Builder-Tools

What is it? Solodit is an open-source, community-driven platform dedicated to improving web3 security. It aggregates over 8,000 smart contract vulnerability reports, bug bounty opportunities, and security audits from top firms like Cyfrin, OpenZeppelin and Trail of Bits, alongside contributions from individual researchers. Solodit not only aggregates this information but also makes it actionable, equipping developers and auditors with tools to prevent exploits and enhance the safety of dapps. Why is it needed? The web3 ecosystem is plagued by billions of dollars in losses due to security breaches in smart contracts and protocols. Despite the availability of security knowledge, it is fragmented across various platforms and reports, making it inaccessible to most developers and security teams. There are several problems that Solodit solves: Knowledge Gap: Many teams deploy smart contracts without understanding past vulnerabilities, leading to repeat incidents. Inefficiencies: Developers and auditors spend valuable time searching disparate sources for security insights. Economic Impact: Preventable exploits undermine trust in web3, stalling adoption and investment. By aggregating and structuring security data, Solodit enables proactive vulnerability management and risk mitigation in the Web3 ecosystem. How is it unique? Comprehensive Coverage: Aggregates findings from leading auditors and platforms, offering unmatched insights into vulnerabilities and bug bounties. Actionable Insights: Goes beyond archiving reports by providing advanced search tools and tagging systems to contextualise risks and solutions. Community-Driven Enhancements: Facilitates collaboration via ratings, tagging, and leaderboards that recognise top contributors, fostering a thriving security community. Educational Resource: This site serves as a learning hub for developers and auditors, providing real-world case studies on blockchain security. Solodit is a multipurpose tool designed to: Mitigate Risk: Helps developers avoid known vulnerabilities, reducing the likelihood of exploits. Promote Proactive Security: Enables protocols to adopt preventive measures by studying historical vulnerabilities. Streamline Bug Bounties: Simplifies participation in bounty programs, encouraging more ethical hackers to contribute to ecosystem security. Foster Skill Development: Supports auditors in honing their skills and staying updated on emerging threats. Support Decision-Making: Assists protocols in evaluating auditors via its leaderboard, promoting accountability and quality audits. Who is it for? Developers: Seeking to secure their smart contracts and understand vulnerability trends. Auditors: Looking to access a comprehensive repository of findings and showcase their expertise. Whitehat Hackers: Interested in participating in bug bounty programs and contributing to web3 security. Protocol P&E teams: Aiming to assess risks and prevent costly exploits. Educators and Researchers: Teaching or studying blockchain security with real-world examples, e.g. Cyfrin Updraft. Still to come: UI/UX redesign Power Aderyn, static analysis support

web3.py is the open source library that connects Python developers to Ethereum. The same team maintains more than a dozen additional building blocks including py-evm, eth-account, and eth-utils.

Rundler (Rust Bundler) is an ERC-4337 bundler implementation written in Rust. Rundler is designed to achieve high-performance and high-reliability in cloud deployments via a modular architecture. Currently, both Alchemy and Coinbase’s Base team use Rundler. It powers >70% of UOs in the Ethereum ecosystem and a vast majority of UOs in the Superchain. Rundler is OSS licensed with GPL. Rundler powers the ERC-4337 ecosystem with an implementation that users can rely on to scale reliably. Rundler open source code repo has 300+ stars, more than 50 forks. Our goals with Rundler: ERC-4337 Specification Compliance: Rundler strives to implement the full ERC-4337 specification and to maintain support as the specification changes and new onchain components are released. This includes new Entry Point contract support, support for the upcoming P2P mempool specification, support for alternative mempools, and more. Best-in-class Performance and Reliability: Rundler strives to power the most demanding workloads in cloud environments. Rust was chosen for its high performance and memory safety. Rundler's modular architecture lets providers choose to run the stateless components (RPC, builder) in a fully horizontally scalable manner connecting to the stateful components (mempool, p2p, event cache) via the network. Rundler's bundle builder is designed to be able to support the full gas throughput of the network it's building for. Extensibility/Chain Support: ERC-4337 is designed to support any EVM chain. However, different EVM supporting networks have different rules around how to support things like gas usage, gas fees, precompiles, etc. Rundler is designed to be extensible and easily adapted to support any EVM chain. Modularity: Rundler is written in a modular manner, allowing its components to be run as a single integrated binary, or as a distributed system. Rundler also strives for its individual crates to be used to support future ERC-4337 tooling. In RPGF Round 3, Alchemy was awarded a total of 74,534 $OP across Rundler, Light Account, ERC-6900, aa-sdk, and various informational pieces put out to the public domain to further adoption of smart accounts in the Superchain.