
Bug Hunting in Smart Contracts with Crytic - galapago
https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/
======
woodruffw
(FD: My company's blog).

I don't work in cryptocurrency and so maybe my perspective is flawed, but I am
_continually_ astounded by prevalence of low-hanging fruit in what _ought_ to
be an incredibly simple execution space.

As an outsider looking in, it feels like the cryptocurrency community has been
given an _ideal_ environment for static analysis and formal verification and
_still_ manages to produce grossly vulnerable and/or unreliable contracts.

------
craze3
Would've been helpful if they mentioned what kind of smart contracts they
support at the very top of the article. I had to dive in to find out they're
talking about Solidity

------
mesozoic
Seems useful for testing public contracts. Bug hunters can get paid using the
tool testing the contracts out in the wild and making money directly when they
find bugs.

