{"id":13718656,"url":"https://github.com/FuzzingLabs/sierra-analyzer","last_synced_at":"2025-05-07T10:33:31.453Z","repository":{"id":235575791,"uuid":"781413363","full_name":"FuzzingLabs/sierra-analyzer","owner":"FuzzingLabs","description":"Sierra decompiler and analyzer","archived":false,"fork":false,"pushed_at":"2025-04-22T15:10:26.000Z","size":2458,"stargazers_count":11,"open_issues_count":1,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-22T16:29:57.221Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/FuzzingLabs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-04-03T10:35:15.000Z","updated_at":"2025-04-22T15:10:29.000Z","dependencies_parsed_at":"2024-05-23T08:39:25.834Z","dependency_job_id":null,"html_url":"https://github.com/FuzzingLabs/sierra-analyzer","commit_stats":null,"previous_names":["fuzzinglabs/sierra-analyzer"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FuzzingLabs%2Fsierra-analyzer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FuzzingLabs%2Fsierra-analyzer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FuzzingLabs%2Fsierra-analyzer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FuzzingLabs%2Fsierra-analyzer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/FuzzingLabs","download_url":"https://codeload.github.com/FuzzingLabs/sierra-analyzer/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252859957,"owners_count":21815437,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-03T01:00:35.318Z","updated_at":"2025-05-07T10:33:31.443Z","avatar_url":"https://github.com/FuzzingLabs.png","language":"Rust","readme":"\u003cdiv align=\"center\"\u003e\n\n## Sierra Analyzer\n\nSierra Analyzer is a security toolkit designed for analyzing Sierra files. It includes: a decompiler, a call graph\u003c/br\u003e generator, a control-flow graph generator, and various security detectors.\n\u003c/div\u003e\n\n\u003e [!IMPORTANT]  \n\u003e This repository is no longer maintained. If you have any questions or need further assistance, please contact [FuzzingLabs](https://fuzzinglabs.com/).\n\n---\n\n- [Project structure](#project-structure)\n- [Decompile a Sierra file](#decompile-a-sierra-file)\n- [Analyze a remote contract](#analyze-a-remote-contract)\n- [Print the contract's Control-Flow Graph](#print-the-contracts-control-flow-graph)\n- [Print the contract's Callgraph](#print-the-contracts-callgraph)\n- [Run the detectors](#run-the-detectors)\n- [Use the symbolic execution to generate unit tests](#use-the-symbolic-execution-to-generate-unit-tests)\n- [Improve the decompiler output using LLMs](#print-the-contracts-callgraph)\n- [Use it as a library](#print-the-contracts-callgraph)\n- [Use with a Scarb project](#use-it-with-a-scarb-project)\n\n\n### Project structure \n\n```\n.\n├── doc                  # Documentation files\n├── examples             # Sierra \u0026 Contrat class samples files\n├── lib                  # sierra-analyzer library\n├── bin                  # Binaries directory containing Sierra decompiler tool (based on sierra-analyzer library) \u0026 Tests generator\n└── README.md\n```\n\n### Decompile a Sierra file\n\n```\ncargo run -- -f \u003csierra file\u003e\n```\n\n\u003cp align=\"center\"\u003e\n\t\u003cb\u003e Decompiler output  \u003c/b\u003e\u003c/br\u003e\n\t\u003cimg height=\"400px\" src=\"/doc/images/decompiler-output.png\"/\u003e\u003c/br\u003e\n\u003c/p\u003e\n\nFor a colourless output : \n\n```\ncargo run -- -f \u003csierra file\u003e --no-color\n```\n\nIt it also possible to get a verbose output with more informations : \n\n```\ncargo run -- -f \u003csierra file\u003e --verbose\n```\n\n### Analyze a remote contract\n\nContracts can be fetched directly from Starknet (Mainnet \u0026 Sepolia) by specifying the contract class to analyze : \n\n```\n# Fetch \u0026 decompile a contract from starknet mainnet \ncargo run -- --remote 0x035ae0fe6ca00fcc8020a6c64503f38bfaf3481ae9a6c8b7daec2f899df735fa\n\n# Fetch \u0026 decompile a contract from Sepolia network\ncargo run -- --remote 0x01437be408319cdb7524b3e3c52c0e9d80070d8cb85f363d42a7c3c2df5b66b2 --network sepolia -d\n```\n\n### Print the contract's Control-Flow Graph\n\n```\ncargo run -- -f ./examples/sierra/fib_array.sierra --cfg  \n\n# Output the Control-Flow Graph to a custom folder (default is ./output_cfg)\ncargo run -- -f ./examples/sierra/fib_array.sierra --cfg --cfg-output ./test \n```\n\n\u003cp align=\"center\"\u003e\n\t\u003cimg src=\"/doc/images/cfg-output.png\" height=\"400px\"/\u003e\n\u003c/p\u003e\n\n### Print the contract's Callgraph\n\n```\ncargo run -- -f ./examples/sierra/fib_array.sierra --callgraph\n\n# Output the Callgraph to a custom folder (default is ./output_callgraph)\ncargo run -- -f ./examples/sierra/fib_array.sierra --callgraph --callgraph-output ./test \n\n# Get the Callgraph of a specific function\ncargo run -- -f ./examples/sierra/fib_unary.sierra --callgraph --function 'examples::fib_unary::fib'\n```\n\n\u003cp align=\"center\"\u003e\n\t\u003cimg src=\"/doc/images/callgraph-output.png\" height=\"400px\"/\u003e\n\u003c/p\u003e\n\n### Run the detectors\n\n```\ncargo run -- -f ./examples/sierra/fib_array.sierra  -d\n\n// Print all available detectors with their description  \ncargo run -- --detector-help\n```\n\n\u003cp align=\"center\"\u003e\n\t\u003cimg src=\"/doc/images/detectors-output.png\" height=\"130px\"/\u003e\n\u003c/p\u003e\n\nThe documentation for creating a new detector is [here](https://github.com/FuzzingLabs/sierra-analyzer/blob/master/doc/detector-creation.md)\n\n### Use the symbolic execution to generate unit tests\n\n#### 1) Using the Tests generator detector\n\nSymbolic execution can be used to generate unit tests for the functions that take `felt252` arguments as input. \n\nFor example the file [symbolic_execution_test.sierra](https://github.com/FuzzingLabs/sierra-analyzer/blob/master/examples/sierra/symbolic_execution_test.sierra) contains a main function that takes four `felt252` arguments *v0*, *v1*, *v2* and *v3*. The function includes four conditions that check if `v0 == 102`, `v1 == 117`, `v2 == 122` and `v3 == 122` which correspond to the ASCII values for the letters *f*, *u*, *z*, and *z*, respectively.\n\nWhen running the detectors we can generate test cases for each path in the function with the **Tests generator detector**:\n\n\n```\ncargo run -- -f ./examples/sierra/symbolic_execution_test.sierra -d --detector-names tests\n\n[Testing] Tests generator\n        - symbolic::symbolic::symbolic_execution_test : \n        - v0: 102, v1: 0, v2: 0, v3: 0\n        - v0: 103, v1: 0, v2: 0, v3: 0\n        - v0: 102, v1: 117, v2: 0, v3: 0\n        - v0: 0, v1: 118, v2: 0, v3: 0\n        - v0: 102, v1: 117, v2: 122, v3: 0\n        - v0: 0, v1: 0, v2: 123, v3: 0\n        - v0: 102, v1: 117, v2: 122, v3: 122\n        - v0: 0, v1: 0, v2: 0, v3: 123\n```\n\n#### 2) Using the library\n\nThe tests generator can also be used [with the library](https://github.com/FuzzingLabs/sierra-analyzer/blob/master/lib/examples/tests_generator.rs).\n\n### Improve the decompiler output using LLMs\n\n[Here](/doc/llm-decompilation.md) is a tutorial on how to improve the decompiler output using LLMs.\n\n### Use it as a library \n\nIt is also possible to use the `sierra-analyzer-lib` library to decompile serialised or unserialised Sierra files.\n\n### Use it with a Scarb project\n\n\u003e [!TIP]\n\u003e There are examples of repositories that uses Scarb in [examples/scarb](/examples/scarb/scarb_example/). \n\nFirst you need to build the project using Scarb :\n\n```sh\nscarb build\n```\n\nAfter that, you will need to select the contract you want to work on using the `contract` flag. If you need to list the available contracts, you can use the `--list-contracts` option :\n\n```sh\nsierra-decompiler --scarb --list-contracts\n```\n\nNow, let's say you want to work on one of the contracts whose name is `unimpaired_cairo_Overflow`, then you can analyse it : \n\n```sh\n// Run the decompiler\nsierra-decompiler --scarb --contract unimpaired_cairo_Overflow \n\n// Generate the control-flow graph\nsierra-decompiler --scarb --contract unimpaired_cairo_Overflow --cfg\n\n// Generate the callgraph\nsierra-decompiler --scarb --contract unimpaired_cairo_Overflow --callgraph\n\n// Run the detectors\nsierra-decompiler --scarb --contract unimpaired_cairo_Overflow -d\n```\n\n### Features\n\n- [x] Decompiler\n- [x] Control-Flow Graph\n- [x] Call Graph\n- [X] Informational \u0026 Security detectors\n- [x] Fetching contracts from Starknet\n- [x] Symbolic execution\n- [x] Scarb projects support\n","funding_links":[],"categories":["Tools"],"sub_categories":["Specific blog posts / Vulnerability Disclosures"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FFuzzingLabs%2Fsierra-analyzer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FFuzzingLabs%2Fsierra-analyzer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FFuzzingLabs%2Fsierra-analyzer/lists"}