Circomspect is a static analyzer and linter for the Circom programming language. The codebase borrows heavily from the Rust Circom compiler built by iden3.
Circomspect currently implements a number of analysis passes which can identify potential issues in Circom circuits. It is our goal to continue to add new analysis passes to be able to detect more issues in the future.
Circomspect is available on crates.io and can be installed by invoking
cargo install circomspectTo build Circomspect from source, simply clone the repository and build the
project by running cargo build in the project root. To install from source, use
cargo install --path cliTo run Circomspect on a file or directory, simply run
circomspect path/to/circuitBy default, Circomspect outputs warnings and errors to stdout. To see informational results as well you can set the output level using the --level option. To ignore certain types of results, you can use the --allow option together with the corresponding result ID. (The result ID can be obtained by passing the --verbose flag to Circomspect.)
To output the results to a Sarif file (which can be read by the VSCode Sarif Viewer), use the option --sarif-file.
Circomspect supports the same curves that Circom does: BN254, BLS12-381, and Goldilocks. If you are using a different curve than the default (BN254) you can set the curve using the command line option --curve.
Circomspect implements analysis passes for a number of different types of issues. A complete list, together with a high-level description of each issue, can be found here.