23 - Static analysis
Static analysis is a technique of analyzing program properties without actually executing the program.
- This is in contrast to software testing where programs are actually executed/run with different inputs
- For smart contracts, static analysis can be performed on the Solidity code or on the EVM bytecode. Slither performs static analysis at the Solidity level while Mythril analyzes EVM bytecode.
- Static analysis typically is a combination of control flow and data flow analyses
- W/O Program Execution
- Solidity/EVM
- Control+Data Flow
- E.g.: Slither, Maru