crytic
[Bug-Candidate]: Slither python API contract with remappings file
Describe the issue:
I use the slither by python API. If the contract use a mappings, Slither will go wrong. The reason is also "file not found, Searched the following locations: "". The contract address is 0x51bdbfcd7656e2c25ad1bc8037f70572b7142ecc. In the Router.sol file,
import {Math} from "openzeppelin-math/Math.sol"; But the openzeppelin-math/Math.sol is remapped to lib/openzeppelin-contracts/contracts/utils/math/Math.sol I use etherscan API to download the contract source code, the file system is like https://etherscan.deth.net/address/0x51bdbfcd7656e2c25ad1bc8037f70572b7142ecc My python3 code is
from slither.slither import Slither
ctsl = Slither('src/router/Router.sol')
How to solve this remappings problem in slither API?
Code example to reproduce the issue:
from slither.slither import Slither ctsl = Slither('src/router/Router.sol')
Version:
0.10.3
Relevant log output:
crytic_compile.platform.exceptions.InvalidCompilation: Invalid solc compilation Error: Source "openzeppelin-math/Math.sol" not found: File not found. Searched the following locations: "".
There should be a config file that is available if you run slither 0x51bdbfcd7656e2c25ad1bc8037f70572b7142ecc (see https://github.com/crytic/crytic-compile/pull/544#issuecomment-1913720052). But you are running slither on a file and not directory so it doesn't seem to be picked up. Can you try running Slither on the directory with the config file cd /where/config/is and invoke slither like sl = Slither(".")?
Note, this is likely necessary regardless of configuring remappings given Slither needs the AST of all of Router's dependencies and can't be run on just Router.sol except for self-contained solidity files
what is the config file of running slither 0x51bdbfcd7656e2c25ad1bc8037f70572b7142ecc. Is it the same as Setting.json in https://etherscan.deth.net/address/0x51bdbfcd7656e2c25ad1bc8037f70572b7142ecc
No, it is the crytic_compile.config.json file which has the remappings configured. I think it will actually require you to pass the config to Slither as a keyword arg like Slither(".", config_file="crytic_compile.config.json")
https://github.com/crytic/crytic-compile/blob/20df04f37af723eaa7fa56dc2c80169776f3bc4d/crytic_compile/main.py#L43-L49
As @0xalpharush mentioned, you can run Slither (or crytic-compile if you don't care about the analysis) directly on the etherscan copy of the contracts as well:
crytic-compile 0x51bdbfcd7656e2c25ad1bc8037f70572b7142ecc --etherscan-apikey YOUR_ETHERSCAN_APIKEY
After that runs, you'll get a folder on crytic-export/etherscan-contracts that has the solidity code as well as a crytic_compile.config.json file with remaps information, solc versions, etc. You can pass those options as arguments on your script when you create the Slither object as well.
I got the crytic_compile.config.json. But when I use it in my python3 code, It still went wrong. My code
from slither.slither import Slither
ctsl = Slither('scr/router/Router.sol',config_file='crytic_compile.config.json')
The crytic_compile.config.json
{"solc_remaps": ["ds-test/=lib/forge-std/lib/ds-test/src/", "erc4626-tests/=lib/openzeppelin-contracts/lib/erc4626-tests/", "forge-std/=lib/forge-std/src/", "openzeppelin-contracts-upgradeable/=lib/openzeppelin-contracts-upgradeable/contracts/", "openzeppelin-contracts/=lib/openzeppelin-contracts/contracts/", "openzeppelin-erc20-basic/=lib/openzeppelin-contracts/contracts/token/ERC20/", "openzeppelin-erc20-extensions/=lib/openzeppelin-contracts-upgradeable/contracts/token/ERC20/extensions/", "openzeppelin-erc20/=lib/openzeppelin-contracts-upgradeable/contracts/token/ERC20/", "openzeppelin-math/=lib/openzeppelin-contracts/contracts/utils/math/", "openzeppelin-proxy/=lib/openzeppelin-contracts-upgradeable/contracts/proxy/utils/", "openzeppelin-utils/=lib/openzeppelin-contracts/contracts/utils/", "@openzeppelin/contracts-upgradeable/=lib/openzeppelin-contracts-upgradeable/contracts/", "@openzeppelin/contracts/=lib/openzeppelin-contracts/contracts/"], "solc_solcs_select": "0.8.20", "solc_args": "--optimize --optimize-runs 200 --evm-version paris"}
How do I use this config file?
I got the crytic_compile.config.json. But when I use it in my python3 code, It still went wrong. My code
from slither.slither import Slither ctsl = Slither('scr/router/Router.sol',config_file='crytic_compile.config.json')The crytic_compile.config.json
{"solc_remaps": ["ds-test/=lib/forge-std/lib/ds-test/src/", "erc4626-tests/=lib/openzeppelin-contracts/lib/erc4626-tests/", "forge-std/=lib/forge-std/src/", "openzeppelin-contracts-upgradeable/=lib/openzeppelin-contracts-upgradeable/contracts/", "openzeppelin-contracts/=lib/openzeppelin-contracts/contracts/", "openzeppelin-erc20-basic/=lib/openzeppelin-contracts/contracts/token/ERC20/", "openzeppelin-erc20-extensions/=lib/openzeppelin-contracts-upgradeable/contracts/token/ERC20/extensions/", "openzeppelin-erc20/=lib/openzeppelin-contracts-upgradeable/contracts/token/ERC20/", "openzeppelin-math/=lib/openzeppelin-contracts/contracts/utils/math/", "openzeppelin-proxy/=lib/openzeppelin-contracts-upgradeable/contracts/proxy/utils/", "openzeppelin-utils/=lib/openzeppelin-contracts/contracts/utils/", "@openzeppelin/contracts-upgradeable/=lib/openzeppelin-contracts-upgradeable/contracts/", "@openzeppelin/contracts/=lib/openzeppelin-contracts/contracts/"], "solc_solcs_select": "0.8.20", "solc_args": "--optimize --optimize-runs 200 --evm-version paris"}How do I use this config file?
I have downloaded all sol file in my local system.