{"id":19599540,"url":"https://github.com/nascentxyz/pyrometer","last_synced_at":"2025-05-14T14:08:47.568Z","repository":{"id":142976961,"uuid":"586608936","full_name":"nascentxyz/pyrometer","owner":"nascentxyz","description":"A tool for analyzing the security and parameters of a solidity smart contract","archived":false,"fork":false,"pushed_at":"2025-02-14T15:41:16.000Z","size":10621,"stargazers_count":764,"open_issues_count":15,"forks_count":60,"subscribers_count":21,"default_branch":"master","last_synced_at":"2025-04-12T14:15:27.867Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nascentxyz.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE-APACHE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-01-08T18:22:27.000Z","updated_at":"2025-03-29T18:23:58.000Z","dependencies_parsed_at":"2023-12-22T06:29:18.084Z","dependency_job_id":"3ee8c12a-3c5b-46c7-9bb1-03963e4fb357","html_url":"https://github.com/nascentxyz/pyrometer","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nascentxyz%2Fpyrometer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nascentxyz%2Fpyrometer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nascentxyz%2Fpyrometer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nascentxyz%2Fpyrometer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nascentxyz","download_url":"https://codeload.github.com/nascentxyz/pyrometer/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254159956,"owners_count":22024566,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-11T09:11:27.613Z","updated_at":"2025-05-14T14:08:47.546Z","avatar_url":"https://github.com/nascentxyz.png","language":"Rust","funding_links":[],"categories":["Smart Contracts","Solidity"],"sub_categories":["Other","Other dialects and variants"],"readme":"\u003cimg width=\"100%\" src=\"pyro.jpg\"\u003e\n\n# 🔥🔫 Pyrometer 🔥🔫\n\n[![Telegram Chat][tg-badge]][tg-url]\n\n[tg-badge]: https://img.shields.io/endpoint?color=neon\u0026logo=telegram\u0026label=chat\u0026style=flat-square\u0026url=https%3A%2F%2Ftg.sumanjay.workers.dev%2Fpyrometer\n[tg-url]: https://t.me/pyrometer\n\nPyrometer is a work-in-progress security tool currently in _BETA_. It should work on most solidity `0.8.x` contracts, but there are some limitations and language edge cases not yet covered.\n\nEffectively, Pyrometer is a mix of symbolic execution, abstract interpretation, and static analysis - we take ideas from each and apply them with an *engineering first* mindset to create an effective tool (and avoid nerdsnipes by academic papers) aiming to help both auditors and developers.\n\nPyrometer may eventually be language agnostic, but for now it is targeting Solidity. The code isn't currently entirely structured for multi-language support, but it has some of the bones to be able to support other EVM-targeting languages.\n\nHere is an example output:\n\n\u003cimg width=\"100%\" src=\"demo.png\"\u003e\n\n\n## Installing\nFirst, make sure rust is installed:\n```bash\ncurl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh\n```\n\nThen:\n```bash\ngit clone https://github.com/nascentxyz/pyrometer\ncd pyrometer/crates/cli\ncargo install --path . --locked\npyrometer \u003cPATH_TO_SOLIDITY_FILE\u003e --help\n```\n\nIf your project imports contracts via `node_modules` or uses remappings, be sure to pass the `--remappings remappings.txt` flag after running `forge remappings \u003e remappings.txt`.\n\nMake sure `$CARGO_HOME/bin` is in your `$PATH`.\n\n\nBinaries will eventually be built and released for version upgrades.\n\n### Configuring Pyrometer\nRun `pyrometer --help` for more details.\n\n### Quick tips\n1. `pyrometer ./myContract.sol --remappings remappings.txt`: the `--remappings` flag is generally needed otherwise you will get a crash with `file does not exist`.\n1. `pyrometer ./myContract.sol -vv`: `-vv` is generally the sweet spot in terms of verbosity\n1. `pyrometer ./myContract.sol --funcs \"myFunc\"`: the `--funcs` flag can help narrow the down the output to only the function you care about. You can repeat the flag as many times as you like to match more functions\n1. `pyrometer ./myContract.sol --contracts \"myContract\"`: the `--contracts` flag can help narrow the down the output to only the contract you care about. You can repeat the flag as many times as you like to match more functions\n\n## What can I do with it?\n\nThere are two main uses of pyrometer as it stands *today*. \n\n### As a binary\nThe target users of the binary (i.e. the CLI application) are developers and auditors. A suggested use case is for manual verification of a function or functions. A video tutorial around getting the most out of pyrometer is in the works. \n\n### As a library\nPyrometer's graph intermediate representation and bound analysis can be useful for a whole host of solidity based tooling. It could be used as:\n1. Backend to an LSP (although not recommend yet)\n2. Contract visualization tool (we already support outputting the graph to `dot` via the `--dot` flag)\n3. Improved fuzzers (work in progress, reach out if interested in helping)\n4. Backend to a query language for writing analyses (analyses similar to Slither detectors)\n5. Code refactoring/preprocessor tool\n\n## Understanding the output\n\nYou will generally see a line underlined followed by the `∈` symbol followed by  `[ minimum possible value, maximum possible value ]`. `∈` indicates set membership and means \"is an element of\", and the brackets indicate an *interval* - so for example, if you see:\n\n` \"x\" ∈ [ 0, 10 ] \u0026\u0026 ∉ { 5 }`, you can read this as \"x is in the range 0 to 10, excluding 5\". Each solidity type has their own default bounds. If you see `\"x\" == 3`, `x` must be 3 at that point in the program.\n\n## Whats the theory behind this?\nSee the [Theory](./THEORY.md) page for details. \n\n## How is the repo structured?\nSee the [Architecture](./ARCHITECTURE.md) page for details. \n\n## Contributing\nRead the [Architecture](./ARCHITECTURE.md) page first, then start hacking. Hop in the telegram (see badge above) to ask questions. \n\nSee the [TODO](./TODO.md) for top priorities.\n\n\u003cbr/\u003e\u003cbr/\u003e\n\u003cp align=\"center\"\u003e\n    \u003cimg width=\"100\" height=\"100\" src=\"NascentLogo.png\"\u003e\n\u003c/p\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnascentxyz%2Fpyrometer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnascentxyz%2Fpyrometer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnascentxyz%2Fpyrometer/lists"}