Skip to content

SmartCheck – a static analysis tool that detects vulnerabilities and bugs in Solidity programs (Ethereum-based smart contracts).

License

Notifications You must be signed in to change notification settings

smartdec/smartcheck

Repository files navigation

SmartCheck

SmartCheck is an extensible static analysis tool for discovering vulnerabilities and other code issues in Ethereum smart contracts written in the Solidity programming language.

SmartCheck is described in the academic paper titled "SmartCheck: Static Analysis of Ethereum Smart Contracts" as released on May 27, 2018.

⚠️ Warning

The project is deprecated since 2020. The analysis might work incorrectly for Solidity versions starting with 0.6.0.

Web version of SmartCheck that was available online earlier is shut down.

Using NPM package

Install SmartCheck globally

To install SmartCheck globally to your system run (administrative rights required)

npm install @smartdec/smartcheck -g

(Optional) Add SmartCheck as development dependency

To add and install SmartCheck as development dependency to your npm project run:

npm install --save-dev @smartdec/smartcheck

Start the analysis

To start analysis simply run:

smartcheck -p .

Required argument: -p <path to directory or file>. Optional argument: -r <path to .xml-file with rules>; by default it uses the built-in rules files.

Using source code of SmartCheck

⚠️ Warning

SmartCheck works only with older java8 versions, e.g. 8u102. You can download version for Windows from the archive.

Building the project

The project uses Maven. To build it, execute in the project directory:

$ mvn clean package

Start the analysis

$ java -jar target/smartcheck-2.0-SNAPSHOT-jar-with-dependencies.jar -p <path to directory or file>

Optional argument: -r <path to .xml-file with rules>; by default it uses the built-in rules files.

Analysis can also be started from an IDE by running the ru.smartdec.smartcheck.app.cli.Tool.main() method.

Advanced

View the parse tree in a graphical form

$ mvn exec:java@tree -Dexec.args="-p <path to the file>"

It can also be done from an IDE by running the ru.smartdec.smartcheck.app.cli.TreeView.main() method.

View the parse tree as XML

$ mvn exec:java@xml -Dexec.args="-t <path to save xml-tree> -s <path to the file>"

It can also be done from an IDE by running the ru.smartdec.smartcheck.app.cli.XmlView.main() method.

About

SmartCheck – a static analysis tool that detects vulnerabilities and bugs in Solidity programs (Ethereum-based smart contracts).

Resources

License

Stars

Watchers

Forks

Packages

No packages published