The recent release of ZIION 23.1, the first open-source, end-to-end, pre-compiled, multi-architecture, multi-protocol blockchain security testing and development solution, has been a big hit. The ZIION VM contains over 100 tools, utilities, dependencies, and packages to begin working with Solidity/EVM and Rust-based blockchains like Ethereum, Bitcoin, Solana, Polygon, and many more. .
In this blog, we’ll do a deep dive into the five families of tools developers can use within ZIION and learn how they work, and what their uses are.
These protocol-specific tools make blockchain development easy as they provide pre-built and easy-to-use environments.
a) Near-CLI: Contains general-purpose command line tools for interacting with NEAR Protocol.
Commands: near -h
b) Polkadot: Provides a local Polkadot-JS Node to start Polkadot development.
Command: polkadot -h
c) Polygon-CLI: Known as the Swiss Army knife of blockchain tools.
Commands: polycli -h
d) Solana-CLI: Provides a Solana Command-line interface to interact with a Solana cluster.
Commands: solana -h
e) Substrate Node Template: A new FRAME-based substrate node ready for hacking.
Such tools are specific to Ethereum and provide a ready-to-develop environment for Ethereum-based projects.
a) Foundry: A blazingly fast, portable, and modular toolkit for Ethereum application development written in Rust.
Command:cast -h or forge -h
b) Brownie: A Python-based development and testing framework for smart contracts targeting the Ethereum Virtual Machine.
Commands: brownie -h
c) Ganache: A tool for creating a local blockchain for fast Ethereum development.
Commands: ganache --help
d) Geth (Go-Ethereum): Officially provides Go implementation of the Ethereum protocol.
Commands: geth -h
e) Truffle: A development environment, testing framework, and asset pipeline for Ethereum, aiming to make life as an Ethereum developer easier.
Commands: truffle -h
This family of tools can help you with checking errors in the Go programs and doing static code analysis.
a) Nancy: A tool to check for vulnerabilities in your Golang dependencies, powered by Sonatype OSS Index.
Commands: nancy -h
b) StaticCheck: A state-of-the-art linter for the Go programming language.
Commands: staticcheck -h
c) GoSec: Inspects source code for security problems by scanning the Go AST.
Commands: gosec -h
d) Go-Geiger: A static code analysis tool to find unsafe usages in Go packages and their dependencies.
e) Delve: A debugger for the Go programming language.
Commands: dlv -h
The Rust language is widely used for some renowned blockchains like Solana and also to write smart contracts using CosmWasm.
a) Cargo-Audit: This tool helps in auditing Cargo.lock files for crates with security vulnerabilities reported to the RustSec Advisory Database.
Commands: cargo audit -h
b) Cargo-Geiger: Detects usage of unsafe Rust in a Rust crate and its dependencies.
Commands: cargo geiger -h
c) LLVM-Cov: A Cargo subcommand to easily use LLVM source-based code coverage (-C instrument-coverage).
Commands: cargo llvm-cov -h
d) Cargo-Expand: A subcommand to show the result of macro expansion.
Commands: cargo expand -h
e) Siderophile: Finds the “most unsafe” functions in your Rust codebase, so you can fuzz them or refactor them out entirely.
Commands: siderophile -h
VSCodium is an IDE (or Integrated Developer Environment) that is widely used in blockchain development and its extensions are helpful in manual code review.
a) Rust-Analyzer: A modular compiler frontend for the Rust language.
b) Anchor: This VSCode extension is useful in Solana's Sealevel runtime Framework.
c) Flowistry: An IDE plugin for Rust that helps you focus on relevant code.
d) Bookmarks: Helps you to navigate in your code, moving between important positions easily and quickly.
e) Solidity: A VSCodium language support extension for Solidity smart contracts in Ethereum.
These five families of tools are part of the most famous ones that a blockchain developer or a security auditor must have in their arsenal. But there are many more unexplored tools and some hidden gems in ZIION VM that one can use.
To check out all the 100+ tools, packages, and dependencies, download ZIION today and start your career in blockchain development and security auditing.