byont-ventures / smart-contract-analysis-tools Goto Github PK

View Code? Open in Web Editor NEW

0.0 0.0 1.0 268 KB

Shell 46.01% Rust 53.99%

smart-contract-analysis-tools's People

Contributors

Watchers

Forkers

zizzkata

smart-contract-analysis-tools's Issues

Make the docker images smaller

Currently, (commit 738ce57) the docker image (build for arm64) is around 18GB. This is of course quite large.

There should be an attempt to make it smaller.

Add docs on conventional commits

Update docker to install kevm with kup

Sort the printed issues based on Impact

We should sort this descending, mean high impact issues should be printed on top.
Second sorting criteria (not as important but nice to have) could be confidence, ranging from high to low as well.

Define a workflow for using kevm from this repository as a submodule

Improve documentation

The documentation can be improved by:

Referring to usage examples.
More information about the tools that can be used.

Show a message when Docker is not running

When Docker is not running, the tool will output a message saying that it can't read certain files for example. For user-friendliness it should be made clear that Docker should be running before running any analysis.

Fix solc-install in script

Some runner scripts are using solc-select use without first installing the version to use.

Update readme w.r.t. remappings

Change hard-coded path into pathToSourceFileFromRoot

smart-contract-analysis-tools/mythril/run-mythril.sh

Line 45 in 96e04eb

/prj/src/smart-contracts/${contractName}.sol" 2>&1 | tee -a ${outputFile}

Format mythril JSON output

Build docker image for arm64

Things tried for kevm: ruthttps://github.com/Byont-Ventures/smart-contract-analysis-tools-example/issues/1

After the issue I created on the k repository they created kup. Maybe that can work.

Determine if it is possible to simulate other contract while scanning a contract.

Currently, all tools (except KEVM but that is something else) work on one contract. When it finds an external function it doesn't know what to do with it. Depending on the tool the function will revert, return a default value or does something else.

If we know the source we might could create an option where for certain stages in the scanning process we replace the external call with the known code. This should of course only be done for certain checks since otherwise, the tools may find problems in the replaced code and say it's from the original contract even though it isn't in reality.

Unable to get the example running

This example is for the openchrono repo

cd src/apps/contracts
git submodule add [email protected]:Byont-Ventures/smart-contract-analysis-tools.git security-scans
Based on example

yarn --cwd ./ run scan:generate-report \
     /Users/rick/Documents/projects/openchrono/apps/contracts/security-scans/ \
     ../  \
     /Users/rick/Documents/projects/openchrono/apps/contracts/analysis-config.toml

Result:

yarn run v1.22.19
warning package.json: No license field
warning ../package.json: No license field
$ cargo run --manifest-path ./report_generator/Cargo.toml --  /Users/rick/Documents/projects/openchrono/apps/contracts/security-scans ../ /Users/rick/Documents/projects/openchrono/apps/contracts/analysis-config.toml
warning: function `type_of` is never used
  --> /Users/rick/Documents/projects/openchrono/apps/contracts/security-scans/slither/slither_runner/src/lib.rs:12:4
   |
[..... Lots of warnings]

warning: `report_generator` (bin "report_generator") generated 12 warnings (run `cargo fix --bin "report_generator"` to apply 3 suggestions)
    Finished dev [unoptimized + debuginfo] target(s) in 0.09s
     Running `report_generator/target/debug/report_generator /Users/rick/Documents/projects/openchrono/apps/contracts/security-scans/ ../ /Users/rick/Documents/projects/openchrono/apps/contracts/analysis-config.toml`
thread 'main' panicked at /Users/rick/Documents/projects/openchrono/apps/contracts/security-scans/slither/slither_runner/src/lib.rs:39:62:
called `Result::unwrap()` on an `Err` value: Os { code: 2, kind: NotFound, message: "No such file or directory" }
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
error Command failed with exit code 101.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.

Copy call graph from mythril to the report folder configured in the config toml

Write (basic) tests for the Rust runners

Currently, the runners in Rust are all untested. This is of course not good. So tests should be made.

Add the examples in this repository instead for easier development.

Analyse Slither output and write this to the intermediate-data representation

This issue build on #30.

Remove the need to give the absolute path to the project in the toml file

List of interesting links

Vulnerabilities

https://swcregistry.io/

Mythril

Place mythril json output in json codeblock

Define data structure for scan result aggregation

See if Securify2 is worth adding

https://github.com/eth-sri/securify2

Reading the articles below gives the impression that Securify2 does some interesting analysis, but that there are quite some false positives because of this.

Update version of the tools in the docker image

Remove the sudo requirement for docker

Either we have to put in the readme that the installed docker should be able to run without sudo, or we should find an alternative way to run this repository.

Research how the different tools deal with external calls during analysis

Refactor the rust code to be better scalable

The report generators for the different tools are using sometimes the same code. We should create a library for this kind of code.
In general split the code per tool over more logical files.

Define different output forms for different target audiences

Some users might want to see the whole transaction flow of a problem while others only want to see if the contract is safe.

First, it needs to be defined what target readers there are and what they want. After that, we can create separate issues for creating the individual generator.

Create a config file to be filled by the user of this submodule

Make Mythril output JSON

https://github.com/ConsenSys/mythril/wiki/Security-Analysis#output-formats

https://mythril-classic.readthedocs.io/en/master/security-analysis.html?highlight=json#output-formats

Running slither causes compiler error

Issue

When attempting to run Slither with the ghcr.io/byont-ventures/analysis-toolbox:latest image, the following error occurs:

Warning: This is a pre-release compiler version, please do not use it in production.
Error: Source file requires different compiler version (current compiler is 0.8.17-develop.2022.12.9+commit.8df45f5f.Linux.g++) - note that nightly builds are considered to be strictly less than the released version
It appears that there is a mismatch between the version of the Solidity compiler that is being used and the version that is required by the source file.

An example implementation can be found at https://github.com/Byont-Ventures/metaseum/pull/13.

Steps to reproduce

Pull the ghcr.io/byont-ventures/analysis-toolbox:latest image
Attempt to run Slither with the src/AquariumDeParis.sol file

Expected behavior

Slither should run successfully and produce the expected output.

Actual behavior

Slither produces the above error message and the following stack trace:

=================================================================
Pulling latest ghcr.io/byont-ventures/analysis-toolbox:latest
=================================================================


=================================================================
Run Slither
=================================================================

WARNING: The requested image's platform (linux/arm64) does not match the detected host platform (linux/amd64) and no specific platform was requested
Compilation warnings/errors on src/AquariumDeParis.sol:
Warning: This is a pre-release compiler version, please do not use it in production.

Error: Source file requires different compiler version (current compiler is 0.8.17-develop.2022.12.9+commit.8df45f5f.Linux.g++) - note that nightly builds are considered to be strictly less than the released version
 --> src/AquariumDeParis.sol:2:1:
  |
2 | pragma solidity ^0.8.17;
  | ^^^^^^^^^^^^^^^^^^^^^^^^


Traceback (most recent call last):
  File "/usr/local/lib/python3.8/dist-packages/crytic_compile/platform/solc.py", line 544, in _run_solc
    ret: Dict = json.loads(stdout)
  File "/usr/lib/python3.8/json/__init__.py", line 357, in loads
    return _default_decoder.decode(s)
  File "/usr/lib/python3.8/json/decoder.py", line 337, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
  File "/usr/lib/python3.8/json/decoder.py", line 355, in raw_decode
    raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.8/dist-packages/slither/__main__.py", line 826, in main_impl
    ) = process_all(filename, args, detector_classes, printer_classes)
  File "/usr/local/lib/python3.8/dist-packages/slither/__main__.py", line 86, in process_all
    compilations = compile_all(target, **vars(args))
  File "/usr/local/lib/python3.8/dist-packages/crytic_compile/crytic_compile.py", line 637, in compile_all
    compilations.append(CryticCompile(target, **kwargs))
  File "/usr/local/lib/python3.8/dist-packages/crytic_compile/crytic_compile.py", line 117, in __init__
    self._compile(**kwargs)
  File "/usr/local/lib/python3.8/dist-packages/crytic_compile/crytic_compile.py", line 548, in _compile
    self._platform.compile(self, **kwargs)
  File "/usr/local/lib/python3.8/dist-packages/crytic_compile/platform/solc.py", line 154, in compile
    targets_json = _get_targets_json(compilation_unit, self._target, **kwargs)
  File "/usr/local/lib/python3.8/dist-packages/crytic_compile/platform/solc.py", line 276, in _get_targets_json
    return _run_solc(
  File "/usr/local/lib/python3.8/dist-packages/crytic_compile/platform/solc.py", line 548, in _run_solc
    raise InvalidCompilation(f"Invalid solc compilation {stderr}")
crytic_compile.platform.exceptions.InvalidCompilation: Invalid solc compilation Warning: This is a pre-release compiler version, please do not use it in production.

Error: Source file requires different compiler version (current compiler is 0.8.17-develop.2022.12.9+commit.8df45f5f.Linux.g++) - note that nightly builds are considered to be strictly less than the released version
 --> src/AquariumDeParis.sol:2:1:
  |
2 | pragma solidity ^0.8.17;
  | ^^^^^^^^^^^^^^^^^^^^^^^^


Error in src/AquariumDeParis.sol
Traceback (most recent call last):
  File "/usr/local/lib/python3.8/dist-packages/crytic_compile/platform/solc.py", line 544, in _run_solc
    ret: Dict = json.loads(stdout)
  File "/usr/lib/python3.8/json/__init__.py", line 357, in loads
    return _default_decoder.decode(s)
  File "/usr/lib/python3.8/json/decoder.py", line 337, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
  File "/usr/lib/python3.8/json/decoder.py", line 355, in raw_decode
    raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.8/dist-packages/slither/__main__.py", line 826, in main_impl
    ) = process_all(filename, args, detector_classes, printer_classes)
  File "/usr/local/lib/python3.8/dist-packages/slither/__main__.py", line 86, in process_all
    compilations = compile_all(target, **vars(args))
  File "/usr/local/lib/python3.8/dist-packages/crytic_compile/crytic_compile.py", line 637, in compile_all
    compilations.append(CryticCompile(target, **kwargs))
  File "/usr/local/lib/python3.8/dist-packages/crytic_compile/crytic_compile.py", line 117, in __init__
    self._compile(**kwargs)
  File "/usr/local/lib/python3.8/dist-packages/crytic_compile/crytic_compile.py", line 548, in _compile
    self._platform.compile(self, **kwargs)
  File "/usr/local/lib/python3.8/dist-packages/crytic_compile/platform/solc.py", line 154, in compile
    targets_json = _get_targets_json(compilation_unit, self._target, **kwargs)
  File "/usr/local/lib/python3.8/dist-packages/crytic_compile/platform/solc.py", line 276, in _get_targets_json
    return _run_solc(
  File "/usr/local/lib/python3.8/dist-packages/crytic_compile/platform/solc.py", line 548, in _run_solc
    raise InvalidCompilation(f"Invalid solc compilation {stderr}")
crytic_compile.platform.exceptions.InvalidCompilation: Invalid solc compilation Warning: This is a pre-release compiler version, please do not use it in production.

Error: Source file requires different compiler version (current compiler is 0.8.17-develop.2022.12.9+commit.8df45f5f.Linux.g++) - note that nightly builds are considered to be strictly less than the released version
 --> src/AquariumDeParis.sol:2:1:
  |
2 | pragma solidity ^0.8.17;
  | ^^^^^^^^^^^^^^^^^^^^^^^^

Analyse Mythril output and write this to the intermediate-data representation

Fix order of parameters

smart-contract-analysis-tools/slither/slither_runner/src/lib.rs

Line 62 in 757741a

 project_root_path_abs, security_scan_path_rel, contract_source_path_rel, solc_version, contract_name 