{"id":21357546,"url":"https://github.com/sv592/code_review_on_ethereum","last_synced_at":"2026-05-07T12:31:06.983Z","repository":{"id":264079625,"uuid":"892304896","full_name":"SV592/code_review_on_ethereum","owner":"SV592","description":"This project explores the code review practices for Ethereum smart contracts, focusing on pull requests (PRs) in repositories of various prominence","archived":false,"fork":false,"pushed_at":"2024-11-22T17:30:41.000Z","size":690,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-16T06:14:47.769Z","etag":null,"topics":["codereview","ethereum","pyth","smart-contracts","solidity"],"latest_commit_sha":null,"homepage":"https://shaquillepearson.com/assets/papers/Code%20Review%20Practises%20On%20Etherum%20Smart%20Contracts.pdf","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/SV592.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-11-21T21:37:10.000Z","updated_at":"2024-11-22T17:30:44.000Z","dependencies_parsed_at":"2024-11-21T22:29:12.481Z","dependency_job_id":null,"html_url":"https://github.com/SV592/code_review_on_ethereum","commit_stats":null,"previous_names":["sv592/code_review_on_ethereum"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SV592%2Fcode_review_on_ethereum","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SV592%2Fcode_review_on_ethereum/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SV592%2Fcode_review_on_ethereum/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SV592%2Fcode_review_on_ethereum/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/SV592","download_url":"https://codeload.github.com/SV592/code_review_on_ethereum/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243830957,"owners_count":20354855,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["codereview","ethereum","pyth","smart-contracts","solidity"],"created_at":"2024-11-22T05:07:43.599Z","updated_at":"2026-05-07T12:31:06.955Z","avatar_url":"https://github.com/SV592.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Code Review Practices for Ethereum Smart Contracts\n\nThis project explores the code review practices for Ethereum smart contracts, focusing on pull requests (PRs) in repositories of various prominence. It identifies common vulnerabilities, analyzes the effectiveness of reviews, and proposes enhanced review methodologies to improve the security of smart contract ecosystems.\n\n## Overview\n\nEthereum smart contracts are critical to decentralized finance (DeFi) ecosystems but often suffer from vulnerabilities due to inadequate code reviews. This project investigates:\n- Common vulnerabilities introduced by merged PRs.\n- Review statistics such as the average time to merge, number of reviewers, and comments per PR.\n- Analysis of PRs using **Slither**, a Solidity static analysis tool.\n\nThe findings reveal gaps in current review practices and provide recommendations for enhancing the review process.\n\n---\n\n## Features\n\n- **Pull Request Data Extraction**:\n  - Extract PR data using GitHub GraphQL API.\n  - Metrics include PR state, creation/merge times, number of comments, and reviewers.\n\n- **Static Code Analysis**:\n  - Analyze Solidity smart contracts for vulnerabilities using **Slither**.\n  - Identify issues like reentrancy, unchecked transfers, and arbitrary sends.\n\n- **Statistical Analysis**:\n  - Calculate average time to merge/close PRs.\n  - Derive statistics on reviewer engagement and comments.\n\n- **Insights on Security**:\n  - Highlight recurring vulnerabilities and propose mitigations.\n\n---\n\n## Methodology\n\n1. **Pull Request Data Collection**:\n   - Use `get_pullrequestdata.py` to fetch PR data for specified repositories.\n   - Results are saved in CSV files for further analysis.\n\n2. **Static Analysis**:\n   - Use `pull_requests.py` to checkout PRs and run Slither scans.\n   - Save vulnerability reports for merged PRs.\n\n3. **Statistical Analysis**:\n   - Use `analyzer.py` and `statistics.py` to process PR data.\n   - Calculate average times, comment counts, and other metrics.\n\n4. **Insights and Recommendations**:\n   - Analyze vulnerabilities detected post-merge.\n   - Provide actionable recommendations for better code review practices.\n\n---\n\n## Usage\n\n### Prerequisites\n- Python 3.8+\n- Git\n- Node.js (for Slither)\n- Slither Solidity Analyzer (`npm install -g slither-analyzer`)\n- GitHub API token for data extraction.\n\n### Setup\n1. Clone the repository:\n   ```bash\n   git clone https://github.com/yourusername/ethereum-code-review.git\n   cd ethereum-code-review\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsv592%2Fcode_review_on_ethereum","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsv592%2Fcode_review_on_ethereum","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsv592%2Fcode_review_on_ethereum/lists"}