A powerful Solidity static analyzer that takes a bird's eye view over your smart contracts.
Docs Get support Website Twitter
Aderyn is an open-source public good developer tool. It is a Rust-based solidity smart contract static analyzer designed to help protocol engineers and security researchers find vulnerabilities in Solidity code bases.
Thanks to its collection of static vulnerability detectors, running Cyfrin Aderyn on your Solidity codebase will highlight potential vulnerabilities, drastically reducing the potential for unknown issues in your Solidity code and giving you the time to focus on more complex problems.
Built using Rust, Aderyn integrates seamlessly into small and enterprise-level development workflows, offering lighting-fast command-line functionality and a framework to build custom detectors to adapt to your codebase.
You can read the Cyfrin official documentation for an in-depth look at Aderyn's functionalities.
There is also an officially supported VSCode extension for Aderyn. Download from the Visual Studio Marketplace and start identifying vulnerabilities in your Solidity code with ease.
- Off the shelf support for Foundry and Hardhat projects
- Configuration file (
adeyrn.toml) needed to support custom frameworks. - Modular detectors
- AST Traversal
- Markdown reports
NOTE Windows users must have WSL installed
Cyfrinup simplifies the installation and management of Cyfrin tools.
Follow the instructions to install here.
Run aderyn --version to check the installation.
brew install cyfrin/tap/aderynnpm install @cyfrin/aderyn -gIf you are installing with Homebrew or npm, ensure that the correct version of Aderyn in your path comes from either the Homebrew or npm global packages directory. If an older version exists at ~/.cyfrin/bin/aderyn, remove it using rm -f ~/.cyfrin/bin/aderyn, as this is no longer the default installation location.
Quick Start example with video guide.
cd path/to/solidity/project/root
aderyn
See examples using more CLI options here
Officially supported VSCode extension for Aderyn. Download from Visual Studio Marketplace
Help us build Aderyn π¦ Please see our contribution guidelines for PR approval process and in-depth developer environment setup. Aderyn is an open-source software licensed under the GPL-3.0 License.
To build Aderyn locally:
- Install Rust,
- Clone this repo and
cd aderyn/, make,- Use
cargocommands to build, test and run locally.
Suggested VSCode extensions: rust-analyzer - Rust language support for Visual Studio Code Rust Syntax - Improved Rust syntax highlighting
Aderyn makes it easy to build Static Analysis detectors that can adapt to any Solidity codebase and protocol. This guide will teach you how to build, test, and run your custom Aderyn detectors. To learn how to create your custom Aderyn detectors, checkout the official docs
This project exists thanks to all the people who contribute.
- AST Visitor code from solc-ast-rs.
- Foundry Compilers for backend AST generation foundry-compilers
- Original detectors based on 4naly3er detectors.
- Shoutout to the original king of static analysis slither.
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}
