scilla icon indicating copy to clipboard operation
scilla copied to clipboard

Published 20 hours ago verified publisher icon Zilliqa

Write an audit tool that uses `Callgraph`

Open jubnzv opened this issue 2 years ago • 2 comments

We could use the Callgraph module implemented in #1144 to create a tool that helps auditing smart contracts.

Desired functionality:

  • [ ] A CLI option to don't show pure functions call on the .dot dump. This is usable to reduce the noise when analyzing imperative code.
  • [ ] Show changes in the imperative state of the contract for each procedure/transition. Read, write, and read-write (update) operations of fields should be shown differently.
  • [ ] External calls, event, exceptions on the graph.
  • [ ] Show clusters of procedures/transitions based on fields they access (if procedures commute, i.e. do not share common state, it should be clearly observable from the call graph).

jubnzv avatar Aug 16 '22 13:08 jubnzv

The more filtering options this contract map tool supports the better. Remote reads also should be marked explicitly.

anton-trunov avatar Aug 16 '22 14:08 anton-trunov

Moving to v0.14 due to lack of time.

jjcnn avatar Sep 16 '22 15:09 jjcnn