README
Get the most out of BlockSecOps for your smart contract language. BlockSecOps supports multiple smart contract languages with specialized scanners: | Language...
Language Guides
Get the most out of BlockSecOps for your smart contract language.
Supported Languages
BlockSecOps supports multiple smart contract languages with specialized scanners:
| Language | Blockchain | Scanners | Status |
|---|---|---|---|
| Solidity | EVM chains | 11+ | Full Support |
| Vyper | EVM chains | 2 | Full Support |
| Rust (Solana) | Solana | 4 | Full Support |
| Move | Aptos, Sui | Coming Soon | Beta |
| Cairo | StarkNet | Coming Soon | Beta |
Language Coverage
Solidity (Most Comprehensive)
The most widely scanned language with 11+ specialized tools:
Static Analysis:
- Slither - Comprehensive vulnerability detection
- Solhint - Linting and best practices
- Aderyn - Modern Rust-based analyzer
Formal Verification:
- Mythril - Symbolic execution
- Halmos - Symbolic testing
- Certora - Formal specifications
Dynamic Analysis:
- Echidna - Fuzz testing
- Medusa - Parallel fuzzing
Vyper
Python-like smart contract language with focused security tools:
Analysis Tools:
- Vyper Analyzer - Native vulnerability detection
- Moccasin - Framework-aware scanning
Key Features:
- Intentionally limited features reduce attack surface
- Bounds checking by default
- Integer overflow protection
Rust (Solana)
Solana programs written in Rust with specialized security analysis:
Analysis Tools:
- Cargo Audit - Dependency vulnerabilities
- Clippy - Rust linting
- Soteria - Solana-specific analysis
- X-ray - Security scanner
Focus Areas:
- Account validation
- Signer verification
- PDA security
- Cross-program invocations
Multi-Language Projects
Many projects use multiple languages:
| Component | Language |
|---|---|
| Smart contracts | Solidity |
| Oracles | Rust |
| Bridges | Vyper + Solidity |
BlockSecOps handles mixed-language projects automatically:
- Detects language per file
- Applies appropriate scanners
- Unified reporting across languages
Language Detection
BlockSecOps automatically detects languages by:
File extension
.sol→ Solidity.vy→ Vyper.rs→ Rust
Pragma statements
pragma solidity ^0.8.0;# @version 0.3.9
Project configuration
foundry.toml→ Solidity/FoundryCargo.toml→ Rustbrownie-config.yaml→ Python/Vyper
Version Support
Solidity Versions
| Version Range | Support Level |
|---|---|
| 0.8.x | Full Support |
| 0.7.x | Full Support |
| 0.6.x | Full Support |
| 0.5.x | Limited |
| 0.4.x | Legacy |
Vyper Versions
| Version Range | Support Level |
|---|---|
| 0.3.x | Full Support |
| 0.2.x | Full Support |
Rust Versions
| Version | Support Level |
|---|---|
| 2021 Edition | Full Support |
| 2018 Edition | Full Support |
Best Practices by Language
Solidity
- Use latest stable version (0.8.x+)
- Enable optimizer with appropriate runs
- Include NatSpec documentation
- Use well-audited libraries (OpenZeppelin)
Vyper
- Use latest stable version (0.3.x)
- Leverage built-in security features
- Keep contracts focused and simple
- Use interfaces for external calls
Rust/Solana
- Follow Anchor framework patterns
- Validate all account constraints
- Use checked arithmetic
- Implement proper error handling
Scanner Recommendations by Language
Solidity Projects
Quick Scan (CI/CD):
- Slither + Solhint + Aderyn
Standard Scan:
- Above + Semgrep + Wake
Deep Scan (Pre-audit):
- All scanners including Mythril, Echidna
Vyper Projects
All Scans:
- Vyper Analyzer + Moccasin
Rust/Solana Projects
All Scans:
- Cargo Audit + Clippy + Soteria + X-ray
Next Steps
Choose your language guide:
- Solidity - EVM smart contracts
- Vyper - Python-like contracts
- Rust/Solana - Solana programs
- Multi-Language - Mixed projects