There are a number of different vulnerability scanners for smart contracts. Below are some general instructions for performing scans using some of the more popular open-source scanning tools.

Slither

Slither is a static analyzer for Solidity source code. It detects vulnerable Solidity code with low false positives.

GitHub - crytic/slither: Static Analyzer for Solidity

Upgrade/Install Slither

sudo pip3 install slither-analyzer --upgrade

Install Solidity Compiler (solc)

sudo add-apt-repository ppa:ethereum/ethereum
sudo apt-get update
sudo apt-get install solc

Run a full scan with Slither against a directory/project

slither .

Scan an individual Solidity file

slither Faucet.sol

<aside> 💡 You may need to change your global Solidity compiler version. This can be done with the following commands:

</aside>

#install solc-select
sudo pip3 install solc-select

#see what solc versions are installed
solc-select versions

#install the correct version
solc-select install 0.6.4

#set the correct version for compilation
solc-select use 0.6.4

Untitled

You can also use Slither to create graphic representations of function calls

slither SmartContract.sol --print call-graph
dot SmartContract.sol.ERC20.call-graph.dot -Tpng -o SmartContract1.png

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/ea291591-99b8-48cd-a17b-e9529da4aa8f/Untitled.png

Mythril

Mythril is a symbolic execution scanner for Solidity files that detects a variety of security vulnerabilities.