picodes / 4naly3er Goto Github PK
View Code? Open in Web Editor NEWStatic smart contract code 4naly3er
Home Page: https://github.com/Picodes/4naly3er
License: GNU General Public License v3.0
Static smart contract code 4naly3er
Home Page: https://github.com/Picodes/4naly3er
License: GNU General Public License v3.0
Hello I just published https://github.com/ConsenSysDiligence/napalm the other week.
I think it'd be cool to integrate 4naly3er in napalm, however I believe some small things are missing that are needed to make this possible.
I understand that both of these features might not be high priority, buut if you do decide to add them I'd be a happy dev and add 4naly3er support to napalm immediately!
Sometimes you add using SafeERC20 for IERC20;
but then forget to use safeTransferFrom
, or whatever.
It would be nice to have a detector for unused libraries.
So, this rule sometimes (always for me ๐
) ends in an infinite loop. I usually delete it to run the tool.
I'm pretty sure AST would be much better.
Or, even a simple regex on delegatecall (yes, giga high chance of false positive, but may hit) would be better.
Wdyt?
https://github.com/Picodes/4naly3er/blob/main/src/issues/H/delegateCallInLoop.ts
command
yarn analyze 2023-02-ethos scope.txt
scope.txt
Ethos-Core/contracts/CollateralConfig.sol
Ethos-Core/contracts/BorrowerOperations.sol
Ethos-Core/contracts/TroveManager.sol
Ethos-Core/contracts/ActivePool.sol
Ethos-Core/contracts/StabilityPool.sol
Ethos-Core/contracts/LQTY/CommunityIssuance.sol
Ethos-Core/contracts/LQTY/LQTYStaking.sol
Ethos-Core/contracts/LUSDToken.sol
Ethos-Vault/contracts/ReaperVaultV2.sol
Ethos-Vault/contracts/ReaperVaultERC4626.sol
Ethos-Vault/contracts/abstract/ReaperBaseStrategyV4.sol
Ethos-Vault/contracts/ReaperStrategyGranarySupplyOnly.sol
/mnt/e/web3/tools/4naly3er/node_modules/solc-0.8.17/soljson.js:925
getWasmTableEntry(index)(a1, a2, a3, a4);
^
TypeError: Cannot read properties of undefined (reading 'contents')
at /mnt/e/web3/tools/4naly3er/node_modules/solc-0.8.17/wrapper.js:106:31
at wasm://wasm/04f5a63e:wasm-function[34043]:0xe75c3a
at invoke_viiii (/mnt/e/web3/tools/4naly3er/node_modules/solc-0.8.17/soljson.js:925:29)
at wasm://wasm/04f5a63e:wasm-function[25253]:0x9bbaec
at invoke_viii (/mnt/e/web3/tools/4naly3er/node_modules/solc-0.8.17/soljson.js:853:29)
at wasm://wasm/04f5a63e:wasm-function[11985]:0x38c779
at wasm://wasm/04f5a63e:wasm-function[25244]:0x9ba3b3
at invoke_iii (/mnt/e/web3/tools/4naly3er/node_modules/solc-0.8.17/soljson.js:907:36)
at wasm://wasm/04f5a63e:wasm-function[24956]:0x9679e5
at invoke_viii (/mnt/e/web3/tools/4naly3er/node_modules/solc-0.8.17/soljson.js:853:29)
error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.
The tool cannot read files with 0
in the file name. Such as contracts/lending/tokens/cErc20ModifiedDelegator.sol
, contracts/lending/tokens/cToken/CErc20.sol
In the src/index.ts#L32
for (const word of [...content.matchAll(/[a-zA-Z\/\.\-\_1-9]+/g)].map(r => r[0])) {
Suggestion:
for (const word of [...content.matchAll(/[a-zA-Z\/\.\-\_0-9]+/g)].map(r => r[0])) {
I'm getting remapping related errors such as:
solmate/src/tokens/ERC721.sol
import not found.
when the file is question is at
lib/solmate/src/tokens/ERC721.sol
.
Does this application support remappings?
If not, do you suggest something?
The calldataViewFunctions
flags all memory
parameters as gas inefficient if they aren't modified. This isn't always the case, memory
arguments are often cheaper than calldata
. This is because calldata
is not trusted by Solidity and each access does many sanity checks while memory
arguments are sanity checked only once, when loading. I've seen a gas usage drop after switching from calldata
to memory
in the contracts I've been working on and it even has an issue in Solidity repo, which doesn't seem to be ever solved due to calldata
arguments needing the sanity checks: ethereum/solidity#12103.
For example:
contract ImmutableCached {
uint256 public immutable one = 1;
function two() public returns (uint256 result) {
result = one + one;
}
}
yields:
### <a name="GAS-1"></a>[GAS-1] State variables should be cached in stack variables rather than re-reading them from storage
The instances below point to the second+ access of a state variable within a function. Caching of a state variable replaces each Gwarmaccess (100 gas) with a much cheaper stack read. Other less obvious fixes/optimizations include having local memory caches of state variable structs, or having local caches of state variable contracts/addresses.
*Saves 100 gas per instance*
*Instances (1)*:
``solidity
File: lol.sol
7: result = one + one;
``
This is a weird issue, because depending on how code is expressed it may not trigger, e.g. changing
result = one + one;
into
return one + one;
fixes the warning.
When I run 4naly3er
in 2023-01-astaria and 2023-01-ondo. I got the following errors.
2023-01-astaria
getWasmTableEntry(index)(a1, a2, a3, a4);
^
TypeError: Cannot read property 'contents' of undefined
at /4naly3er/node_modules/solc-0.8.17/wrapper.js:106:31
at <anonymous>:wasm-function[34043]:0xe75c3a
at invoke_viiii (/4naly3er/node_modules/solc-0.8.17/soljson.js:925:29)
at <anonymous>:wasm-function[25253]:0x9bbaec
at invoke_viii (/4naly3er/node_modules/solc-0.8.17/soljson.js:853:29)
at <anonymous>:wasm-function[11985]:0x38c779
at <anonymous>:wasm-function[25244]:0x9ba3b3
at invoke_iii (/4naly3er/node_modules/solc-0.8.17/soljson.js:907:36)
at <anonymous>:wasm-function[24956]:0x9679e5
at invoke_viii (/4naly3er/node_modules/solc-0.8.17/soljson.js:853:29)
error Command failed with exit code 1.
2023-01-ondo
contract.linearizedBaseContracts.includes(contractId) &&
^
TypeError: Cannot read property 'includes' of undefined
at topLevelFiles (/4naly3er/src/utils.ts:59:44)
at Object.detector (/4naly3er/src/issues/GAS/uselessInternal.ts:35:57)
at analyze (/4naly3er/src/analyze.ts:39:25)
at main (/4naly3er/src/index.ts:64:22)
at processTicksAndRejections (internal/process/task_queues.js:95:5)
error Command failed with exit code 1.
Hi, thanks for great work.
I noticed that the current Implementation of upgradeableMissingGap
just uses /Upgradeable/gi
to match.
This could produce a lot of False catches.
Recommendation:
In picode there a specific "Test.sol" file in which he is testing the issues, so lets say i want to run the bot on la whole smart contract Repo, so what should i put in the contract file of analyser, i'm facing hard time doing it
Line 82 in 849c0ad
Should be changed to use previousFileName instead of o.filename
I cloned the repository and navigated to the project folder. Upon installation of the package using yarn
, I attempted to use a script using the command yarn analyze contracts scope.example.txt
. However, I consistently encounter the following error:
Cannot compile AST for contracts/example/Test.sol
/github/xxx/node_modules/solidity-ast/utils/find-all.js:19
const push = node => queue.push({ node, props: getNextProps(nodeType, node.nodeType ?? '$other', cache) });
^
TypeError: Cannot read properties of undefined (reading 'nodeType')
at push (/github/xxx/node_modules/solidity-ast/utils/find-all.js:19:78)
at findAll (/github/xxx/node_modules/solidity-ast/utils/find-all.js:21:3)
at findAll.next (<anonymous>)
at Object.detector (/github/xxx/src/issues/NC/uselessOverride.ts:15:18)
at analyze (/github/xxx/src/analyze.ts:43:25)
at main (/github/xxx/src/main.ts:69:22)
at processTicksAndRejections (node:internal/process/task_queues:95:5)
error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.
Of course for the purpose of anonimity I change my true path to /github/xxx/
.
What should I do to use script? I use macbook and Visual Studio Code.
Hacktoberfest is a month-long celebration of open source projects where contributors can help out and earn rewards for their participation. It's a fantastic time for maintainers to gain visibility and contributions.
I propose adding the "hacktoberfest" topic to your repository. This label will help your repository stand out to those participating in the event, potentially bringing more contributors to your project.
Benefits:
I believe this small change could lead to significant growth and development for project.
Reference:
https://hacktoberfest.com/participation/#maintainers
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.