misc:

abarmat · abarmat · commit 6b03f3ebbf60 · 2020-08-17T12:11:13.000-03:00
Add a static code analyzer to find potential vulnerabilities
All reports from analyzer and gas cost reporter now are saved in the /reports folder
All the flattened files are stored in build/flatten instead of build/full
diff --git a/buidler.config.ts b/buidler.config.ts
@@ -172,7 +172,7 @@ const config = {
     enabled: process.env.REPORT_GAS ? true : false,
     showTimeSpent: true,
     currency: 'USD',
-    outputFile: 'gas-report.log',
+    outputFile: 'reports/gas-report.log',
   },
 }
 
diff --git a/contracts/connext/test-fixtures/AppWithAction.sol b/contracts/connext/test-fixtures/AppWithAction.sol
@@ -33,7 +33,8 @@ contract AppWithAction is CounterfactualApp {
         returns (address)
     {
         State memory state = abi.decode(encodedState, (State));
-        return participants[state.counter > 0 ? 0 : 1];
+        uint256 p = state.counter > 0 ? 0 : 1;
+        return participants[p];
     }
 
     /// @dev NOTE: there is a slight difference here vs. the connext
diff --git a/package.json b/package.json
@@ -85,6 +85,7 @@
     "prettier": "npm run prettier:ts && npm run prettier:sol",
     "prettier:ts": "prettier --write 'test/**/*.ts'",
     "prettier:sol": "prettier --write 'contracts/*.sol'",
+    "analyze": "scripts/analyze",
     "flatten": "scripts/flatten",
     "abi:extract": "truffle-abi -d ./build/contracts -o ./build/abis/ -v",
     "typechain": "typechain --target ethers-v5 --outDir build/typechain/contracts 'build/abis/*.json'",
diff --git a/scripts/analyze b/scripts/analyze
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+## Before running:
+# This tool requires to have solc installed.
+# Ensure that you have the binaries installed by pip3 in your path.
+# Install: https://github.com/crytic/slither#how-to-install
+# Usage: https://github.com/crytic/slither/wiki/Usage
+
+mkdir -p reports
+
+pip3 install --user slither-analyzer && \
+npm run build && \
+
+echo "Analyzing contracts..."
+slither . \
+    --filter-paths "staking/libs/abdk-libraries-solidity/*|connext/test-fixtures/*|bancor/*" \
+    &> reports/analyzer-report.log && \
+slither-check-erc build/flatten/GraphToken.sol GraphToken &> reports/analyzer-report-erc.log
+
+echo "Done!"
diff --git a/scripts/flatten b/scripts/flatten
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-OUT_DIR="build/full"
+OUT_DIR="build/flatten"
 
 echo ${OUT_DIR}/contracts
 mkdir -p ${OUT_DIR}/contracts
@@ -17,4 +17,4 @@ for path in $files; do
     truffle-flattener "${path}" > "${OUT_DIR}/${name}"
 done
 
-echo "Done."
+echo "Done!"
diff --git a/scripts/test b/scripts/test
@@ -35,6 +35,8 @@ fi
 
 ### Main
 
+mkdir -p reports
+
 npm run compile
 npm run typechain
 

Original file line number	Diff line number	Diff line change
`@@ -172,7 +172,7 @@ const config = {`
`172`	`172`	`enabled: process.env.REPORT_GAS ? true : false,`
`173`	`173`	`showTimeSpent: true,`
`174`	`174`	`currency: 'USD',`
`175`		`- outputFile: 'gas-report.log',`
	`175`	`+ outputFile: 'reports/gas-report.log',`
`176`	`176`	`},`
`177`	`177`	`}`
`178`	`178`
Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,8 @@ contract AppWithAction is CounterfactualApp {`
`33`	`33`	`returns (address)`
`34`	`34`	`{`
`35`	`35`	`State memory state = abi.decode(encodedState, (State));`
`36`		`- return participants[state.counter > 0 ? 0 : 1];`
	`36`	`+ uint256 p = state.counter > 0 ? 0 : 1;`
	`37`	`+ return participants[p];`
`37`	`38`	`}`
`38`	`39`
`39`	`40`	`/// @dev NOTE: there is a slight difference here vs. the connext`