Aderyn is a Solidity Static Analyzer. It takes a bird's eye view over your smart contracts, traversing the Abstract Syntax Trees (AST) to pinpoint suspected vulnerabilities. Aderyn prints out these potential issues in an easy-to-consume markdown format.
Use Aderyn when developing or auditing Solidity smart contracts to quickly identify areas where the code may not be following best practices or has potential vulnerabilities.
In the command line, run:
cargo install aderynThe project you're running Aderyn on should be either a Foundry or compiled Hardhat project.
aderyn --root /path/to/your/foundry/project/root/directory/That's it! Aderyn identifies whether the project root is a Foundry or Hardhat repo, then uses the compiled AST files to hunt for vulnerabilities. report.md will be output in the directory in which you ran the command.
- You must provide the root directory of the repo you want to analyze:
--root /path/to/repo/root/
Aderyn automatically detects the development framework so long as it's Foundry or Hardhat.
If Foundry is detected in the project root, Aderyn will first run forge build to ensure that the contract compiles correctly and the latest artifacts are available.
If Hardhat is detected, Aderyn does not auto-compile. Make sure to run hardhat compile BEFORE running Aderyn.
- Support Multiple Abstract Syntax Trees representing multiple Solidity files
- Support Foundry/Hardhat/Truffle/Solc output formats for ingesting AST
- Foundry
- Hardhat
- Complexity score (with Percentage YUL code & nsloc)
- More complex static analysis detectors
- auto-fixes
- installer that doesn't require Rust (aderynup)
- ...
Create tools that utilize the context library to:
- Provide automated gas optimizations
- Custom subscribable detectors
- Control/data flow analyses
- Symbolic execution
- Invariant handler generation
- Vyper support
Help us build Aderyn 🦜 Please see our contribution guidelines. This repo is published under the MIT License.
- AST Visitor code from solc-ast-rs.
- Original detectors based on 4nalyzer detectors.