TestMachine,针对智能合约的攻击模拟工具,能够报告可利用的漏洞。
嗨,HN,
我们开发了TestMachine,因为我们看到许多团队在充满理论漏洞的AI报告中挣扎,这些漏洞从未得到修复,因为没有人知道哪些漏洞实际上是重要的。
我们开发了两个工具。Azimuth针对您的智能合约进行真实的攻击模拟,仅在攻击实际成功时才会显示漏洞。再也不必在虚假警报中苦苦挣扎。Token Custody在上线后持续监控链上代币的行为,并在风险状况发生变化时提醒您——这很有用,因为代币在部署后几天或几周内的行为往往会有所不同,尤其是在升级或集成启动时。
有趣的技术部分是,我们在一个分叉链环境中使用强化学习执行模拟,因此我们可以针对您的合约重放真实世界的状态,而不是进行静态分析的猜测。
Coinbase和许多审计机构都在使用它。欢迎对我们的做法提出问题。也希望听到任何从事智能合约安全工作的人的反馈。或者去看看(我们刚刚添加了免费试用)。
查看原文
Hey HN,<p>We built TestMachine after watching teams drown in AI reports full of theoretical vulnerabilities that never get fixed because nobody knows which ones actually matter.<p>We built two tools. Azimuth runs real attack simulations against your smart contracts and only surfaces vulnerabilities where the attack actually succeeds. No more triage hell on False Positives. Token Custody watches on-chain token behavior continuously after launch and alerts you when risk profiles shift — useful because tokens often behave differently days or weeks post-deploy when upgrades or integrations kick in.<p>The interesting technical piece is that we execute simulations using reinforcement learning in a forked chain environment, so we can replay real-world state against your contracts rather than running static analysis guesses.<p>Coinbase and many auditors use it. Happy to answer questions about the approach. Would love feedback from anyone doing smart contract security. Or go check it out (we just added a free trial)