solsa-0.1.0 is not a library.

Smart contracts advanced CI pipeline

The goal of this repo is to find a good way of integrating static analisys tools for smart contracts into CI pipelines. Ideally, this should be be easy to pick up and use by any project using smart contracts (dapps, wallets, etc).

The main challenges to overcome appear to be: - seamless installation and configuration of all tools - invocation of each tools taking into account its specificities (sometimes on things as simple as where contracts need to be located) - resolution of contract dependencies!!! (biggest identified PITA so far)

Strategy

Create a self contained docker container for which an alias can be easily set so a seamless command line interface is provided.

This way, at little to no effort to the developer a full, detailed analysis of a smart contract can be obtained.

Key tools for linting and static analisys

- solc - compile (portable)
- Solium - lint (depends on npm)
- Oyente - static analisys (depends on pip)
- MAIAN - static analisys (python, but no distributable release, must get from source)  (removed due to lack of maintenance)
- mythril - static analisys (depends on pip)
- echidna - fuzz tester (haskell compiled binary)

Install/Run

# RUN
    docker run -it --rm -v $(pwd):/src:ro enhancedsociety/solsa -a example_contract.sol

# ALIAS
    function solsa () { docker run -it --rm -v $(pwd):/src:ro enhancedsociety/solsa $@ }

Usage

solsa is the alias to the full docker command as described at the top of the Dockerfile.

filipe@filipe-imp  solsa   master  solsa -h                        
Usage:
    /opt/run_analysis.sh -h
                           Display this help message
    /opt/run_analysis.sh -a CONTRACT_PATH
                           Run all tools
    /opt/run_analysis.sh -t TOOL [-t TOOL] CONTRACT_PATH
                           Run selected tools (out of solc,oyente,solium,mythril,echidna,maian)

TODO