SmartCheck is an extensible static analysis tool for discovering vulnerabilities and other code issues in Ethereum smart contracts written in the Solidity programming language.

SmartCheck is described in the academic paper titled "SmartCheck: Static Analysis of Ethereum Smart Contracts" as released on May 27, 2018.

⚠️ Warning

The project is deprecated since 2020. The analysis might work incorrectly for Solidity versions starting with 0.6.0.

Web version of SmartCheck that was available online earlier is shut down.

To install SmartCheck globally to your system run (administrative rights required)

npm install @smartdec/smartcheck -g

To add and install SmartCheck as development dependency to your npm project run:

npm install --save-dev @smartdec/smartcheck

To start analysis simply run:

smartcheck -p .

Required argument: -p <path to directory or file>. Optional argument: -r <path to .xml-file with rules>; by default it uses the built-in rules files.

⚠️ Warning

SmartCheck works only with older java8 versions, e.g. 8u102. You can download version for Windows from the archive.

The project uses Maven. To build it, execute in the project directory:

$ mvn clean package

$ java -jar target/smartcheck-2.0-SNAPSHOT-jar-with-dependencies.jar -p <path to directory or file>

Optional argument: -r <path to .xml-file with rules>; by default it uses the built-in rules files.

Analysis can also be started from an IDE by running the ru.smartdec.smartcheck.app.cli.Tool.main() method.

$ mvn exec:java@tree -Dexec.args="-p <path to the file>"

It can also be done from an IDE by running the ru.smartdec.smartcheck.app.cli.TreeView.main() method.

$ mvn exec:java@xml -Dexec.args="-t <path to save xml-tree> -s <path to the file>"

It can also be done from an IDE by running the ru.smartdec.smartcheck.app.cli.XmlView.main() method.