Partnerships

Solidify Your XDC Smart Contracts with SolidityScan!

The article extends a warm invitation to all BUILDLers, encouraging them to protect their SmartContracts when deploying them on the XDC network. It also offers an opportunity to explore the various functionalities and features of SolidityScan.

SolidityScan, with its user base of over 4500 developers, is a leading global platform that priorities developers and offers a comprehensive self-auditing solution. With its robust detection capabilities, it identifies more than 131 vulnerabilities, positioning itself as the most powerful platform in the current market. In 2023, we expanded our reach both vertically and horizontally, adopting new practices and establishing synergies with protocols in the B2B space. By integrating SolidityScan into various components such as Chains, Dexes, Bridges, and Swaps, we provide an additional layer of security for these use cases, ensuring the deployment of secure blockchain ecosystems.

Scanning a Verified Smart Contract deployed on XDC?

To scan a verified smart contract on the XDC network, follow these steps:

  1. Log in to your SolidityScan console.
  2. On the home page, select the chain (XDC) and network (Mainnet), and click on “Start Scan”

Conducting a scan on a verified smart contract directly through a supported Block Explorer

  • SolidityScan is a platform that supports multiple blockchain platforms like XDC, Ethereum, Binance, Avalanche, Polygon, etc.
  • To scan a verified contract using SolidityScan, you need to obtain the contract’s verified address from a blockchain Explorer like Etherscan.
  • Copy the verified contract’s address and paste it into the input field for the contract address on SolidityScan.
  • Select the blockchain platform and the specific chain where the contract has been deployed.
  • Click on “Start Scan” to initiate the scanning process and ensure the security of the contract on the web.

Scanning a GitHub Project – Public Repository

  • SolidityScan is a tool used to scan GitHub repositories for Solidity projects.
  • To scan a GitHub project using SolidityScan, enter the project name and the repository link without typos.
  • Specify if the GitHub repository is public or private.
  • In the second step, select the branch of the repository to scan and choose the specific files to include in the scan (e.g., contract and test folders).
  • Configure settings to trigger automatic scans via Git actions for each new commit pushed to the repository.

Scanning a GitHub Project – Private Repository

  1. Integrating GitHub:
    • SolidityScan offers support for scanning both Public and Private GitHub repositories, providing additional functionalities such as the ability to rescan projects whenever necessary.
    • To connect the accounts, users need to log into their SolidityScan account and navigate to the ‘Integration’ section on the left pane.
    • Users can select the GitHub account they want to connect to and choose the repositories they want SolidityScan to have access to.
    • After installing the application, and authorizing the integration, the GitHub account will be connected to SolidityScan.
  1. Enable GitHub Actions for continuous security scanning:
    • SolidityScan is a platform that helps facilitate continuous security for projects using GitHub actions.
    • In the video, they demonstrate how to update the files to be scanned in future scans by selecting the desired files, such as migration and test files.
    • The update process is done by clicking on the “Custom Settings” button and then the “Update” button after selecting the files.
    • GitHub actions can be enabled or disabled to automatically scan files whenever a new commit is pushed to the selected Git branch.
    • The video below details the step-by-step procedure to enable GitHub actions on your projects.

Navigating through Vulnerability results after conducting a successful scan

Please note that the video below will guide you in identifying vulnerabilities and comprehending the nomenclature. Whether it’s a deployed contract or a GitHub project, the scanning process will remain consistent.

  • Users can access detailed scan results and filter vulnerabilities based on severity, confidence, and other parameters.
  • The code view feature allows users to pinpoint the exact location of vulnerabilities in their code.
  • Additionally, users can flag vulnerabilities by selecting apply the appropriate option, such as “Won’t Fix” or “False Positive.”
  • Marking bugs as False positives automatically updates the scan score, reflecting the exclusion of those bugs.

Generate, Customize, and Publish an Audit report

  • SolidityScan allows users to generate a security audit report for their projects.
  • Users can generate an audit report by clicking on the “Generate Report” button after successfully scanning their project.
  • The generated report initially appears in private mode, which restricts public sharing. Users can review their private reports and customize them accordingly before making them publicly available.
  • To share the report, users must submit a form with their name, email, website, and organization details. NOTE: Personal details are an optional field.
  • The published report goes through a review and approval process by the SolidityScan team. Once approved, users can copy the link or download the report as a PDF.

Conducting a Threat/Rug-pull scan using SolidityScan

NOTE: SolidityScan ThreatScan is a rug pull detector that parses the underlying smart contract code associated with a token and provides a detailed ThreatSummary explaining in layman’s terms the various admin privileges associated with a token, ultimately helping users to make better decisions. SolidityScan ThreatScan is a free tool that can be used by everyone exploring the Web3 space.

  1. Navigate to https://solidityscan.com/quickscan
  2. Select XDC from the ‘Contract Platform’ section and select Mainnet or Testnet.
  3. Click on ‘Start Scan’ to initiate your scan, your results should be ready in less than a minute.
  4. Navigate to the results on the same page to gain insights into the potential red flags associated with the Smart Contract.

To stay updated about our latest partnerships follow us on Twitter and LinkedIn and join our Discord community

Start Securing your contracts today

Have more questions? Talk to our team and get a demo now.

Leave a Reply

Your email address will not be published. Required fields are marked *