construstor 0.1.0

A tool for analyzing Solidity smart contracts to detect zero address validation patterns
Documentation

Construstor - Smart Contract Constructor & Initialize Function Analyzer

Rust License: MIT

A production-ready tool for analyzing Solidity smart contracts to detect zero address validation patterns in constructors and initialize functions.

๐Ÿš€ Features

  • Comprehensive Analysis: Scans individual files or entire directories for .sol files
  • Smart Detection: Identifies constructors and initialize functions automatically
  • Zero Address Validation Detection:
    • Direct equality checks (== address(0), != address(0))
    • require() statements with zero address validation
  • Detailed Reporting:
    • Shows which address arguments are validated
    • Highlights missing validations
    • Provides summary statistics
  • Beautiful Output: Colored terminal output for better readability
  • Production Ready: Comprehensive error handling, logging, and testing

๐Ÿ“ฆ Installation

Prerequisites

  • Rust 1.86 or later

Build from Source

git clone <repository-url>
cd construstor
cargo build --release

The binary will be available at target/release/construstor.

๐Ÿ”ง Usage

Basic Usage

Run the tool and enter a file path or directory when prompted:

cargo run
# or
./target/release/construstor

Example Output

Constructor in MyContract.sol:
๐Ÿ“‹ Found 2 address argument(s): _owner, _manager
โœ… Zero address validation found:
  โ€ข Direct address(0) comparison
  โ€ข require() statement with zero address check
    โ†’ Checking variable: _owner
    โ†’ Checking variable: _manager
โœ… All address arguments are validated!

Initialize function in MyContract.sol:
๐Ÿ“‹ Found 3 address argument(s): _tokenA, _tokenB, _router
โœ… Zero address validation found:
  โ€ข require() statement with zero address check
    โ†’ Checking variable: _tokenA
    โ†’ Checking variable: _tokenB
โŒ Missing zero address validation for:
    โš ๏ธ Argument: _router

๐Ÿ“Š Analysis Summary:
  Total functions analyzed: 2
  Functions with address arguments: 2
  Fully validated: 1
  Partially validated: 1
  Not validated: 0

๐Ÿงช Testing

Run the test suite:

cargo test

Run tests with verbose output:

cargo test -- --nocapture

๐Ÿ“Š What It Detects

Constructor Analysis

constructor(address _owner, address _token) {
    require(_owner != address(0), "Owner cannot be zero");
    // Missing validation for _token โŒ
    owner = _owner;
    token = _token;
}

Initialize Function Analysis

function initialize(address _hookManager, address _test) external initializer {
    require(_hookManager != address(0), "Hook manager cannot be zero address");
    if (_test == address(0)) revert("Test cannot be zero address");
    // Both arguments validated โœ…
}

๐Ÿ—๏ธ Architecture

The tool is structured with the following key components:

  • ConstructorAnalyzer: Core analysis engine with regex-based pattern matching
  • AnalysisResult: Structured data representing analysis findings
  • ResultPrinter: Pretty-printed output with colors and formatting
  • Error Handling: Comprehensive error types and propagation
  • Testing: Unit tests covering core functionality

๐Ÿ” Detection Patterns

Address Parameter Extraction

  • Regex: address\s+(\w+)
  • Matches: address _owner, address tokenContract

Equality Checks

  • Regex: (\w+)\s*(?:==|!=)\s*address\(0\)
  • Matches: _owner == address(0), token != address(0)

Require Statements

  • Regex: (?:require)\s*\(\s*([^,)]+)\s*(?:==|!=)\s*address\(0\)
  • Matches: require(_owner != address(0), "message")

๐Ÿšจ Security Considerations

This tool helps identify potential security vulnerabilities in smart contracts:

  • Zero Address Attacks: Prevent accidental or malicious zero address assignments
  • Constructor Security: Ensure critical addresses are validated during deployment
  • Upgradeable Contracts: Validate addresses in initialize functions for proxy contracts

๐Ÿค Contributing

  1. Fork the repository
  2. Create a feature branch: git checkout -b feature/amazing-feature
  3. Commit your changes: git commit -m 'Add amazing feature'
  4. Push to the branch: git push origin feature/amazing-feature
  5. Open a Pull Request

Development Guidelines

  • Add tests for new functionality
  • Follow Rust naming conventions
  • Update documentation for new features
  • Ensure cargo clippy passes without warnings

๐Ÿ™ Acknowledgments

  • Rust community for excellent tooling and documentation
  • Solidity developers for security best practices
  • Smart contract auditing community for inspiration
  • Special thanks to Wyatt Chamberlin (@elkaholic6) for giving me the idea with his Solidity-constructor-analysis

๐Ÿ“„ License

This project is licensed under the MIT License - see the LICENSE file for details.