
Pashov AI Web3 Security	Must learn	Curated AI Web3 security tools and skills list.
Pashov Skills	Use in real audits	Solidity auditor and x-ray skills for AI-assisted review.
Octane Security	Paid / certification	Commercial AI security tool to evaluate with normal vendor diligence.
Nethermind AuditAgent	Watchlist	Nethermind-backed AI audit agent; verify outputs manually.
TestMachine EVMbench	Watchlist	Benchmark context for AI EVM exploit reasoning.
Paradigm EVMbench	Watchlist	Research framing for EVM exploit-generation benchmarks.
Re-Evaluating EVMBench	Watchlist	Cautionary paper for interpreting benchmark claims.

Tool	Tier	Use
Anchor	Must learn	Solana framework and account constraints.
Starknet Foundry	Use in real audits	Cairo contract testing.
Scarb	Use in real audits	Cairo package manager and build tool.
Move Prover	Situational / advanced	Specification and verification for Move.
Circom	Must learn	Circuit language for SNARK circuits.
Noir	Watchlist	ZK DSL with improving developer experience.

Tool	Tier	Use
Forta	Use in real audits	Detection bots and on-chain monitoring.
OpenZeppelin Defender	Use in real audits	Admin operations, monitoring, and automation.
Hypernative	Paid / certification	Real-time protocol monitoring and exploit detection.
Blockaid	Paid / certification	Wallet and dapp transaction protection.
GoPlus	Use in real audits	Token, address, and transaction risk APIs.
Socket	Use in real audits	Supply-chain risk for JavaScript packages.
OpenSSF Scorecard	Use in real audits	Open-source dependency health checks.
VANTAGE by DigiBastion	Watchlist	External domain, DNS, frontend, phishing, and Web3 trust-risk monitoring.