86 lines (76 sloc) 7.4 KB
layout title date author description
Validation Rules for Solhint
2017-10-23 14:16:00 +0300
List of validation rules for Solhint - Solidity security, style guide, best practise validator.


Default list of options are false, "error", "warn". It supports by all rules. It provides in format

   "rules": {
       "RULE_NAME": "<option>"

Security Rules

Rule ID Error Options
reentrancy Possible reentrancy vulnerabilities. Avoid state changes after transfer. default
avoid-sha3 Use "keccak256" instead of deprecated "sha3" default
avoid-suicide Use "selfdestruct" instead of deprecated "suicide" default
avoid-throw "throw" is deprecated, avoid to use it default
func-visibility Explicitly mark visibility in function default
state-visibility Explicitly mark visibility of state default
check-send-result Check result of "send" call default
avoid-call-value Avoid to use ".call.value()()" default
compiler-fixed Compiler version must be fixed default
compiler-gt-0_4 Use at least '0.4' compiler version default
no-complex-fallback Fallback function must be simple default
mark-callable-contracts Explicitly mark all external contracts as trusted or untrusted default
multiple-sends Avoid multiple calls of "send" method in single transaction default
no-simple-event-func-name Event and function names must be different default
avoid-tx-origin Avoid to use tx.origin default
no-inline-assembly Avoid to use inline assembly. It is acceptable only in rare cases default
not-rely-on-block-hash Do not rely on "block.blockhash". Miners can influence its value. default
avoid-low-level-calls Avoid to use low level calls. default

* - All security rules implemented according ConsenSys Guide for Smart Contracts

Style Guide Rules

Rule ID Error Options
func-name-mixedcase Function name must be in camelCase default
func-param-name-mixedcase Function param name must be in mixedCase default
var-name-mixedcase Variable name must be in mixedCase default
event-name-camelcase Event name must be in CamelCase default
const-name-snakecase Constant name must be in capitalized SNAKE_CASE default
modifier-name-mixedcase Modifier name must be in mixedCase default
contract-name-camelcase Contract name must be in CamelCase default
use-forbidden-name Avoid to use letters 'I', 'l', 'O' as identifiers default
visibility-modifier-order Visibility modifier must be first in list of modifiers default
imports-on-top Import statements must be on top default
two-lines-top-level-separator Definition must be surrounded with two blank line indent default
func-order Function order is incorrect default
quotes Use double quotes for string literals. Values must be 'single' or 'double'. [<default>, <quotes>] Default quotes is 'double'.
no-mix-tabs-and-spaces Mixed tabs and spaces default
indent Indentation is incorrect [<default><indent>] Default indent is 4.
bracket-align Open bracket must be on same line. It must be indented by other constructions by space default
array-declaration-spaces Array declaration must not contains spaces default
separate-by-one-line-in-contract Definitions inside contract / library must be separated by one line default
expression-indent Expression indentation is incorrect. default
statement-indent Statement indentation is incorrect. default
space-after-comma Comma must be separated from next element by space default
no-spaces-before-semicolon Semicolon must not have spaces before default

* - All style guide rules implemented according Solidity Style Guide

Best Practise Rules

Rule ID Error Options
max-line-length Line length must be no more than maxlen. [<default><maxlen>] Default maxlen is 120.
payable-fallback When fallback is not payable you will not be able to receive ethers default
no-empty-blocks Code contains empty block default
no-unused-vars Variable "name" is unused default
function-max-lines Function body contains "count" lines but allowed no more than maxlines. [<default><maxlines>] Default maxlines is 45.
code-complexity Function has cyclomatic complexity "current" but allowed no more than maxcompl. [<default><maxcompl>] Default maxcompl is 7.
max-states-count Contract has "some count" states declarations but allowed no more than maxstates [<default><maxstates>] Default maxstates is 15.