Back to blogs
Written by
Cyfrin Team
Published on
April 30, 2024

Find Vulnerabilities in Your Solidity Codebase Using Cyfrin Aderyn

Open-sourced Rust-based Smart Contract static analyzer designed to help protocol engineers and security researchers find vulnerabilities in Solidity code bases

Table of Contents

Today, we’re excited to officially announce Aderyn.

An open-sourced Rust-based Smart Contract static analyzer designed to help protocol engineers and security researchers find vulnerabilities in Solidity code bases.

Using Cyfrin Aderyn, developers and auditors can take a bird's eye view over their smart contracts, traversing the Abstract Syntax Trees (AST) to pinpoint suspected vulnerabilities and printing them out in an easy-to-consume markdown format.

You can read the Cyfrin official documentation and check the repo on GitHub.

What is Cyfrin Aderyn?

Built using Rust, Aderyn integrates seamlessly into small and enterprise-level development workflows, offering lighting-fast command-line static analysis functionality and a framework to build custom detectors to adapt to any Solidity codebase.

Aderyn does 3 things really well:

  • Identify Solidity Smart contract vulnerabilities: Cyfrin Aderyn identifies potential vulnerabilities in Solidity code and highlights parts of the codebase for further investigation at lightning speed.
  • Supports Building custom detectors to suit your needs: Protocols and security researchers can use the Cyfrin Aderyn framework to build custom vulnerability detectors for any Solidity codebase.
  • Identify known issues and protect your value: Competitive auditing platforms can use Cyfrin Aderyn to detect and filter out known issues inside protocol codebases, protecting customers' and auditors' time and value.

Note: Aderyn does not replace the need for a comprehensive audit conducted by a professional security team.

Why Aderyn is completely Open Sourced

At Cyfrin, we’re building a more secure, safer, and long-term sustainable web3 ecosystem. To do this, we need:

  1. High-quality and developer-friendly Security tools that adapt to protocols and researchers’ needs.
  2. Strong and enforced security standards and best practices.
  3. Open access to the key resources and tools needed to ensure (1) and (2) are enforced and publicized.

Making Cyfrin Aderyn open-source is another step towards this goal.

cyfrin aderyn solidity static analyser report of the vulnerabilities in the smart contracts

Adaptable tools:

Aderyn adapts to any codebase thanks to its open-sourced custom detectors framework, giving engineers access to a tool that adapts to any codebase and is completely transparent and customizable.

Strong security standards

Open source isn’t only an opportunity to collaborate with other engineers in ways companies could never make happen on their own, it’s also a way to enforce and publicize the security standards we need to build tomorrow’s DeFi.

Open access

The Cyfrin Aderyn CLI tool and its codebase will always be free from any cost, giving every developer access to top-notch security tools.

If you want to start contributing to Cyfrin Aderyn, check the contribution guidelines

All Aderyn’s features

On top of its main features, here’s what Cyfrin Aderyn can do to help you enhance your Solidity code base:

  1. Static Analysis of Solidity Smart Contracts: Aderyn excels in parsing and analyzing Solidity smart contracts, providing insights into potential security risks and inefficiencies.
  2. Adapt Aderyn to any codebase:  Aderyn allows developers to create custom detectors to analyze and find specific code-based vulnerabilities.
  3. Command Line Interface: Aderyn offers a developer-friendly CLI to customize its settings and your Solidity smart contracts analysis and reports.
  4. Analyze only what matters: Aderyn allows specifying particular contracts to be analyzed or excluded, giving users control over the scope of the analysis.
  5. Full control over your reports: The analysis results can be outputted in different formats, including Markdown and JSON, catering to different needs, such as human-readable reports or CI (Continuous Integration) pipeline integration.
  6. Lighting fast execution: Written in Rust, Aderyn keeps its analysis times under a second.

Aderyn’s Use Cases

Aderyn is versatile and can be used in various scenarios, such as:

Pre-audit Analysis: Developers can use Aderyn to identify and address critical, high, and medium-severity issues in smart contracts before sending them for formal audits.

Automated Testing in CI Pipelines: Integrating Aderyn into CI pipelines allows automated scanning of contracts with each build, ensuring continuous security.

Smart Contract Development and Debugging: Developers can use Aderyn during the development phase to catch issues early in the protocol’s life cycle.

Custom Security Analysis: By creating custom detectors, users can tailor the analysis to specific needs or concerns unique to their projects.

Competitive audit finding exclusion list: Use Aderyn in your competitive audit platform to list findings as "known issues". This is the official tool run before CodeHawks competitions.

Get Started Now

Start using Cyfrin Aderyn to secure your development life-cycle - Read the official documentation and check out the repository on GitHub.

We welcome any bug reports, feature requests, and contributions on the Aderyn repository, please checkout the Contribution guidelines to get started.

Checkout Cyfrin Updraft if you want to learn smart contract development and get access to 70+ hours of courses, completely for free

Join us on Discord and follow us on Twitter.

Secure your protocol today

Join some of the biggest protocols and companies in creating a better internet. Our security researchers will help you throughout the whole process.
Stay on the bleeding edge of security
Carefully crafted, short smart contract security tips and news freshly delivered every week.