🎉 Security considerations new format (#248)

* Security considerations updated

* Update format check

---------

Co-authored-by: Omar U. Espejel <espejelomar@gmail.com>

Author: devnet0x

src/SUMMARY.md

@@ -29,6 +29,11 @@
   - [Starknet-py: Python SDK 🚧](ch02-11-starknet-py.md)
   - [Starknet-rs: Rust SDK 🚧](ch02-12-starknet-rs.md)
   - [Foundry Forge: Testing](ch02-13-foundry-forge.md)
+  - [Security Tools](ch02-13-security-tools.md)
+    - [Cairo-fuzzer](ch02-13-01-cairo-fuzzer.md)
+    - [Caracal](ch02-13-02-caracal.md)
+    - [Thoth](ch02-13-03-thoth.md)
+    - [Security Considerations](ch02-13-04-security-considerations.md)
 
 ## Architecture
 

src/ch02-13-01-cairo-fuzzer.md

@@ -0,0 +1,45 @@
+# Cairo-fuzzer
+
+[Cairo-fuzzer](https://github.com/FuzzingLabs/cairo-fuzzer) is a tool designed for smart contract developers to test the security. It can be used as an independent tool or as a library.
+
+## Features:
+
+<img alt="cairo-fuzzer" src="img/ch02-13-cairo-fuzzer.png" class="center" style="width: 75%;" />
+
+- Run Cairo contract
+- Run Starknet contract
+- Replayer of fuzzing corpus
+- Minimizer of fuzzing corpus
+- Load old corpus
+- Handle multiple arguments
+- Workspace architecture
+- Import dictionnary
+- Use Cairo-fuzzer as a library
+
+## Usage:
+
+```bash
+cargo run --release -- --cores 3 --contract tests/fuzzinglabs.json --function "Fuzz_symbolic_execution"
+
+For more usage information, follow our tutorial
+CMDLINE (--help):
+
+Usage: cairo-fuzzer [OPTIONS]
+
+Options:
+      --cores <CORES>              Set the number of threads to run [default: 1]
+      --contract <CONTRACT>        Set the path of the JSON artifact to load [default: ]
+      --function <FUNCTION>        Set the function to fuzz [default: ]
+      --workspace <WORKSPACE>      Workspace of the fuzzer [default: fuzzer_workspace]
+      --inputfolder <INPUTFOLDER>  Path to the inputs folder to load [default: ]
+      --crashfolder <CRASHFOLDER>  Path to the crashes folder to load [default: ]
+      --inputfile <INPUTFILE>      Path to the inputs file to load [default: ]
+      --crashfile <CRASHFILE>      Path to the crashes file to load [default: ]
+      --logs                       Enable fuzzer logs in file
+      --seed <SEED>                Set a custom seed (only applicable for 1 core run)
+      --run-time <RUN_TIME>        Number of seconds this fuzzing session will last
+      --config <CONFIG>            Load config file
+      --replay                     Replay the corpus folder
+      --minimizer                  Minimize Corpora
+  -h, --help                       Print help information
+```

src/ch02-13-02-caracal.md

@@ -0,0 +1,33 @@
+# Caracal
+
+[Caracal](https://github.com/crytic/caracal) is a static analyzer tool over the SIERRA representation for Starknet smart contracts.
+
+## Features
+
+- Detectors to detect vulnerable Cairo code
+- Printers to report information
+- Taint analysis
+- Data flow analysis framework
+- Easy to run in Scarb projects
+
+## Installation
+
+Precompiled binaries
+
+Precompiled binaries are available on our releases page. If you are using Cairo compiler 1.x.x uses the binary v0.1.x otherwise if you are using the Cairo compiler 2.x.x uses v0.2.x.
+
+### Building from source
+
+You need the Rust compiler and Cargo. Building from git:
+
+```bash
+cargo install --git https://github.com/crytic/caracal --profile release --force
+```
+
+### Building from a local copy:
+
+```bash
+git clone https://github.com/crytic/caracal
+cd caracal
+cargo install --path . --profile release --force
+```

src/ch02-13-03-thoth.md

@@ -0,0 +1,28 @@
+# Thoth
+
+[Thoth](https://github.com/FuzzingLabs/thoth) (pronounced "taut" or "toss") is a Cairo/Starknet security toolkit including analyzers, disassemblers & decompilers written in Python 3. Thoth's features include the generation of the call graph, the control-flow graph (CFG) and the data-flow graph for a given Sierra file or Cairo/Starknet compilation artifact. It also includes some really advanced tools like a Symbolic execution engine and Symbolic bounded model checker.
+
+## Features
+
+- Remote & Local: Thoth can both analyze contracts deployed on Mainnet/Goerli and compiled locally on your machine.
+- Decompiler: Thoth can convert assembly into decompiled code with SSA (Static Single Assignment)
+- Call Flow analysis: Thoth can generate a Call Flow Graph
+- Static analysis: Thoth can run various analyzers of different types (security/optimization/analytics) on the contract
+- Symbolic execution: Thoth can use the symbolic execution to find the right variables values to get through a specific path in a function and also automatically generate test cases for a function.
+- Data Flow analysis: Thoth can generate a Data Flow Graph (DFG) for each function
+- Disassembler: Thoth can translate bytecode into assembly representation
+- Control Flow analysis: Thoth can generate a Control Flow Graph (CFG)
+- Cairo Fuzzer inputs generation: Thoth can generate inputs for the Cairo fuzzer
+- Sierra files analysis : Thoth can analyze Sierra files
+- Sierra files symbolic execution : Thoth allows symbolic execution on sierra files
+- Symbolic bounded model checker : Thoth can be used as a Symbolic bounded model checker
+  <img alt="thoth" src="img/ch02-13-thoth.png" class="center" style="width: 75%;" />
+
+## Installation
+
+```bash
+sudo apt install graphviz
+git clone https://github.com/FuzzingLabs/thoth && cd thoth
+pip install .
+thoth -h
+```