Aderyn is an open-source, public-good developer tool. It is a Rust-based solidity smart contract static analyzer designed to help protocol engineers and security researchers find vulnerabilities in Solidity code bases.

Aderyn integrates seamlessly into small and enterprise-level development workflows. It offers lightning-fast, command-line, static analysis functionality and a framework for building custom detectors that adapt to any Solidity codebase.

Aderyn does three things really well:‍‍‍

• Identify Solidity Smart contract vulnerabilities: Cyfrin Aderyn quickly identifies potential vulnerabilities in Solidity code and highlights parts of the codebase for further investigation.

• Supports building custom detectors to suit your needs: Protocols and security researchers can use the Cyfrin Aderyn framework to build custom vulnerability detectors for any Solidity codebase.

• Identify known issues and protect your value: Competitive auditing platforms can use Cyfrin Aderyn to detect and filter out known issues inside protocol codebases, protecting customers' and auditors' time and value.

Who is it for?

1. Developers

As a new generation of developers enters the space, we (the security community) are responsible for using our knowledge and experience to create tools that facilitate secure development practices. We need to make it easy to avoid repeating past mistakes.

From a developer's perspective, the cost of finding bugs in Solidity code is exorbitantly high. Engaging top-tier security firms like Cyfrin Private Audits or competitive audit platforms like CodeHawks requires serious cash. That's because the security knowledge required to stamp out bugs is pooled among security firms and competitive auditors, who are in demand.

We must drive the cost of finding bugs, especially the common and known ones, towards zero by creating tools that make development secure by nature.

Aderyn is built for lightning-fast, open-source static analysis that hooks into the existing development workflow.

2. Security Researchers

Security Researchers are the knowledge guardians of the on-chain world. They are the people you engage with when you're undergoing an audit. Many auditors start every audit with a long checklist. They read through the codebase, ensuring the code doesn't violate any items on their list. If it does, it's an issue for the report. Once they've finished with this list, they get creative and try out other techniques.

Aderyn's detector framework enables Security Researchers to encode the patterns they look for in their checklist into Aderyn detectors. By doing this, the research community can focus on the deeper, more complex bugs, knowing that tooling has uncovered the repetitive checklist of issues so they don't have to.

Developers write more secure code before they engage Security Researchers, and when they do, the Researchers can spend more time on complex bugs instead of manually checking for easy fixes.

What makes Aderyn unique vs similar tools?

• Speed: Real-time feedback as you’re coding with the upcoming vscode extension.

• Cutting-edge detectors: The detectors are built from the latest findings from external and in-house auditors. This means developers can harness the power of an audit team at their fingertips for free!

• “Auditor Mode”: Helps auditors find specific areas and concepts within a codebase to dig further. For example, “Show me all of the instances in which this storage slot is altered”.

• Open-source: This tool is completely open-source and will be free for all developers in perpetuity. Cyfrin does not make money directly from it.

Who are Cyfrin:

Cyfrin is the industry-leading smart contract education and security company. Home to 8,000 security researchers and a community of over 100,000 students and smart contract engineers, we provide audits, tools, and education to the world's biggest decentralized protocols, institutions, and products.

This project refers specifically to Cyfrin's developer tool, Aderyn.