Rustle: the First Automatic Auditor for NEAR Community

BlockSec
2 min readNov 1, 2022

--

We are thrilled to release Rustle: the first automatic auditor offered by BlockSec for NEAR community.

Rustle has several great features:

  • Rustle can currently detect 20+ types of issues in the NEAR contract. See the section Detectors for the full detector list.
  • Rustle is easy to use. We provide thorough installation commands and tutorials. Furthermore, we also prepare a docker for users for quick start.
  • Rustle is rather swift, most of the NEAR contracts can be analyzed within 3 minutes.
  • Rustle is user-friendly with reports in both CSV and JSON format. We also provide a script to help you import the result to Notion.

Detectors

All vulnerabilities Rustle can detect. The detail documentation can be found here.

How to use

We utilize Rustle to analyze a popular NEAR contract (i.e., LiNEAR). Commands have been tested in Ubuntu 20.04 LTS.

1. Follow the installation manual on the GitHub page. If you want to use docker, skip this and go to the docker manual.

2. Prepare the NEAR contract for Rustle to analyze.

git clone https://github.com/linear-protocol/LiNEAR.git ~/near-repo/LiNEAR

3. Start analysis by running ./rustle

./rustle -t ~/near-repo/LiNEAR ~/near-repo/LiNEAR/contracts/linear

4. Check the report at audit-result/summary.csv

5. You can specify which detectors or severity groups to use.

./rustle -h for details.

Example:

./rustle -t ~/near-repo/LiNEAR ~/near-repo/LiNEAR/contracts/linear -d high,medium,complex-loop

One more thing

Rustle can be used in the development process to scan the NEAR smart contracts iteratively. This can save a lot of manual effort and mitigate part of potential issues. However, vulnerabilities in complex logic or related to semantics are still the limitation of Rustle. Locating complicated semantic issues requires the experts in BlockSec to conduct exhaustive and thorough reviews. Contact us for audit service.

Issues and PRs are also welcomed.

About Us

The BlockSec is dedicated to building blockchain security infrastructure. The team is founded by top-notch security researchers and experienced experts from both academia and industry.

Learn more about BlockSec:

Twitter: https://twitter.com/BlockSecTeam

--

--

BlockSec

The BlockSec focuses on the security of the blockchain ecosystem and the research of DeFi attack monitoring and blocking. https://blocksec.com