npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

solhydra

v1.0.0

Published

cli tool to run solidity smart contract(s) through several analysis tools and generating a html report

Downloads

20

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

blockchaincompanyblockchaincompany

Keywords

ethereumsolidityutilblockchainauditsoltrufflezeppelinopen-zeppelinsmart contractsmart-contractclicommand linesoljitsusolhydramythrilreportoyentesolgraphsolidity-coveragesolidity-analyzersoliumsolhint

Readme

Solhydra

License Version Node Version

Solhydra is a cli tool to run solidity smart contract(s) through several analysis tools and generating a html report.

sample report of cryptokitties-bounty

sample report screenshot

Description

There are a number of smart contract analysis tools which can give you valuable information about your smart contracts. Just installing all these tools on your machine is quite the challenge. If you manage to install all these tools next challenge will be finding out how to execute each of these tools. After execution you are left with a number of files per tool, which you can then open and inspect one-by-one. Wouldn't it be nice if there was a tool which takes care of installing (in Docker containers) and executing all the analysis tools on a given directory with smart contracts + transforming the output of each tool (per smart contract) into 1 HTML report which you can open in the browser so you can easily inspect all output per tool, per smart contract. That's what this tool tries to accomplish 🎆.

Analysis tools included:

Prerequisites

  • docker (tested on 17.12.0-ce)

Requirements

node version >= 8.0.0

Install

npm install -g solhydra

One line sample execution

npx [email protected] [email protected]:dapperlabs/cryptokitties-bounty.git --dest-file=~/solhydra-cryptokitties-bounty

Usage

NAME
  solhydra        cli tool to run solidity smart contract(s) through several analysis
                  tools and generating a html report

SYNOPSIS
  solhydra --contract-dir=dirPath --dest-file=dirPath [--npm-dir=dirPath --ethpm-dir=dirPath] [tool1, tool2, ..]
  solhydra --truffle=dirPath --dest-file=filePath [tool1, tool2, ..]
  solhydra --git=gitUrl --dest-file=filePath [tool1, tool2, ..]

TOOLS
  mythril, oyente, surya, solidity-coverage, solidity-analyzer, solhint, solium

REQUIRED ARGUMENTS
  --contract-dir  path of contracts directory (only when not specifying --truffle)
  --truffle       path of truffle project (only when not specifying --contract-dir)
  --dest-file     path of the file to write the result HTML report to

OPTIONAL ARGUMENTS
  --npm-dir       path of the directory with the NPM dependencies
                  only used with --contract-dir
  --ethpm-dir     path of the directory with the EthPM dependencies
                  only used with --contract-dir
  tool            you can optionally specify a subset of tools to run, if you don't
                  specify any tools, all tools will be executed

NOTES
  solidity-coverage only works on truffle projects, so only when using --truffle,
  it will be skipped automatically for non-truffle runs

EXAMPLES
  solhydra --contract-dir=./contracts --npm-dir=./node_modules --dest-file=./out
  solhydra --contract-dir=./contracts --ethpm-dir=./installed_contracts --dest-file=./out mythril oyente
  solhydra --truffle=./mytruffleproject --dest-file=./out
  solhydra --truffle=./mytruffleproject --dest-file=./out solidity-coverage solium
  solhydra [email protected]:dapperlabs/cryptokitties-bounty.git --dest-file=./out surya mythril

To display help (the above shown excerpt) type: solhydra.

Notes

soljitsu flatten

The smart contracts are run through soljitsu flatten, since some analysis tools don't work with node_modules/installed_contracts dependencies. So to keep reports consistent the tools are executed on the flatten version of the smart contracts.

html report

  • the generated HTML report has all it's internal js/css inlined, therefore it can be moved to any folder/machine and still work
  • the generated HTML report fetches some external js/css from a cdn so an internet connection is required

Todo

  • [ ] oyente reports usage of an untested z3 + solc + evm, fix this
  • [ ] add slither when it becomes available
  • [ ] add rattle if/when it becomes available (blogpost)
  • [ ] enable maian when issue is resolved
  • [ ] enable echidna with a special option since it requires manually adding tests to solidity files
  • [ ] add manticore as described here
  • [ ] fix highlightjs-solidity highlighting, doesn't seem to work, it uses php highlighting?!

License

GPL-3.0