Scanner Comparison

Choose the right scanners for your security review.

---

Scanner Overview

BlockSecOps includes 17+ security scanners across categories:

Category	Scanners
Static Analysis	Slither, Solhint, Aderyn, Semgrep, Wake
Formal Verification	Mythril, Halmos, Certora
Fuzz Testing	Echidna, Medusa
AI-Powered	SolidityDefend
Vyper	Vyper Analyzer, Moccasin
Rust/Solana	Cargo Audit, Clippy, Soteria, X-ray

---

Static Analysis Scanners

Slither

Best for: Comprehensive vulnerability detection

Aspect	Detail
Speed	Fast (seconds)
Coverage	Broad (80+ detectors)
False Positives	Low-Medium
Strengths	Reentrancy, access control, data flow

When to use: Every scan. Foundation of analysis.

Solhint

Best for: Code quality and style

Aspect	Detail
Speed	Very fast
Coverage	Style, best practices
False Positives	Low
Strengths	Naming, formatting, gas

When to use: Code review, PR checks.

Aderyn

Best for: Modern Solidity patterns

Aspect	Detail
Speed	Fast
Coverage	Security + quality
False Positives	Low
Strengths	Modern patterns, Rust-based speed

When to use: Modern codebases, Foundry projects.

Semgrep

Best for: Custom rule matching

Aspect	Detail
Speed	Fast
Coverage	Pattern-based
False Positives	Low (depends on rules)
Strengths	Custom rules, specific patterns

When to use: Known vulnerability patterns, compliance.

Wake

Best for: Framework-aware analysis

Aspect	Detail
Speed	Medium
Coverage	Deep analysis
False Positives	Low
Strengths	Import resolution, complex projects

When to use: Large projects with many dependencies.

---

Formal Verification

Mythril

Best for: Deep symbolic execution

Aspect	Detail
Speed	Slow (minutes-hours)
Coverage	Path exploration
False Positives	Low
Strengths	Integer issues, state manipulation

When to use: Deep audits, critical contracts.

Halmos

Best for: Symbolic testing

Aspect	Detail
Speed	Medium-Slow
Coverage	Property-based
False Positives	Very low
Strengths	Bounded model checking

When to use: When you have properties to verify.

Certora

Best for: Formal specifications

Aspect	Detail
Speed	Slow
Coverage	Specification-based
False Positives	Very low
Strengths	Proving correctness

When to use: Critical DeFi, custom specifications.

---

Fuzz Testing

Echidna

Best for: Property-based fuzzing

Aspect	Detail
Speed	Slow (many iterations)
Coverage	Invariant testing
False Positives	Very low
Strengths	Finding edge cases

When to use: Testing invariants, complex logic.

Requires: Invariant functions in code

function echidna_balance_positive() public view returns (bool) {
    return balance >= 0;
}

Medusa

Best for: Parallel fuzzing

Aspect	Detail
Speed	Faster than Echidna
Coverage	Similar to Echidna
False Positives	Very low
Strengths	Parallelization, speed

When to use: Large fuzzing campaigns, time-constrained.

---

AI-Powered

SolidityDefend

Best for: Novel vulnerability patterns

Aspect	Detail
Speed	Fast
Coverage	ML-based patterns
False Positives	Medium
Strengths	Patterns not in traditional rules

When to use: Supplement to other scanners, novel code.

---

Vyper Scanners

Vyper Analyzer

Best for: Vyper-specific issues

Aspect	Detail
Speed	Fast
Coverage	Vyper security
False Positives	Low
Strengths	Native Vyper analysis

Moccasin

Best for: Framework-aware Vyper

Aspect	Detail
Speed	Fast
Coverage	Vyper + framework
False Positives	Low
Strengths	Ape/Brownie integration

---

Rust/Solana Scanners

Cargo Audit

Best for: Dependency vulnerabilities

Aspect	Detail
Speed	Fast
Coverage	Known CVEs
False Positives	Very low
Strengths	RustSec database

Clippy

Best for: Rust code quality

Aspect	Detail
Speed	Fast
Coverage	Lints, best practices
False Positives	Low
Strengths	Idiomatic Rust

Soteria

Best for: Solana-specific

Aspect	Detail
Speed	Medium
Coverage	Solana patterns
False Positives	Low
Strengths	Account validation, signer checks

X-ray

Best for: Deep Solana analysis

Aspect	Detail
Speed	Medium
Coverage	Security patterns
False Positives	Low
Strengths	CPI security, PDA validation

---

Preset Recommendations

Quick Preset

For fast feedback:

• Slither
• Solhint
• Aderyn

Duration: ~30 seconds
Coverage: Basic security + quality

Standard Preset

For thorough review:

• Slither, Solhint, Aderyn
• Semgrep
• Wake

Duration: 2-5 minutes
Coverage: Comprehensive static analysis

Deep Preset

For full audit:

• All static analyzers
• Mythril
• Echidna/Medusa

Duration: 10-30 minutes
Coverage: Maximum

---

Custom Scanner Selection

For DeFi Audits

Prioritize:

1. Slither (reentrancy, access)
2. Mythril (symbolic execution)
3. Echidna (invariants)

For Token Audits

Prioritize:

1. Slither (ERC compliance)
2. Aderyn (modern patterns)
3. Solhint (standards)

For NFT Audits

Prioritize:

1. Slither (access control)
2. Semgrep (metadata patterns)
3. Aderyn (royalty patterns)

---

Scanner Limitations

Scanner	Misses
Slither	Complex business logic
Mythril	State space explosion
Echidna	Without properties
All	Economic attacks

Always combine automated scanning with manual review.

---

Next Steps

• Scanner Catalog - Detailed catalog
• Audit Workflow - Full process
• Scanner Selection - Choosing scanners