{"id":13425644,"url":"https://github.com/crytic/tealer","last_synced_at":"2025-10-28T00:47:14.870Z","repository":{"id":37909238,"uuid":"315701275","full_name":"crytic/tealer","owner":"crytic","description":"Static Analyzer for Teal","archived":false,"fork":false,"pushed_at":"2024-02-08T14:11:08.000Z","size":1530,"stargazers_count":63,"open_issues_count":42,"forks_count":14,"subscribers_count":6,"default_branch":"main","last_synced_at":"2025-03-30T05:32:16.998Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/crytic.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2020-11-24T17:11:20.000Z","updated_at":"2024-12-23T23:55:06.000Z","dependencies_parsed_at":"2023-02-19T06:15:30.737Z","dependency_job_id":"88034530-52e9-447f-bf5a-5a5ae2b44af5","html_url":"https://github.com/crytic/tealer","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crytic%2Ftealer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crytic%2Ftealer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crytic%2Ftealer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crytic%2Ftealer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/crytic","download_url":"https://codeload.github.com/crytic/tealer/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251898551,"owners_count":21661842,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-31T00:01:16.029Z","updated_at":"2025-10-28T00:47:09.836Z","avatar_url":"https://github.com/crytic.png","language":"Python","funding_links":[],"categories":["Development \u0026 Tools","Development Tools"],"sub_categories":["Testing \u0026 Debugging","Other Development Tools"],"readme":"# Tealer\n\nTealer is a static analyzer for [Teal](https://developer.algorand.org/docs/features/asc1/) code.\nIt parses the Teal program, and builds its CFG. The analyzer comes with a set of vulnerabilities detectors and printers allowing to quickly review the contracts.\nIn addition, tealer allows for custom path discovery through [regular expression](#regular-expression), and can be configured to follow the [group information](#group-configuration) of the application.\n\n- [Usage](#Usage)\n  - [Detectors](#detectors): Vulnerabilities detectors\n  - [Printers](#printers): Visual information\n  - [Regular expression](#regular-expression): Regular expression engine\n- [How to install](#how-to-install)\n- [Group configuration](#group-configuration)\n\n## Usage\n\nTo detect vulnerabilities\n\n```bash\ntealer detect --contracts file.teal\n```\n\nTo run a printer\n\n```bash\ntealer print \u003cprinter_name\u003e --contracts file.teal\n```\n\nTo run the regular expression engine\n\n```bash\ntealer regex \u003cregex_file.txt\u003e --contracts file.teal\n```\n\n\nFor additional configuration, see the [Usage](https://github.com/crytic/tealer/wiki/Usage) documentation.\n\n### Detectors\n\n| Num | Detector                | What it detects                                                                                                                                     | Applies To          | Impact       | Confidence |\n|-----|-------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------|---------------------|--------------|------------|\n| 1   | `is-deletable`          | [Deletable Applications](https://github.com/crytic/tealer/wiki/Detector-Documentation#deletable-application)                                        | Stateful            | High         | High       |\n| 2   | `is-updatable`          | [Upgradable Applications](https://github.com/crytic/tealer/wiki/Detector-Documentation#upgradable-application)                                      | Stateful            | High         | High       |\n| 3   | `unprotected-deletable` | [Unprotected Deletable Applications](https://github.com/crytic/tealer/wiki/Detector-Documentation#unprotected-deletable-application)                | Stateful            | High         | High       |\n| 4   | `unprotected-updatable` | [Unprotected Upgradable Applications](https://github.com/crytic/tealer/wiki/Detector-Documentation#unprotected-updatable-application)               | Stateful            | High         | High       |\n| 5   | `group-size-check`      | [Usage of absolute indexes without validating GroupSize](https://github.com/crytic/tealer/wiki/Detector-Documentation#missing-groupsize-validation) | Stateless, Stateful | High         | High       |\n| 6   | `can-close-account`     | [Missing CloseRemainderTo field Validation](https://github.com/crytic/tealer/wiki/Detector-Documentation#missing-closeremainderto-field-validation) | Stateless           | High         | High       |\n| 7   | `can-close-asset`       | [Missing AssetCloseTo Field Validation](https://github.com/crytic/tealer/wiki/Detector-Documentation#missing-assetcloseto-field-validation)         | Stateless           | High         | High       |\n| 8   | `missing-fee-check`     | [Missing Fee Field Validation](https://github.com/crytic/tealer/wiki/Detector-Documentation#missing-fee-field-validation)                           | Stateless           | High         | High       |\n| 9   | `rekey-to`              | [Rekeyable Logic Signatures](https://github.com/crytic/tealer/wiki/Detector-Documentation#rekeyable-logicsig)                                       | Stateless           | High         | High       |\n| 10  | `constant-gtxn`         | [Unoptimized Gtxn](https://github.com/crytic/tealer/wiki/Detector-Documentation#Unoptimized-Gtxn)                                                   | Stateless           | Optimization | High       |\n| 11  | `self-access`           | [Unoptimized self access](https://github.com/crytic/tealer/wiki/Detector-Documentation#Unoptimized-self-access)                                     | Stateless           | Optimization | High       |\n| 12  | `sender-access`         | [Unoptimized Gtxn](https://github.com/crytic/tealer/wiki/Detector-Documentation#Unoptimized-sender-access)                                          | Stateless           | Optimization | High       |\n\n\nFor more information, see\n\n- The [Detector Documentation](https://github.com/crytic/tealer/wiki/Detector-Documentation) for information on each detector\n- The [Detection Selection](https://github.com/crytic/tealer/wiki/Usage#detector-selection) to run only selected detectors. By default, all the detectors are ran.\n\n### Printers\n\n| Num | Printer               | What it prints                                    |\n|-----|-----------------------|---------------------------------------------------|\n| 1   | `call-graph`          | Export the call graph of contract to a dot file   |\n| 2   | `cfg`                 | Export the CFG of entire contract                 |\n| 3   | `human-summary`       | Print a human-readable summary of the contract    |\n| 4   | `subroutine-cfg`      | Export the CFG of each subroutine                 |\n| 5   | `transaction-context` | Output possible values of GroupIndices, GroupSize |\n\n\nPrinters output [`dot`](https://graphviz.org/) files.\nUse `xdot` to open the files  (`sudo apt install xdot`).\n\n### Regular expression\n\nTealer can detect if there is a path between a given label and a set of instruction using the `regex` subcommand: `tealer regex regex.txt --contracts file.teal`.\n\nThe Regular expression file must be on the form:\n```txt\nlabel =\u003e\n  ins1\n  ins2\n```\n\nIf there is a match, tealer will generate a DOT file with the graph.\n\nFor an example, run `tealer regex tests/regex/regex.txt --contract tests/regex/vote_approval.teal`, with:\n- [tests/regex/regex.txt](./tests/regex/regex.txt)\n- [tests/regex/vote_approval.teal](./tests/regex/vote_approval.teal)\n\nWhich will generate `regex_result.dot`.\n\n## How to install\n\n`pip3 install tealer`\n\n### Using Git\n\n```bash\ngit clone https://github.com/crytic/tealer.git \u0026\u0026 cd tealer\nmake dev\n```\n\n\n## Group configuration\n\nTo help tealer reasons about applications that are meant to be run in a group of transaction, the user can provide the group information through a configuration file:\n- See the [ANS configuration](tests/group_transactions/ans/ans_config.yaml) example\n- See [Lightweight group information specification](https://forum.algorand.org/t/lightweight-group-information-specification/9735) discussion.\n\nThe file format is still in development, and it is likely to evolve in the future\n\n## License\n\nTealer is licensed and distributed under the AGPLv3 license. [Contact us](opensource@trailofbits.com) if you're looking for an exception to the terms.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcrytic%2Ftealer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcrytic%2Ftealer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcrytic%2Ftealer/lists"}