Skip to content

metameshllc/solscape

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

108 Commits
docs
docs
 
 
old_scripts
old_scripts
 
 
.gitignore
.gitignore
 
 
AuditReport.md
AuditReport.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
solscape
solscape
 
 
ss1.png
ss1.png
 
 

Repository files navigation

Solscape

Navigate the Solidity landscape. Use an automated battery of tools to get a bird's eye view of any contract system in less than two minutes.

Why use it?

  • Automatically excludes trusted public libraries and audits.
  • Saves repetitive entering of commands for scoping and tool analysis.

Scoping

Scoping is an essential part of audit pre-assessment which has to do with understanding the dimensions of the files to be audited, and what kinds of work/how much work will an audit entail

Scoping Dependencies

  • globstar is enabled by default at the beginning of the script with shopt -s globstar. This allows scoping any directory's .sol files using a single wildcard lookup. scoping functions in Audit Tools can't run properly without it.
  • surya Surya is a smart contract analysis tool. It provides many tools for breaking apart smart contracts and understanding them, including inheritance graphs, call graphs, and function breakdowns. Install globally with node package manager: npm install -g surya. This allows Audit Tools to call it from the command line.
  • graphviz Graphviz is required by Surya for its data visualization functions. Click here for a list of downloads by operating system. Or on apt, apt install graphviz.

Scoping Functionality

The operation of this script is dependent on the existence of .sol files inhabiting subdirectories of the main directory, or the main directory itself. It will not work unless all of the .sol files you need scoped are in the main directory and/or its subdirectories and all the files to be scoped are written in Solidity. This tool does not scope any files other than Solidity files.

Tool Analysis

Mythril

For each Solidity file, performs a Mythril analysis.

Mythril Dependencies

Mythril requires Python 3 to run. Mythril's dependencies will be automatically installed when installing Mythril with python3-pip.

Solhint

For each Solidity file, performs a Solhint analysis.

Future Versions

Should:

  • Apply some more cool automatic searching/sorting of .sol files to the generic output. (pattern recognition and extrapolating from large data samples, to name a few)

Viewing the Report

It is recommended to use grip to view the report, which is generated in Markdown. To install grip, type

pip install grip

then

$ grip /path/to/report/Audit_Tools_Report.md

About

Navigate the Solidity landscape.

Resources

Readme

License

View license
Activity
Custom properties

Stars

1 star

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages