Skip to content

FuzzingLabs/sierra-analyzer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

119 Commits
.github/workflows
.github/workflows
 
 
doc
doc
 
 
examples
examples
 
 
lib
lib
 
 
sierra-decompiler
sierra-decompiler
 
 
.gitignore
.gitignore
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Sierra Analyzer

Sierra-Analyzer is a security toolkit for analyzing Sierra files.

  1. Project structure
  2. Decompile a Sierra file
  3. Analyze a remote contract
  4. Print the contract's Control-Flow Graph
  5. Print the contract's Callgraph
  6. Run the detectors
  7. Use it as a library
  8. Improve the decompiler output using LLMs

Project structure

.
├── doc               		 # Documentation files
├── examples                     # Sierra & Contrat class samples files
├── lib               	         # sierra-analyzer library
├── sierra-decompiler            # Sierra decompiler tool (based on sierra-analyzer library)
└── README.md

Decompile a Sierra file

cargo run -- -f <sierra file>

Decompiler output

For a colourless output :

cargo run -- -f <sierra file> --no-color

It it also possible to get a verbose output with more informations :

cargo run -- -f <sierra file> --verbose

Analyze a remote contract

Contracts can be fetched directly from Starknet (Mainnet & Sepolia) by specifying the contract class to analyze :

# Fetch & decompile a contract from starknet mainnet 
cargo run -- --remote 0x07c43d18d37d66d7855dab8f21ebf9d554dd213c6307aacecaf2d595a53b3bbb

# Fetch & decompile a contract from Sepolia network
cargo run -- --network sepolia --remote 0x068377a89d64c0b16dc97c66933777bf4e9b050652c4fde2c59c8c4d755a163b

Print the contract's Control-Flow Graph

cargo run -- -f ./examples/sierra/fib_array.sierra --cfg  

# Output the Control-Flow Graph to a custom folder (default is ./output_cfg)
cargo run -- -f ./examples/sierra/fib_array.sierra --cfg --cfg-output ./test

Print the contract's Callgraph

cargo run -- -f ./examples/sierra/fib_array.sierra --callgraph

# Output the Callgraph to a custom folder (default is ./output_callgraph)
cargo run -- -f ./examples/sierra/fib_array.sierra --callgraph --callgraph-output ./test 

# Get the Callgraph of a specific function
cargo run -- -f ./examples/sierra/fib_unary.sierra --callgraph --function 'examples::fib_unary::fib'

Run the detectors

cargo run -- -f ./examples/sierra/fib_array.sierra  -d

Use it as a library

It is also possible to use the sierra-analyzer-lib library to decompile serialised or unserialised Sierra files.

Examples can be found here.

Improve the decompiler output using LLMs

Here is a tutorial on how to improve the decompiler output using LLMs.

Features

  • Decompiler
  • Control-Flow Graph
  • Call Graph
  • Informational & Security detectors
  • Fetching contracts from Starknet
  • Symbolic execution

About

Sierra decompiler and analyzer

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

5 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages