https://github.com/0xpolygon/storage-delta

Real-time smart contract storage auditor.
https://github.com/0xpolygon/storage-delta

foundry security

Last synced: about 1 month ago
JSON representation

Real-time smart contract storage auditor.

• Host: GitHub
• URL: https://github.com/0xpolygon/storage-delta
• Owner: 0xPolygon
• License: apache-2.0
• Created: 2023-11-10T13:24:34.000Z (almost 2 years ago)
• Default Branch: main
• Last Pushed: 2024-02-01T13:41:11.000Z (over 1 year ago)
• Last Synced: 2025-08-17T04:33:11.156Z (about 2 months ago)
• Topics: foundry, security
• Language: JavaScript
• Homepage:
• Size: 1.2 MB
• Stars: 33
• Watchers: 4
• Forks: 5
• Open Issues: 4
• Metadata Files:
  • Readme: README.md
  • License: LICENSE-APACHE.md

Awesome Lists containing this project

README

          
# ⟁ Storage Delta

Storage Delta is a tool for auditing storage layout changes during contract upgrades.

![Demo](./demo.gif)

## Install

Powered by [Foundry](https://github.com/foundry-rs/foundry).

```bash

forge install 0xPolygon/storage-delta

```

## Run

Storage Delta analyzes the entire contract suite against any previous version.

```bash

bash lib/storage-delta/run.sh 

```

`./storage_delta` will be generated if there are findings. Open `OLD` and `NEW` files side by side for the best experience.

## Detectors

|     | Description                                |

| --- | ------------------------------------------ |

| 🌱  | [New](#new)                                |

| 🏴  | [Problematic](#problematic)                |

| 🏳️  | [Moved](#moved)                            |

| 🏁  | [Moved & problematic](#moved--problematic) |

| 🪦  | [Removed](#removed)                        |

|     | [Dirty bytes](#dirty-bytes)                |

### New

When a variable with a unique name and type is added.

```solidity

    uint256 a

```

```solidity

    uint256 a

🌱  bool b

```

### Problematic

When a new variable is added, but conflicts with the existing storage.

```solidity

    uint256 a

```

```solidity

🏴  bool b

```

### Moved

When an existing variable is moved.

```solidity

    uint256 a

    ...

```

```solidity

    ...

🏳️  uint256 a

```

### Moved & problematic

When an existing variable is moved and conflicts with the existing storage.

```solidity

    uint256 a

    bool b

```

```solidity

🏁  bool b

🏁  uint256 a

```

### Removed

When a variable no longer exists.

```solidity

    uint256 a

    bool b

```

```solidity

    uint256 a

🪦

```

### Dirty bytes

When the storage is not clean.

```solidity

    uint256 a

```

```solidity

🏴  uint128 a

    16 dirty bytes

```

## Configuration

| Option   | Values | Description                                        |

| -------- | ------ | -------------------------------------------------- |

| `--omit` | `new`  | Do not generate a report with only those findings. |

## Requirements

Files should be named after the contract they hold. `Example` → `Example.sol`

The script utilizes Node.js to run. We recommend the node version defined in the `.nvmrc` file.

## License

​

Licensed under either of

​

- Apache License, Version 2.0, ([LICENSE-APACHE](LICENSE-APACHE) or http://www.apache.org/licenses/LICENSE-2.0)

- MIT license ([LICENSE-MIT](LICENSE-MIT) or http://opensource.org/licenses/MIT)

  ​

at your option.

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

---

© 2023 PT Services DMCC