Skip to content
/ solidity-analyzer-1 Public

A dev repository for analyzing and finding bugs smart contracts

License

MIT license
1 star 22 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

cryptohft/solidity-analyzer-1

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
toys
toys
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
index.js
index.js
 
 
package.json
package.json
 
 

Repository files navigation

solidity-analyzer

A dev repository for analyzing and finding bugs smart contracts.

Introduction

Given a smart contract, the analyzer finds any public method that directly or indirectly exposes a non-public state variable modification. The prototype uses multiple visitors to extract variables, call-graphs, statements from a given contract.

Install

Simply install using the package manager

$ npm install solidity-analyzer

Demo

Pass the solidity file and the script finds whether there is a path from public method to a sensitive state variable (assuming private). For example, in the following solidity code:

contract MyContract {
  uint owner;
  function init(uint i_owner) private {
    owner = i_owner;
  }
  
  function resetOwner() {
  	owner = 0;
  }
}

the analyzer returns the following report:

Unsafe modification of 'owner' inside 'resetOwner'.

Or the analyzer finds the public methods that could indirectly alter any sensitive variable.

contract MyContract {
  uint owner;
  function init(uint i_owner) private {
    owner = i_owner;
  }
  
  function resetOwner() {
  	init(0);
  }
}

The Warning is:

Unsafe modification of 'owner' indirectly from 'resetOwner'.

About

A dev repository for analyzing and finding bugs smart contracts

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

22 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages