Skip to content

khulnasoft-lab/solscan

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

36 Commits

.github

.github

 
 

examples

examples

 
 

plugin_example

plugin_example

 
 

scripts

scripts

 
 

solscan

solscan

 
 

tests

tests

 
 

.dockerignore

.dockerignore

 
 

.gitattributes

.gitattributes

 
 

.gitignore

.gitignore

 
 

Dockerfile

Dockerfile

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

pyproject.toml

pyproject.toml

 
 

setup.py

setup.py

 
 

Repository files navigation

Features

  • Detects vulnerable Solidity code with low false positives (see the list of trophies)
  • Identifies where the error condition occurs in the source code
  • Easily integrates into continuous integration and Hardhat/Foundry builds
  • Built-in 'printers' quickly report crucial contract information
  • Detector API to write custom analyses in Python
  • Ability to analyze contracts written with Solidity >= 0.4
  • Intermediate representation (SlithIR) enables simple, high-precision analyses
  • Correctly parses 99.9% of all public Solidity code
  • Average execution time of less than 1 second per contract
  • Integrates with Github's code scanning in CI

Usage

Run Solscan on a Hardhat/Foundry/Dapp/Brownie application:

solscan .

This is the preferred option if your project has dependencies as Solscan relies on the underlying compilation framework to compile source code.

However, you can run Solscan on a single file that does not import dependencies:

solscan tests/uninitialized.sol

How to install

Note
Solscan requires Python 3.8+. If you're not going to use one of the supported compilation frameworks, you need solc, the Solidity compiler; we recommend using solc-select to conveniently switch between solc versions.

Using Pip

pip3 install solscan-analyzer

Using Git

git clone https://github.com/khulnasoft-lab/solscan.git && cd solscan
python3 setup.py install

We recommend using a Python virtual environment, as detailed in the Developer Installation Instructions, if you prefer to install Solscan via git.

Using Docker

Use the eth-security-toolbox docker image. It includes all of our security tools and every major version of Solidity in a single image. /home/share will be mounted to /share in the container.

docker pull khulnasoft-lab/eth-security-toolbox

To share a directory in the container:

docker run -it -v /home/share:/share khulnasoft-lab/eth-security-toolbox

Integration

  • For GitHub action integration, use solscan-action.
  • To generate a Markdown report, use solscan [target] --checklist.
  • To generate a Markdown with GitHub source code highlighting, use solscan [target] --checklist --markdown-root https://github.com/ORG/REPO/blob/COMMIT/ (replace ORG, REPO, COMMIT)

About

No description, website, or topics provided.

Resources

Readme

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 5

Languages