A powerful Solidity static analyzer that takes a bird's eye view over your smart contracts.
Aderyn is a Rust-based static analyzer specifically designed for Web3 smart contract security and development. It takes a bird's eye view over your smart contracts, traversing the Abstract Syntax Trees (AST) to pinpoint suspected vulnerabilities. Aderyn prints out these potential issues in an easy-to-consume markdown format.
- Hardhat and Foundry support
- Modular detectors
- AST Traversal
- Markdown reports
- Bot development framework (Nyth)
To get started using Aderyn make sure to have Rust installed on your device. For more information, refer to the official Rust documentation.
You can install Rust and Cargo by running the following command on your terminal:
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
You can install Rust and Cargo by downloading and running rustup-init.exe
.
You can run Aderyn from Docker container.
Build the image:
docker build -t aderyn .
/path/to/project/root
should be the path to your Foundry or Hardhat project root directory and it will be mounted to /share
in the container.
Run the container in an interactive mode:
docker run -it -v /path/to/project/root/:/share aderyn
Run aderyn:
aderyn /share
In the command line, run:
cargo install aderyn
The root path you're running Aderyn on should be either a Foundry or compiled Hardhat project.
aderyn /path/to/your/foundry/project/root/directory/
That's it! Aderyn identifies whether the project root is a Foundry or Hardhat repo, then uses the compiled AST files to hunt for vulnerabilities.
report.md
will be output in the directory in which you ran the command.
Usage: aderyn [OPTIONS] <ROOT>
<ROOT>
: The path to the root of the codebase to be analyzed. Defaults to the current directory.
Options:
-o
,--output <OUTPUT>
: Desired file path for the final report (will overwrite existing one) [default: report.md]-s
,--scope <SCOPE>
: List of path strings to include, delimited by comma (no spaces). Any solidity file path not containing these strings will be ignored-e
,--exclude <EXCLUDE>
: List of path strings to exclude, delimited by comma (no spaces). Any solidity file path containing these strings will be ignored-n
,--no-snippets
: Do not include code snippets in the report (reduces report size in large repos)-h
,--help
: Print help-V
,--version
: Print version
You must provide the root directory of the repo you want to analyze. Alternatively, you can provide a single Solidity filepath (this mode requires Foundry to be installed).
Examples:
aderyn /path/to/your/foundry/project/root/directory/
Run Aderyn in the folder you're currently in:
aderyn
Output to a different markdown file:
aderyn -o output.md ./path/to/repo/
Refine the scope to a subdirectory called /uniswap/
:
aderyn --scope uniswap ./path/to/repo/
Exclude a contract called Counter.sol
:
aderyn --exclude Counter.sol ./path/to/repo/
Run on a single Solidity file (requires Foundry to be installed on your machine):
aderyn src/MyContract.sol
If the <ROOT>
is a directory, Aderyn automatically detects the development framework so long as it's Foundry or Hardhat.
If Foundry is detected in the project root, Aderyn will first run forge build
to ensure that the contract compiles correctly and the latest artifacts are available.
If Hardhat is detected, Aderyn does not auto-compile. Make sure to run hardhat compile
BEFORE running Aderyn.
If it is a Solidity file path, then Aderyn will create a temporary Foundry project, copy the contract into it, compile the contract and then analyze the AST generated by that temporary project.
Help us build Aderyn 🦜 Please see our contribution guidelines. Aderyn is an open source software licensed under the MIT License.
To build Aderyn locally, install Rust, clone this repo, and use cargo
commands to build, test and run locally
This project exists thanks to all the people who contribute.
- AST Visitor code from solc-ast-rs.
- Original detectors based on 4naly3er detectors.