Solhydra is a cli tool to run solidity smart contract(s) through several analysis tools and generating a html report.
There are a number of smart contract analysis tools which can give you valuable information about your smart contracts. Just installing all these tools on your machine is quite the challenge. If you manage to install all these tools next challenge will be finding out how to execute each of these tools. After execution you are left with a number of files per tool, which you can then open and inspect one-by-one. Wouldn't it be nice if there was a tool which takes care of installing (in Docker containers) and executing all the analysis tools on a given directory with smart contracts + transforming the output of each tool (per smart contract) into 1 HTML report which you can open in the browser so you can easily inspect all output per tool, per smart contract. That's what this tool tries to accomplish 🎆.
Analysis tools included:
solidity-coverage(only works on
truffleprojects) Docker image
npm install -g solhydra
One line sample execution
npx email@example.com --firstname.lastname@example.org:dapperlabs/cryptokitties-bounty.git --dest-file=~/solhydra-cryptokitties-bounty
NAME solhydra cli tool to run solidity smart contract(s) through several analysis tools and generating a html report SYNOPSIS solhydra --contract-dir=dirPath --dest-file=dirPath [--npm-dir=dirPath --ethpm-dir=dirPath] [tool1, tool2, ..] solhydra --truffle=dirPath --dest-file=filePath [tool1, tool2, ..] solhydra --git=gitUrl --dest-file=filePath [tool1, tool2, ..] TOOLS mythril, oyente, surya, solidity-coverage, solidity-analyzer, solhint, solium REQUIRED ARGUMENTS --contract-dir path of contracts directory (only when not specifying --truffle) --truffle path of truffle project (only when not specifying --contract-dir) --dest-file path of the file to write the result HTML report to OPTIONAL ARGUMENTS --npm-dir path of the directory with the NPM dependencies only used with --contract-dir --ethpm-dir path of the directory with the EthPM dependencies only used with --contract-dir tool you can optionally specify a subset of tools to run, if you don't specify any tools, all tools will be executed NOTES solidity-coverage only works on truffle projects, so only when using --truffle, it will be skipped automatically for non-truffle runs EXAMPLES solhydra --contract-dir=./contracts --npm-dir=./node_modules --dest-file=./out solhydra --contract-dir=./contracts --ethpm-dir=./installed_contracts --dest-file=./out mythril oyente solhydra --truffle=./mytruffleproject --dest-file=./out solhydra --truffle=./mytruffleproject --dest-file=./out solidity-coverage solium solhydra --email@example.com:dapperlabs/cryptokitties-bounty.git --dest-file=./out surya mythril
To display help (the above shown excerpt) type:
The smart contracts are run through
since some analysis tools don't work with
installed_contracts dependencies. So to keep reports consistent the tools are
executed on the
flatten version of the smart contracts.
- the generated HTML report has all it's internal js/css inlined, therefore it can be moved to any folder/machine and still work
- the generated HTML report fetches some external js/css from a cdn so an internet connection is required
oyentereports usage of an untested z3 + solc + evm, fix this
slitherwhen it becomes available
rattleif/when it becomes available (blogpost)
maianwhen issue is resolved
echidnawith a special option since it requires manually adding tests to solidity files
manticoreas described here
highlightjs-solidityhighlighting, doesn't seem to work, it uses php highlighting?!