Rustle has several great features:
- Rustle can currently detect 20+ types of issues in the NEAR contract. See the section Detectors for the full detector list.
- Rustle is easy to use. We provide thorough installation commands and tutorials. Furthermore, we also prepare a docker for users for quick start.
- Rustle is rather swift, most of the NEAR contracts can be analyzed within 3 minutes.
- Rustle is user-friendly with reports in both CSV and JSON format. We also provide a script to help you import the result to Notion.
All vulnerabilities Rustle can detect. The detail documentation can be found here.
How to use
We utilize Rustle to analyze a popular NEAR contract (i.e., LiNEAR). Commands have been tested in Ubuntu 20.04 LTS.
2. Prepare the NEAR contract for Rustle to analyze.
git clone https://github.com/linear-protocol/LiNEAR.git ~/near-repo/LiNEAR
3. Start analysis by running
./rustle -t ~/near-repo/LiNEAR ~/near-repo/LiNEAR/contracts/linear
4. Check the report at
5. You can specify which detectors or severity groups to use.
./rustle -h for details.
./rustle -t ~/near-repo/LiNEAR ~/near-repo/LiNEAR/contracts/linear -d high,medium,complex-loop
One more thing
Rustle can be used in the development process to scan the NEAR smart contracts iteratively. This can save a lot of manual effort and mitigate part of potential issues. However, vulnerabilities in complex logic or related to semantics are still the limitation of Rustle. Locating complicated semantic issues requires the experts in BlockSec to conduct exhaustive and thorough reviews. Contact us for audit service.
The BlockSec is dedicated to building blockchain security infrastructure. The team is founded by top-notch security researchers and experienced experts from both academia and industry.
Learn more about BlockSec: