pallet-verifier is a tool for detecting common security vulnerabilities and insecure patterns in
FRAME pallets using static program analysis techniques like data-flow analysis,
abstract interpretation and symbolic execution.
FRAME pallets are modules that are used to build/compose Substrate-based blockchains.
NOTE: 🚧 This project is still work in progress, check back over the next few weeks for regular updates.
NOTE: pallet-verifier requires a Clang binary that supports WebAssembly.
On macOS, the Clang binary from Xcode doesn't support WebAssembly, so you'll need to install
clang/llvm via homebrew and add it to your PATH.
git clone https://github.com/davidsemakula/pallet-verifier.git
cd pallet-verifier
cargo install --locked --path ./Run the following command from the crate root of a FRAME pallet
(i.e. the directory that contains the Cargo.toml file for the FRAME pallet).
cargo verify-palletNOTE: pallet-verifier compiles the target FRAME pallet code in "test mode" (i.e. the equivalent of running
cargo test or rustc --test), so you'll need to ensure that all prerequisites for test compilation
are installed and/or configured properly, otherwise compilation will fail.
cargo verfiy-pallet subcommand help text.
A tool for detecting common security vulnerabilities and insecure patterns in FRAME pallets using static program analysis techniques.
Usage: cargo verify-pallet
Options:
-h, --help Print help
-V, --version Print version
--pointer-width <32|64> The pointer width for the target execution environmentYou can access library documentation locally by running the following command from the project root
cargo doc --no-deps --openYou can run UI tests by running the following command from the project root
cargo testLicensed under either MIT or Apache-2.0 license at your option.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.