Request an Audit

Static and Dynamic Analysis

The core of the OXAudit Solidity Framework involves two types of analysis: static and dynamic. Each type addresses specific aspects of contract security and performance.

  • Static Analysis

    • Definition: Static analysis examines the code without executing it. This approach allows for a detailed inspection of the contract’s structure, syntax, and logic to identify potential security risks and inefficiencies.

    • Focus Areas:

      • Code Quality and Standards: Ensures the contract adheres to Solidity best practices and is written in a clear, maintainable style.

      • Common Vulnerabilities: Identifies known security risks such as reentrancy attacks, overflow/underflow errors, access control issues, and more.

      • Gas Optimization Opportunities: Highlights areas where gas costs can be reduced, such as by simplifying loops or minimizing storage usage.

    • Tools and Techniques: Automated tools like static analyzers, pattern checkers, and code quality checkers are used to expedite the process.

    • Outcome: A preliminary report that outlines coding issues, security risks, and gas inefficiencies found in the contract. This initial analysis serves as the foundation for deeper exploration in the dynamic phase.

  • Dynamic Analysis

    • Definition: Dynamic analysis tests the contract by executing it in a controlled, simulated environment. This method identifies runtime issues that may not be apparent from static analysis alone.

    • Focus Areas:

      • Runtime Behavior: Ensures the contract operates correctly under different scenarios, testing its ability to handle unexpected inputs and large transaction volumes.

      • Logic and Functionality Testing: Verifies that core functions work as intended and that there are no exploitable loopholes or logic errors.

      • Stress Testing: Simulates high transaction loads to assess performance under stress and check for potential bottlenecks or failures.

    • Tools and Techniques: Simulation environments and automated testing frameworks allow the team to observe the contract’s behavior under controlled conditions, uncovering issues related to execution flow and performance.

    • Outcome: A comprehensive view of how the contract functions in real-world scenarios, highlighting any runtime vulnerabilities, logical inconsistencies, or performance bottlenecks.

PreviousOverview of the Analytics FrameworkNextReport Generation and Interpretation

Last updated

#59:

Change request updated