“…Security Tools, Frameworks, and Design Patterns We complement our results on security issues by studying the smart contract developers' awareness of security tools (e.g., which tools they ask about or suggest in answers). We compile a comprehensive list of security tools based on relevant evaluation and survey papers (e.g., [13,28,9,34,23,46]) and other sources (e.g., [12]), and search for mentions of the following (in alphabetical order): ContractFuzzer [25], Con-tractLarva [15], echidna 6 , EtherTrust [21], EthIR, Ethlint (formerly known as Solium) 7 , FSolidM [36], MAIAN [43], Manticore [39], Mythril (as well as the service MythX and the client Mythos) [40], Octopus 8 , Osiris [52], Oyente [35], Rattle [49], ReGuard [33], SASC [60], sCompile [8], Securify [54], Slither [18], Smar-tAnvil [14], SmartCheck [51], solcheck 9 , solgraph 10 , solint 11 , Solhint 12 , SonarSolidity 13 , Sūrya (also spelled as Surya) 14 , teEther [29], Vandal [7], VeriSolid [38], VerX [47], VULTRON [56], Zeus [27]. Note that our goal is not to evaluate or compare the technical quality of these tools and frameworks (for that we refer the reader to surveys, e.g., [46]); we are only interested in whether they are discussed by developers.…”