Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

https://github.com/trailofbits/circomspect

A static analyzer and linter for the Circom zero-knowledge DSL
https://github.com/trailofbits/circomspect

Last synced: 4 months ago
JSON representation

A static analyzer and linter for the Circom zero-knowledge DSL

Host: GitHub
URL: https://github.com/trailofbits/circomspect
Owner: trailofbits
License: gpl-3.0
Created: 2022-05-27T13:26:28.000Z (about 2 years ago)
Default Branch: main
Last Pushed: 2023-11-18T08:04:17.000Z (8 months ago)
Last Synced: 2024-03-18T01:43:46.149Z (4 months ago)
Language: Rust
Homepage:
Size: 7.35 MB
Stars: 208
Watchers: 16
Forks: 13
Open Issues: 5
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
- Codeowners: CODEOWNERS

Lists

awesome-circom - Circomspect - static analyzer and linter for the Circom programming language (Code editors & tooling / Cryptographic primitives in other languages)
awesome-circom - Circomspect

README

# Circomspect 🔎

![Crates.io badge](https://img.shields.io/crates/v/circomspect.svg) ![GitHub badge](https://github.com/trailofbits/circomspect/actions/workflows/ci.yml/badge.svg)

Circomspect is a static analyzer and linter for the [Circom](https://iden3.io/circom) programming language. The codebase borrows heavily from the Rust Circom compiler built by [iden3](https://github.com/iden3).

Circomspect currently implements a number of analysis passes which can identify potential issues in Circom circuits. It is our goal to continue to add new analysis passes to be able to detect more issues in the future.

![Circomspect example image](https://github.com/trailofbits/circomspect/raw/main/doc/circomspect.png)

## Installing Circomspect

Circomspect is available on [crates.io](https://crates.io/crates/circomspect) and can be installed by invoking

```sh
cargo install circomspect
```

To build Circomspect from source, simply clone the repository and build the
project by running `cargo build` in the project root. To install from source, use

```sh
cargo install --path cli
```

## Running Circomspect

To run Circomspect on a file or directory, simply run

```sh
circomspect path/to/circuit
```

By default, Circomspect outputs warnings and errors to stdout. To see informational results as well you can set the output level using the `--level` option. To ignore certain types of results, you can use the `--allow` option together with the corresponding result ID. (The result ID can be obtained by passing the `--verbose` flag to Circomspect.)

To output the results to a Sarif file (which can be read by the [VSCode Sarif Viewer](https://marketplace.visualstudio.com/items?itemName=MS-SarifVSCode.sarif-viewer)), use the option `--sarif-file`.

![VSCode example image](https://github.com/trailofbits/circomspect/raw/main/doc/vscode.png)

Circomspect supports the same curves that Circom does: BN254, BLS12-381, and Goldilocks. If you are using a different curve than the default (BN254) you can set the curve using the command line option `--curve`.

## Analysis Passes

Circomspect implements analysis passes for a number of different types of issues. A complete list, together with a high-level description of each issue, can be found [here](https://github.com/trailofbits/circomspect/blob/main/doc/analysis_passes.md).