Static Analysis and Dynamic Analysis

Static analysis and dynamic analysis are two automated testing methods for evaluating the security quality of smart contracts. However, both techniques use different methods to find flaws in contract code.

Static Analysis

Static analysis examines the source code or bytecode of a smart contract before execution. This means you can debug contract code without actually running the program. Static analyzers can detect common vulnerabilities in HAH smart contracts and help adhere to best practices.

Dynamic Analysis

Dynamic analysis techniques require the execution of smart contracts in a runtime environment to identify issues in the code. Dynamic code analyzers observe contract behavior during execution and generate detailed reports of identified vulnerabilities and property violations. Fuzzing is an example of a dynamic analysis technique used to test contracts. During fuzzing, a fuzzer feeds malformed and invalid data to your smart contract and monitors how the contract responds to these inputs.

Like any program, smart contracts rely on user-supplied input to perform functions. Also, while we assume the user will provide the correct input, this isn't always the case.

In some cases, sending incorrect input values to a smart contract can lead to resource leaks, crashes, or worse, unexpected code execution. Fuzzing campaigns identify such issues upfront, allowing you to eliminate vulnerabilities.