BlockSec Launches Automatic Auditor on NEAR Network
Blockchain Security firm BlockSec has launched the first automatic auditor on the NEAR Network. The Automatic Auditor, called “Rustle’ was announced on November 1, 2022. According to the announcement, Rustle can assist in locating numerous weaknesses in smart contracts on the NEAR network, thereby increasing the level of security in the NEAR Ecosystem.
According to Defilama, BlockSec is currently auditing 8 out of the top 10 DApps on the NEAR Network, and the functionalities of Rustle is due to what they have learned so far. Rustle is Open source and can be implemented by developers, quality controllers, and the general NEAR Community.
In the announcement, BlockSec highlighted four major features of Rustle;
- Currently, the auditor can detect 20+ issues and vulnerabilities in the NEAR Network Contracts.
- It is easy to use; BlockSec provides thorough installation commands and tutorials, preparing a docker for users for a quick start.
- It is fast and quick; according to the statement, it can analyze most of the NEAR Contracts in about 3 minutes.
- It is user-friendly and gives reports in both CSV and JSON Formats. It also features a script to help users import the result on Notion.
1/ We are thrilled to release Rustle (https://t.co/C0R7ILNsG7), the first automatic auditor for @NEARProtocol community. @PagodaPlatform @proximityfihttps://t.co/qEzDSAaxRZ pic.twitter.com/YjSSepBmQH
— BlockSec (@BlockSecTeam) November 1, 2022
Below are a few of the weaknesses Rustle can detect. The complete and detailed list can be found here.
How to use Rustle
According to the statement, Rustle has been utilized to analyze LiNEAR, a popular NEAR Contract, and commands have been tested on Ubuntu 20.04 LTS.
- You should follow the instruction manual on Rustle’s Github page; If you want to use a docker, you should skip this and follow the docker manual.
- Prepare the NEAR Contract for Rustle to Analyse
3. Start analyzing by running ./rustle
4. Check the report at audit -result/summary.csv
5. You can specify which detectors and severity groups you want to use ./rustle -h for details.
Rustle can be used In the development process to scan the BNEAR contract iteratively. This would save a lot of manual effort and also mitigate part of the potential issues. However, complications with semantics and vulnerabilities with complex logic still pose a challenge for Rustle, as locating such semantic issues requires the experts of BlockSec to conduct detailed and thorough reviews.
BlockSec is a Blockchain Secyuorty firm that aims to build quality Blockchain security infrastructure, build Smart Contract Audit Systems, and monitor and prevent attacks.