Rustle: the First Automatic Auditor for NEAR Community

We are thrilled to release Rustle: the first automatic auditor offered by BlockSec for NEAR community.

Rustle has several great features:

  • Rustle can currently detect 20+ types of issues in the NEAR contract. See the section Detectors for the full detector list.

Detectors

All vulnerabilities Rustle can detect. The detail documentation can be found here.

How to use

We utilize Rustle to analyze a popular NEAR contract (i.e., LiNEAR). Commands have been tested in Ubuntu 20.04 LTS.

1. Follow the installation manual on the GitHub page. If you want to use docker, skip this and go to the docker manual.

2. Prepare the NEAR contract for Rustle to analyze.

git clone https://github.com/linear-protocol/LiNEAR.git ~/near-repo/LiNEAR

3. Start analysis by running ./rustle

./rustle -t ~/near-repo/LiNEAR ~/near-repo/LiNEAR/contracts/linear

4. Check the report at audit-result/summary.csv

5. You can specify which detectors or severity groups to use.

./rustle -h for details.

Example:

./rustle -t ~/near-repo/LiNEAR ~/near-repo/LiNEAR/contracts/linear -d high,medium,complex-loop

One more thing

Rustle can be used in the development process to scan the NEAR smart contracts iteratively. This can save a lot of manual effort and mitigate part of potential issues. However, vulnerabilities in complex logic or related to semantics are still the limitation of Rustle. Locating complicated semantic issues requires the experts in BlockSec to conduct exhaustive and thorough reviews. Contact us for audit service.

Issues and PRs are also welcomed.

About Us

The BlockSec is dedicated to building blockchain security infrastructure. The team is founded by top-notch security researchers and experienced experts from both academia and industry.

Learn more about BlockSec:

Twitter: https://twitter.com/BlockSecTeam

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
BlockSec

The BlockSec Team focuses on the security of the blockchain ecosystem and the research of crypto hack monitoring and blocking, smart contract auditing.