Skip to content
/ solhunt Public

Hunt for common bad practices in Solidity smart contracts !

License

GPL-3.0 license
122 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

iFrostizz/solhunt

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

135 Commits
benches
benches
 
 
gas-metering
gas-metering
 
 
images
images
 
 
src
src
 
 
test-data
test-data
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
Cargo.toml
Cargo.toml
 
 
LICENCE
LICENCE
 
 
README.md
README.md
 
 

Repository files navigation

Solhunt

Solhunt

Intro

Solhunt is a Solidity static analyzer. It aims to be a tool used to find the most common vulnerabilities before starting a manual audit.

It has been built with modularity in mind. You can build new detection modules and build the binary again. Also, please open a PR with your custom detection modules !

Every detection module is made for one kind of vulnerability and raise its own custom type of findings. They are individually tested on small contracts (similar to unit tests) and on bigger ones, which have eventually caused a huge loss in the past (integration tests).

Tests aims to reduce the amount of false positives. It's easy to write detection modules, even if you are not particularly familiar with Rust. But here is a quick guide.

Usage

Basic command

Usage: solhunt <COMMAND>

Commands:
  analyze  Run a static analysis
  gas      Launch gas meterings
  help     Print this message or the help of the given subcommand(s)

Options:
  -h, --help     Print help
  -V, --version  Print version

Analyze subcommand

Usage: solhunt analyze [OPTIONS] [PATH] [NAME]

Arguments:
  [PATH]  root of the project [default: .]
  [NAME]

Options:
  -m, --modules <MODULES>
          Include only these modules
  -e, --except-modules <EXCEPT_MODULES>
          Exclude these modules
  -v, --verbosity <VERBOSITY>
          Verbosity of the findings
  -s, --style <STYLE>
          Style of the report [possible values: list, cmd, md, html]
  -o, --optimizer-runs <OPTIMIZER_RUNS>
          specifiy the optimizer runs
  -g, --glob <GLOB>
          glob path for artifacts to analyze [default: {src,contracts}/**/*.sol]
      --github <GITHUB>
          base location of github path [aliases: gh]
  -h, --help
          Print help
  -V, --version
          Print version

Gas metering subcommand

Usage: solhunt gas [OPTIONS]

Options:
  -e, --except-modules <EXCEPT_MODULES>  Exclude these modules
  -p, --path <PATH>                      Location of files to meter
  -r, --reset                            reset the metering database
  -h, --help                             Print help
  -V, --version                          Print version

Building

Install the binary

From git

cargo install --git https://github.com/iFrostizz/Solhunt

From path

cd into the project root folder and

cargo install --path .

Disclaimer

Remember that this is highly experimental software and that none of the proposed fixes are to be assumed correct. Any changes that you make to your smart contract may introduce bugs, but if such a behaviour is noticed, please open an issue with a repro describing it.

About

Hunt for common bad practices in Solidity smart contracts !

Resources

Readme

License

GPL-3.0 license
Activity

Stars

122 stars

Watchers

3 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages