This is the material for the Avalanche Summit Worskhop conducted by Federico Pinho, Head of Products and Operations at CoinFabrik Research.
We presented SolidityQL, a key component of the CyScout automated cybersecurity toolsuite for blockchain, that leverages Github's CodeQL static analysis framework capabilities for the Solidity language.
Run the install script to get everything you need ready to go. The script will generate a folder for the workshop and clone and setup all necessary dependencies, including the CyScout official repo.
Afterwards, install the CodeQL extension for Visual Studio Code.
To generate test databases, run
cd avalanche_workshop/codeql/solidity/solidity-test/
bash create-dbs.shThen, use the CodeQL extension to select a database and a query to run.
CoinFabrik is a research and development company specialized in Web3, with a strong background in cybersecurity. Founded in 2014, we have worked on over 500 decentralization projects, including EVM-based and other platforms like Solana, Algorand, and Polkadot. Beyond development, we offer security audits through a dedicated in-house team of senior cybersecurity professionals, working on code in languages such as Substrate, Solidity, Clarity, Rust, TEAL, and Stellar Soroban.
Our team has an academic background in computer science, software engineering, and mathematics, with accomplishments including academic publications, patents turned into products, and conference presentations. We actively research in collaboration with universities worldwide, such as Cornell, UCLA, and École Polytechnique in Paris, and maintain an ongoing collaboration on knowledge transfer and open-source projects with the University of Buenos Aires, Argentina. Our management and people experience team has extensive expertise in the field.