Skip to content
SmartCheck – a static analysis tool that detects vulnerabilities and bugs in Solidity programs (Ethereum-based smart contracts).
Branch: master
Clone or download
Latest commit a341726 May 6, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
rule_descriptions
src
tests_not_used_now Grammar Oct 12, 2017
.gitattributes fix github linguist Jan 14, 2019
.gitignore gitignore back Feb 5, 2018
LICENSE Initial commit May 19, 2017
README.md update Apr 29, 2019
package.json update Apr 29, 2019
pom.xml Merge branch 'master' into stylish_formater Feb 1, 2019

README.md

SmartCheck

SmartCheck is an extensible static analysis tool for discovering vulnerabilities and other code issues in Ethereum smart contracts written in the Solidity programming language.

SmartCheck is described in the academic paper titled "SmartCheck: Static Analysis of Ethereum Smart Contracts" as released on May 27, 2018.

An online version of SmartCheck is available on our website.

Using NPM package

Install SmartCheck globally

To install SmartCheck globally to your system run (administrative rights required)

npm install @smartdec/smartcheck -g

(Optional) Add SmartCheck as development dependency

To add and install SmartCheck as development dependency to your npm project run:

npm install --save-dev @smartdec/smartcheck

Start the analysis

To start analysis simply run:

smartcheck -p .

Required argument: -p <path to directory or file>. Optional argument: -r <path to .xml-file with rules>; by default it uses the built-in rules files.

Using source code of SmartCheck

Building the project

The project uses Maven. To build it, execute in the project directory:

$ mvn clean package

Start the analysis

$ java -jar target/smartcheck-2.0-SNAPSHOT-jar-with-dependencies.jar -p <path to directory or file>

Optional argument: -r <path to .xml-file with rules>; by default it uses the built-in rules files.

Analysis can also be started from an IDE by running the ru.smartdec.smartcheck.app.cli.Tool.main() method.

Advanced

View the parse tree in a graphical form

$ mvn exec:java@tree -Dexec.args="-p <path to the file>"

It can also be done from an IDE by running the ru.smartdec.smartcheck.app.cli.TreeView.main() method.

View the parse tree as XML

$ mvn exec:java@xml -Dexec.args="-t <path to save xml-tree> -s <path to the file>"

It can also be done from an IDE by running the ru.smartdec.smartcheck.app.cli.XmlView.main() method.

You can’t perform that action at this time.