A static analysis tool for anchor rust programs.
radar
allows you to write, share, and utilize templates to identify security issues in rust-based smart contracts using a powerful python based rule engine that enables automating detection of vulnerable code patterns through logical expressions.
-
Install and start docker
-
Install git
-
Install radar either from install script or from source
curl -L https://raw.githubusercontent.com/auditware/radar/main/install-radar.sh | bash
radar -p <your-contract-folder>
OR
git clone https://github.com/auditware/radar.git
cd radar
./radar -p <your-contract-folder>
A good contract to first test radar against is the beautiful repo sealevel-attacks
git clone https://github.com/coral-xyz/sealevel-attacks
radar -p sealevel-attacks
In a 10 seconds setup you can integrate radar-action and be alerted with radar's insights continuously through your contract repository.
Either if you have a vulnerability to test in mind, or if you want to improve the quality of an existing one, templates are the best way to contribute to this repo! Open a PR to add your template to the built-ins.
We'd love to assist with writing your first template, and provide guidance.
Check out the Wiki for more details. For support reach out to the Audit Wizard Discord.