Write an audit tool that uses `Callgraph` #1145

jubnzv · 2022-08-16T13:15:28Z

We could use the Callgraph module implemented in #1144 to create a tool that helps auditing smart contracts.

Desired functionality:

A CLI option to don't show pure functions call on the .dot dump. This is usable to reduce the noise when analyzing imperative code.
Show changes in the imperative state of the contract for each procedure/transition. Read, write, and read-write (update) operations of fields should be shown differently.
External calls, event, exceptions on the graph.
Show clusters of procedures/transitions based on fields they access (if procedures commute, i.e. do not share common state, it should be clearly observable from the call graph).

The text was updated successfully, but these errors were encountered:

anton-trunov · 2022-08-16T14:04:06Z

The more filtering options this contract map tool supports the better. Remote reads also should be marked explicitly.

jjcnn · 2022-09-16T15:48:07Z

Moving to v0.14 due to lack of time.

jubnzv added the enhancement New feature or request label Aug 16, 2022

anton-trunov added the static analysis label Aug 16, 2022

anton-trunov added this to the Scilla 0.13.0 milestone Aug 18, 2022

jjcnn modified the milestones: Scilla 0.13.0, Scilla 0.14.0 Sep 16, 2022

jjcnn mentioned this issue Dec 5, 2022

Document the audit tool that uses Callgraph Zilliqa/scilla-docs#171

Open

Provide feedback