Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/coinfabrik/solidity-detectors

Research on Vulnerability Detection Using Intermediate Representations of Solidity
https://github.com/coinfabrik/solidity-detectors

solidity vulnerability-detection

Last synced: about 9 hours ago
JSON representation

Research on Vulnerability Detection Using Intermediate Representations of Solidity

Host: GitHub
URL: https://github.com/coinfabrik/solidity-detectors
Owner: CoinFabrik
License: agpl-3.0
Created: 2024-07-31T12:45:13.000Z (6 months ago)
Default Branch: main
Last Pushed: 2024-12-17T22:34:36.000Z (26 days ago)
Last Synced: 2024-12-17T23:26:02.465Z (26 days ago)
Topics: solidity, vulnerability-detection
Language: Python
Homepage:
Size: 65.1 MB
Stars: 0
Watchers: 4
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Citation: CITATION.cff
- Codeowners: CODEOWNERS

Awesome Lists containing this project

README

# Solidity Detectors: Static Analysis Tool

[![License: GPL v3](https://img.shields.io/badge/License-GPLv3-blue.svg)](https://www.gnu.org/licenses/gpl-3.0)

Solidity Detectors is an open source tool to assist Solidity developers and auditors in the detection of smart contract vulnerabilities. It modifies the Slither Static Analyzer by adding 3 new detectors and modifying an existing one.

## Quick Start

### Install Solidity Detectors

Solidity Detectors is built upon the Slither Static Analyzer. Installing Solidity Detectors requires the user to install [Slither](https://github.com/crytic/slither).

> **Note**

> Slither requires Python 3.8+.
> If you're **not** going to use one of the [supported compilation frameworks](https://github.com/crytic/crytic-compile), you need [solc](https://github.com/ethereum/solidity/), the Solidity compiler; we recommend using [solc-select](https://github.com/crytic/solc-select) to conveniently switch between solc versions.

#### Use a Python Virtual Environment

It is recommended to use a Python virtual environment to prevent version conflicts. For more information on Python environments for Slither, you can consult the [Developer Installation Instructions](https://github.com/trailofbits/slither/wiki/Developer-installation).

You will need to install virtualenv to create and manage your Python virtual environments.

```bash
pip install virtualenv
```

You should set up the virtual environment in the parent directory of Solidity Detectors or in any higher-level directory within the directory tree.

Navigate to the folder where you wish to create your virtual environment. It is advisable to create a **project directory** where you will create your virtual environment and clone **Solidity Detectors**. Then, create your environment with the following command:

```bash
python -m venv virtual-environment-name
```

Every time you wish to activate the virtual environment, you can run this command:

```bash
source virtual-environment-name/bin/activate
```

To deactivate the virtual environment, simply run

```bash
deactivate
```

All the necessary installations to run Slither and Solidity Detectors will be managed from the virtual environment.

#### Use Git to clone the Solidity Detectors POC repository

Navigate to the project directory. Then, clone **Solidity Detectors**.

```bash
git clone https://github.com/crytic/slither.git && cd slither
python3 -m pip install .
```
#### Install and Use a solc Version

To analyze your smart contracts, you will need to install and use the necessary solc version. First, make sure that solc is installed.

```bash
npm install solc
```

Then, identify the solc version used by your contract and install it using the following commands.

```bash
solc-select install your-version
solc-select use your-version
```
### Run Solidity Detectors POC

Once you've cloned the repository and installed the necessary dependencies to run Slither, you can start running the static analyzer on your smart contracts.

> ⚠️ **Important**

>**Solidity Detectors** is to be run from the root of the cloned solidity-detectors repository. Running the tool from another directory will result in errors or will use Slither without our Solidity Detectors if a global version of Slither is installed.

You can run the tool on repositories and .sol files alike. Consider the following example for running the tool on a file by using the `slither` command:

```bash
python3 -m slither path/to/your/directory/or/file.sol
```

To run files that use dependencies, add the `--solc-remaps` parameter:

```bash
python3 -m slither path/to/your/directory/or/file.sol --solc-remaps "@dependencies=path/to/your/dependencies/@dependencies"
```

## About

This project is a public-private initiative between the [Fundación Sadosky](https://fundacionsadosky.org.ar/), the [LAFHIS](https://lafhis.dc.uba.ar/home) laboratory of the Faculty of Exact and Natural Sciences at the University of Buenos Aires (UBA), and [CoinFabrik](https://www.coinfabrik.com/)). While the LAFHIS laboratory researches cutting-edge techniques for vulnerability detection, CoinFabrik brings its extensive experience in the blockchain industry and the development of static analyzers. The support of Fundación Sadosky is key to advancing this research and development initiative.

## License

This project is licensed and distributed under a AGPLv3 license. [Contact us](https://www.coinfabrik.com/) if you're looking for an exception to the terms.