{"id":13718625,"url":"https://github.com/crytic/amarna","last_synced_at":"2026-03-14T10:30:17.156Z","repository":{"id":37076309,"uuid":"444112251","full_name":"crytic/amarna","owner":"crytic","description":"Amarna is a static-analyzer and linter for the Cairo programming language.","archived":false,"fork":false,"pushed_at":"2024-02-12T21:27:06.000Z","size":1832,"stargazers_count":148,"open_issues_count":14,"forks_count":7,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-02-13T21:13:46.927Z","etag":null,"topics":["cairo","linter","starknet","static-analysis"],"latest_commit_sha":null,"homepage":"https://blog.trailofbits.com/2022/04/20/amarna-static-analysis-for-cairo-programs/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/crytic.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-01-03T15:37:36.000Z","updated_at":"2024-09-10T18:07:42.000Z","dependencies_parsed_at":"2024-01-07T21:08:53.148Z","dependency_job_id":"16caecff-c74e-4f6e-b77d-cc3d2ce0bd4f","html_url":"https://github.com/crytic/amarna","commit_stats":{"total_commits":127,"total_committers":6,"mean_commits":"21.166666666666668","dds":0.3307086614173228,"last_synced_commit":"2f7430b36d2aa321108dc83c74a457af2e16ebbb"},"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crytic%2Famarna","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crytic%2Famarna/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crytic%2Famarna/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crytic%2Famarna/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/crytic","download_url":"https://codeload.github.com/crytic/amarna/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239921833,"owners_count":19718844,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cairo","linter","starknet","static-analysis"],"created_at":"2024-08-03T01:00:34.668Z","updated_at":"2026-03-14T10:30:17.098Z","avatar_url":"https://github.com/crytic.png","language":"Python","funding_links":[],"categories":["dApps directory","Tools"],"sub_categories":["Static Analysis Tools"],"readme":"This repo is archived. You can use [caracal](https://github.com/crytic/caracal) instead.\n\n# Amarna\n\nAmarna is a static-analyzer and linter for the Cairo programming language.\n\n## Features\n - Finds code-smells and potential vulnerabilities in Cairo code\n - Compiler-identical parsing of Cairo code and StarkNet contracts\n - Supports creating local and global rules\n - Exports the parsed AST of a Cairo file\n - Exports static-analysis results to the [SARIF](https://sarifweb.azurewebsites.net/) format.\n\n## Basic Usage\nAnalyze a Cairo project in the current directory and export the SARIF results to a file:\n ```bash\n amarna . -o out.sarif\n ```\n\nAnalyze a single file `file.cairo` and export the SARIF results to a file:\n ```bash\n amarna file.cairo -o out.sarif\n ```\n\nAnalyze a single file `file.cairo` and print a summary of the results:\n ```bash\n amarna file.cairo -s\n ```\n\n### Integration\n - For GitHub action integration, use [amarna-action](https://github.com/crytic/amarna-action).\n\n## Currently supported rules\n\n| # | Rule | What it finds | Impact | Precision |\n| --- | --------------------------- | ------------------------------------------------------------------------------------------------------------------------- | ------- | --------- |\n| 1 | Arithmetic operations | All uses of arithmetic operations +, -, *, and / | Info | High |\n| 2 | Unused arguments | Function arguments that are not used in the functions in which they appear | Warning | High |\n| 3 | Unused imports | Unused imports | Info | High |\n| 4 | Mistyped decorators | Mistyped code decorators | Info | High |\n| 5 | Unused functions | Functions that are never called | Info | Medium |\n| 6 | Error codes | Function calls that have return values that must be checked | Info | High |\n| 7 | Inconsistent assert usage | Asserts that use the same constant in different ways, e.g., `assert_le(amount, BOUND)` and `assert_le(amount, BOUND - 1)` | Warning | High |\n| 8 | Dead stores | Variables that are assigned values but not used before a return statement | Info | Medium |\n| 9 | Unchecked overflows | Function calls that ignore the returned overflow flags, e.g., `uint256_add` | Warning | High |\n| 10 | Caller address return value | Function calls to the `get_caller_address` function. | Info | High |\n| 11 | Storage variable collision | Multiple `@storage_var` with the same name. (deprecated) | Warning | High |\n| 12 | Implicit function import | Function with decorator `@external, @view, @l1_handler` that is being implicitly imported. (deprecated) | Info | High |\n| 13 | Unenforced view function | State modification within a `@view` function | Info | High |\n| 14 | Uninitialized variable | Local variables that are never initialized. | Info | High |\n\n\n## Usage\nAnalyze a Cairo project in the current directory and export results to a file:\n ```bash\n amarna . -o out.sarif\n ```\n\nAnalyze a single file `deleverage.cairo` and export results to a file:\n ```bash\n amarna deleverage.cairo -o deleverage.sarif\n ```\n\nAnalyze a single file `code.cairo` and print a summary of the results:\n ```bash\n amarna code.cairo -s\n ```\n\nParse a Cairo file and output the recovered AST in `png`:\n ```bash\n amarna file.cairo -png\n ```\n\nAnalyze a Cairo file with the unused_import rule:\n ```bash\n amarna file.cairo --rules=unused-imports\n ```\n\nAnalyze a Cairo file using all rules except the arithmetic-add rule:\n ```bash\n amarna file.cairo --except-rules=arithmetic-add\n ```\n\nThe full help menu is:\n```\nusage: amarna [-h] [-p] [-o OUTPUT] [-s] [-png] [-rules RULES] [-exclude-rules EXCLUDE_RULES] [-show-rules] [-disable-inline] -f\n\nAmarna is a static-analyzer for the Cairo programming language.\n\npositional arguments:\n -f the name of the .cairo file or directory with .cairo files to analyze\n\noptional arguments:\n -h, --help show this help message and exit\n -p, --print print output\n -o OUTPUT, --output OUTPUT\n file to write the output results in sarif format\n -s, -summary, --summary\n output summary\n -png, --png save a png with the AST of a file\n -rules RULES, --rules RULES\n Only run this set of rules. Enter rule names comma-separated, e.g., dead-store,unused-arguments\n -exclude-rules EXCLUDE_RULES, --exclude-rules EXCLUDE_RULES\n Exclude these rules from the analysis. Enter rule names comma-separated, e.g., dead-store,unused-arguments\n -show-rules, --show-rules\n Show all supported rules and descriptions.\n -disable-inline, --disable-inline\n Disable rules with inline comments. The comments should be the first line and of the form: # amarna: disable=rulename1,rulename2\n```\n\n## SARIF file format\nThe [SARIF](https://sarifweb.azurewebsites.net/) file format is a standard format for static-analysis tools and can be viewed in vscode with the [official extension](https://github.com/Microsoft/sarif-vscode-extension/).\n\n\n## Installation\n```bash\npip install amarna\n```\n\n\n## How the rules work\nThe static-analysis rules can be:\n - local rules, which analyse each file independently.\n - gatherer rules, which analyse each file independently and gather data to be used in post-process rules.\n - post-process rules, which run after all files were analyzed can use the data gathered in the gatherer rules.\n\nExamples of these are:\n - local rules: find all arithmetic operations in a file\n - gatherer rules: gather all declared functions, and called functions\n - post-process rules: find unused functions using the gathered data, i.e., functions that were declared but never called.\n\n\n## Rule allowlist, denylist and inline comments\n\n### Rule names\nObtain the names of the currently implemented rules with:\n```bash\n amarna --show-rules\n```\n\n### Rule allowlist\nRun amarna with a defined set of rules using\n```bash\n amarna --rules=rule1,rule2 .\n```\n\nThe following command will only run the `unused-imports` rule and print the summary result\n```bash\n amarna --rules=unused-imports . -s\n```\n\n### Rule denylist\nRun amarna with all rules except a defined set of rules using\n```bash\n amarna --exclude-rules=arithmetic-add,arithmetic-sub . -s\n```\n\n### Inline rule disabling comments\nYou can change the first line of a cairo file to disable a specific rule set on that file.\nFor example, adding the line\n```c\n// amarna: disable=arithmetic-div,arithmetic-sub,arithmetic-mul,arithmetic-add\n```\nas the first line of `file.cairo` and running amarna with\n```bash\namarna directory/ --disable-inline -s\n```\nwill not report any arithmetic rule to the `file.cairo` file.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcrytic%2Famarna","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcrytic%2Famarna","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcrytic%2Famarna/lists"}