Skip to content
Visualize Solidity control flow for smart contract security analysis. 💵💵
JavaScript
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
src Add message for where to report parser issues. Jan 30, 2019
test
.babelrc v0.3.2 Aug 19, 2018
.editorconfig start Jul 4, 2016
.gitignore Add babel postinstall step. Jul 5, 2016
.npmignore Add blank .npmignore to prevent dist from being ignored. Jul 6, 2016
.travis.yml Update node engine and travis node versions. Jun 28, 2018
LICENSE start Jul 4, 2016
README.md README: Remove --save Jul 21, 2018
example.png Add example.png. Jul 5, 2016
log.txt v0.3.2 Aug 19, 2018
package-lock.json Add message for where to report parser issues. Jan 30, 2019
package.json 0.3.3 Aug 20, 2018
solgraph-0.3.2.tgz v0.3.2 Aug 19, 2018
solgraph.js Catch and print parsing errors. Refactor bin. Jul 12, 2016

README.md

solgraph

npm version Build Status

Generates a DOT graph that visualizes function control flow of a Solidity contract and highlights potential security vulnerabilities.

Screenshot

Legend:

  • Red: Send to external address
  • Blue: Constant function
  • Yellow: View
  • Green: Pure
  • Orange: Call
  • Purple: Transfer
  • Lilac: Payable

Generated from contract:

contract MyContract {
  uint balance;

  function MyContract() {
    Mint(1000000);
  }

  function Mint(uint amount) internal {
    balance = amount;
  }

  function Withdraw() {
    msg.sender.send(balance);
  }

  function GetBalance() constant returns(uint) {
    return balance;
  }
}

Install

npm install -g solgraph

Depending on your permissions, you may need to add the unsafe-perm flag:

sudo npm install -g solgraph --unsafe-perm=true --allow-root

Usage

solgraph MyContract.sol > MyContract.dot
strict digraph {
  MyContract
  Mint [color=gray]
  Withdraw [color=red]
  UNTRUSTED
  GetBalance [color=blue]
  MyContract -> Mint
  Withdraw -> UNTRUSTED
}

You have to have graphviz installed (brew install graphviz) to render the DOT file as an image:

dot -Tpng MyContract.dot -o MyContract.png

A nice example of piping contract source that is in your clipboard through solgraph, dot, and preview: (Use whatever image previewer is available on your system; Preview.app is available on Mac)

pbpaste | solgraph | dot -Tpng | open -f -a /Applications/Preview.app

Node Module

import { readFileSync } from 'fs'
import solgraph from 'solgraph'

const dot = solgraph(fs.readFileSync('./Simple.sol'))
console.log(dot)
/*
Foo
Bar
Foo -> Bar
*/

License

ISC © Raine Revere

You can’t perform that action at this time.