A dev repository for analyzing and finding bugs smart contracts.
Given a smart contract, the analyzer finds any public method that directly or indirectly exposes a non-public state variable modification. The prototype uses multiple visitors to extract variables, call-graphs, statements from a given contract.
Simply install using the package manager
$ npm install solidity-analyzer
Pass the solidity file and the script finds whether there is a path from public method to a sensitive state variable (assuming private). For example, in the following solidity code:
contract MyContract {
uint owner;
function init(uint i_owner) private {
owner = i_owner;
}
function resetOwner() {
owner = 0;
}
}
the analyzer returns the following report:
Unsafe modification of 'owner' inside 'resetOwner'.
Or the analyzer finds the public methods that could indirectly alter any sensitive variable.
contract MyContract {
uint owner;
function init(uint i_owner) private {
owner = i_owner;
}
function resetOwner() {
init(0);
}
}
The Warning is:
Unsafe modification of 'owner' indirectly from 'resetOwner'.