# 25 Tips for Solidity Code Auditors

By [Officer's Blog](https://paragraph.com/@officercia) · 2024-01-18

---

### **Gaining the most elusive of tips. Add your input and let’s collect them all!**

1.  _Did you know that you_ [_can_](https://docs.blink.sh/advanced/code) _utilize_ [_VSCode_](https://marketplace.visualstudio.com/items?itemName=BlinkShellInc.blink-fs) _on your_ **_iPad_** _(_[_preferably_](https://twitter.com/0xkasper/status/1680373205440102401) _with a Magic Keyboard) using the_ [_Blink App_](https://apps.apple.com/us/app/blink-shell-build-code/id1594898306)_? If not, watch the_ [_following video_](https://youtu.be/BsbQxSUdUOw)_! I hope you find this_ [_tip_](https://twitter.com/0xkasper/status/1680373205440102401) _useful in your work!_
    
2.  _Clone any project, then upload extension into_ [_vscode_](https://github.com/juanfranblanco/vscode-solidity)_,_ [_2nd link_](https://marketplace.visualstudio.com/items?itemName=Saw-mon-and-Natalie.vscode-evm-toolkit) _-> add key from_ [_sourcegraph_](https://sourcegraph.com/search?q=context%3Aglobal+file%3AMasterChef.sol&patternType=standard&sm=1&groupBy=repo)_, select the contract and the AI analyzes the structure of your project for you! Check out this_ [_example_](https://sourcegraph.com/search?q=context%3Aglobal+file%3AMasterChef.sol&patternType=standard&sm=1&groupBy=repo)_!_
    
3.  _Try_ [_auditwizard.io_](https://www.auditwizard.io/) _—_ **_revolutionize_** _your workflow today!_
    
4.  _Check out pre-built_ [_security properties_](https://github.com/0xNazgul/fuzzydefi) _for commonly forked DeFi protocols._
    
5.  _MEV / Sandwich / Front-run & Back-run:_ [_Compilation_](https://telegra.ph/Cool-Pack-for-Chads-10-19) _&_ [_advanced_](https://medium.com/1inch-network/advanced-mev-strategies-lp-sandwich-and-reverse-lp-sandwich-attacks-4558c631feff) _info._
    
6.  _Try_ [_Slither Detectors by Pessimistic.io_](https://github.com/pessimistic-io/slitherin) _& check out_ [_SolCurity_](https://github.com/Rari-Capital/solcurity)_._
    
7.  _Give a try:_ [_Pyrometer_](https://github.com/nascentxyz/pyrometer) _&_ [_Sporalyzer_](https://blog.fungify.it/p/introducing-sporalyzer-a-tool-for)_._
    
8.  _Explore Web3 with full confidence guarded by_ [_Web3Antivirus security browser extension_](https://web3antivirus.io/) _&_ [_learn evm attacks_](https://github.com/coinspect/learn-evm-attacks)_! Consider_ [_auditing_](https://twitter.com/tpiliposian/status/1699387384075329718) _as part of a team._
    
9.  [_Try using obsidian.md for notes!_](https://github.com/WebBreacher/obsidian-osint-templates)_, set_ [_it up correctly_](https://github.com/thor314/obsidian-setup) _& check out_ [_Audit Quality_](https://github.com/audit-quality)_!_
    
10.  [_Check out_](https://officercia.mirror.xyz/DD3t4MB6J6GsRZlkqc8FSdW_4ZDa7pj6CAADzcGJiXo) **_R.xyz_** _(_[_link!_](https://r.xyz/)_) and apply for a closed beta (_[_here_](https://r.xyz/)_)!_
    
11.  _Follow my_ [_own blog_](https://officercia.mirror.xyz/) _&_ [_Hexens’ blog_](https://hexens.io/blog)_!_
    
12.  _This project was created to support_ [_Code4rena Bot Races with useful_](https://github.com/DadeKuma/bot-racer) _stats and tools. Read_ [_more_](https://twitter.com/0xtodorov/status/1650924881498742788) _about it_ [_here_](https://x.com/DadeKuma/status/1656199257454530562?s=20) _& try_ [_4naly3er_](https://github.com/Picodes/4naly3er)_!_
    
13.  [_Bot Racing: The Rise of Web3 Bots._](https://coinsbench.com/bot-racing-the-rise-of-web3-bots-3abda06cd448) _&_ [_Code4Rena Bot Racing explained_](https://www.youtube.com/watch?v=XVQLSeGTJ_M)_!_
    
14.  _Check out GasBad which is an open-source project that evaluates_ [_gas efficiency in Solidity_](https://github.com/ecivini/gas-bad) _libraries!_
    
15.  _Try out this tool — it scans constructor of_ [_solidity smart contract for checks_](https://github.com/elkaholic6/Solidity-constructor-analysis) _to zero address._
    
16.  [_DeFi Common Fork Bugs List_](https://github.com/YAcademy-Residents/defi-fork-bugs)_._
    
17.  _There was also an_ [_incredible tool_](https://github.com/lpinilla/Smart-Contract-Hash-Matcher)_, and I really like_ [_this idea_](https://twitter.com/zellic_io/status/1592660477502717952)_, since it is probably a_ [_logical continuation_](https://twitter.com/zellic_io/status/1592660477502717952) _of an_ [_old script_](https://github.com/lpinilla/Smart-Contract-Hash-Matcher) _and_ [_this service_](https://contract-diff.xyz/)_, but this is actually lot better than another simulator (_[_it_](https://twitter.com/zellic_io/status/1592660477502717952) _probably uses simulation like in_ [_this_](https://telegra.ph/A-Short-List-of-the-Rug-Checker-Tools-04-09) _list)._
    
18.  _Try using_ [_Semgrep rules for smart contracts_](https://github.com/Decurity/semgrep-smart-contracts) _based on DeFi exploits!_
    
19.  _Complete this_ [_set of tasks_](https://github.com/pessimistic-io/internship-tasks)_!_
    
20.  _Check out this curated_ [_list of web3Security materials and resources_](https://github.com/Anugrahsr/Awesome-web3-Security) _For Pentesters and Bug Hunters!_
    
21.  _Let’s break down such a concept as mind-mapping —_ [_study this list_](https://github.com/OffcierCia/non-typical-OSINT-guide#mind-mapping) _& check out_ [_AuditorsRoadmap_](https://github.com/razzorsec/AuditorsRoadmap) _mind-map!_
    
22.  [_Explorer Bookmark_](https://twitter.com/tpiliposian/status/1716760766223630790) _is a fantastic VS Code extension for all the_ **_code4rena_** _Wardens,_ **_Sherlockdefi_** _Watsons, and_ **_CodeHawks_** _Hawks out there. No more struggling to find contracts in_ [_scope among_](https://www.youtube.com/watch?v=BDtbTCuJoOM) _a sea of others._ [_With this extension_](https://twitter.com/tpiliposian/status/1716760766223630790)_, you can easily collect in one place and access all the contracts within the scope of your audit. Enjoy a more streamlined workflow!_
    
23.  _Also_ [_use the “Hide Comments”_](https://twitter.com/martinmarchev/status/1703396096070844508) **_VSCode_** _extension when_ [_auditing_](https://medium.com/coinmonks/solidity-for-dummies-736312af0dfe)_. It_ [_helps_](https://blockchainalpha.hashnode.dev/how-to-build-a-profitable-web3-auditing-business-for-solo-auditors-and-firms) _you cut through the noise, remain unbiased and focus on what the_ [_code_](https://medium.com/@numacodes/extrapolating-concepts-to-web3-coding-and-understanding-a-decentralized-bank-using-solidity-69797a771c47) _truly does! Study_ [_audits_](https://zuhaibmd.medium.com/audit-anomalies-archive-issue-6-b6ed431e82b7) _anomalies_ [_archive_](https://solodit.xyz/)_._
    
24.  _Use the “_[_Solidity Visual Developer_](https://x.com/cyberthirst/status/1690271146371866625?s=20)_” extension_ [_which comes with the_](https://twitter.com/realjohnnytime/status/1607705939104202752) **_@audit, @audit-info, @audit-ok, @audit-issue_** _to categorize your notes!_
    
25.  _Also Use_ [_Inline Bookmarks_](https://twitter.com/realjohnnytime/status/1668939507448573954) _VSCode Extension by ConsenSys Audits to organize all your audit comments & findings! Thoroughly document/explain each function using simple language to_ [_reason about_](https://twitter.com/bytes032/status/1626206977897496576) _it._ [_How To Learn Fast?_](https://degatchi.com/articles/how-to-learn-fast) _|_ [_How to make better decisions?_](https://twitter.com/chamath/status/1719887650688282786)
    

* * *

**Also Check Out** [**wiki.r.security**](https://wiki.r.security/wiki/Main_Page)**:**
=====================================================================================

![wiki.r.security/wiki/Main_Page](https://storage.googleapis.com/papyrus_images/050b4ac9da942d22afd522e0aed8922c75bdbf012fbb6ce34f8b7e7933d70089.webp)

wiki.r.security/wiki/Main\_Page

### **… and visit my own repo here:**

[

GitHub - OffcierCia/tips-solidity-code-auditors: Gaining the most elusive of tips. Add your input and let's collect them all!
-----------------------------------------------------------------------------------------------------------------------------

Gaining the most elusive of tips. Add your input and let's collect them all! - OffcierCia/tips-solidity-code-auditors

https://github.com

![](https://storage.googleapis.com/papyrus_images/1623a8ff17afe75925d43e2af3429d93afab4cee26a1b98f8b786ccbf8dc8bed.jpg)

](https://github.com/OffcierCia/tips-solidity-code-auditors?source=post_page-----d5f9796079c8--------------------------------)

The best thing is to support me directly by donating to my address on Ethereum Main-net or any of the compatible networks or to any address from the list below:

*   [**0xB25C5E8fA1E53eEb9bE3421C59F6A66B786ED77A**](https://etherscan.io/address/0xB25C5E8fA1E53eEb9bE3421C59F6A66B786ED77A) — ERC20 & ETH [officercia.eth](https://etherscan.io/enslookup-search?search=officercia.eth)
    
*   [**17Ydx9m7vrhnx4XjZPuGPMqrhw3sDviNTU**](https://blockchair.com/bitcoin/address/17Ydx9m7vrhnx4XjZPuGPMqrhw3sDviNTU) — BTC
    
*   **4AhpUrDtfVSWZMJcRMJkZoPwDSdVG6puYBE3ajQABQo6T533cVvx5vJRc5fX7sktJe67mXu1CcDmr7orn1CrGrqsT3ptfds** — Monero/XMR
    
*   You can also support me by minting one of my [Mirror articles NFTs](https://officercia.mirror.xyz/)!
    

### **Thank you! Stay safe!**

---

*Originally published on [Officer's Blog](https://paragraph.com/@officercia/25-tips-for-solidity-code-auditors)*