Post release master-merge (#808)

.github/workflows/cargo.yml

@@ -2,6 +2,10 @@ on: [push, pull_request, workflow_dispatch]
 
 name: Aderyn
 
+concurrency:
+  group: ci-${{ github.ref }}-cargo
+  cancel-in-progress: true
+
 jobs:
   check:
     name: Check
@@ -31,42 +35,31 @@ jobs:
     runs-on: ubuntu-latest
     steps:
 
-      - name: foundry-toolchain
+      - name: Install Foundry Toolchain
         uses: foundry-rs/foundry-toolchain@v1.2.0
 
-      - name: Checkout sources
+      - name: Checkout Sources
         uses: actions/checkout@v4
 
-      - name: Install stable toolchain
+      - name: Install Rust Nightly (2025-01-01)
         uses: actions-rs/toolchain@v1
         with:
           profile: minimal
-          toolchain: stable
+          toolchain: nightly-2025-01-01
           override: true
-
-      - uses: Swatinem/rust-cache@v2
-      - name: Run cargo build
-        run: |
-          cargo build
-          
-      - uses: actions/checkout@v4
-      - uses: pnpm/action-setup@v4
-        with:
-          version: 8
-          run_install: false
-
-      - uses: actions/setup-node@v4
-        with:
-          node-version: 20
-          cache: 'npm'
 
-      - name: Submodule init
-        run: |
-          git submodule update --init --recursive
+      - name: Checkout Submodules
+        run: git submodule update --init --recursive
 
-      - uses: Swatinem/rust-cache@v2
-      - name: Run cargo test 
+      - name: Checkout Sources
+        uses: actions/checkout@v4
+
+      - name: Restore Rust Cache
+        uses: Swatinem/rust-cache@v2
+
+      - name: Run tests
         run: |
+          cargo build
           cargo test -- --nocapture
 
   lints:

.github/workflows/config.yml

@@ -0,0 +1,53 @@
+on: [push, pull_request, workflow_dispatch]
+
+name: Config
+
+concurrency:
+  group: ci-${{ github.ref }}-config
+  cancel-in-progress: true
+
+jobs:
+  reports-setup:
+    name:  Check Config
+    runs-on: ubuntu-latest
+    outputs:
+      rust-nightly: nightly-2025-01-01
+
+    steps:
+      - name: Install Foundry Toolchain
+        uses: foundry-rs/foundry-toolchain@v1.2.0
+
+      - name: Checkout Sources
+        uses: actions/checkout@v4
+
+      - name: Install Rust Nightly (2025-01-01)
+        uses: actions-rs/toolchain@v1
+        with:
+          profile: minimal
+          toolchain: nightly-2025-01-01
+          override: true
+
+      - name: Cache Rust Dependencies
+        uses: Swatinem/rust-cache@v2
+
+      - name: Checkout Submodules
+        run: git submodule update --init --recursive
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: 'npm'
+
+      - name: Checkout Sources
+        uses: actions/checkout@v4
+
+      - name: Restore Rust Cache
+        uses: Swatinem/rust-cache@v2
+
+      - name: Initialize config 
+        run: |
+          mkdir config-test
+          cd config-test
+          cargo run -- init
+          diff ./aderyn.toml ../aderyn/templates/aderyn.toml

.github/workflows/dependencies.yml

@@ -0,0 +1,22 @@
+# Runs `cargo update` periodically.
+# Reference:
+# https://github.com/paradigmxyz/solar/blob/main/.github/workflows/dependencies.yml
+
+name: Dependencies
+
+on:
+  schedule:
+    # Run weekly
+    - cron: "0 0 * * SUN"
+  workflow_dispatch:
+    # Needed so we can run it manually
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  update:
+    uses: ithacaxyz/ci/.github/workflows/cargo-update-pr.yml@dev
+    secrets:
+      token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/reports.yml

@@ -2,6 +2,10 @@ on: [push, pull_request, workflow_dispatch]
 
 name: Reports Workflow
 
+concurrency:
+  group: ci-${{ github.ref }}-reports
+  cancel-in-progress: true
+
 jobs:
   reports-setup:
     name:  Check Reports 
@@ -10,6 +14,7 @@ jobs:
       rust-nightly: nightly-2025-01-01
 
     strategy:
+      fail-fast: false
       matrix:
         task:
           - report-workflow

README.md

@@ -56,62 +56,47 @@ You can read the [Cyfrin official documentation](https://docs.cyfrin.io) for an
 ## Installation
 
 > **NOTE** Windows users must have WSL installed
-
 ### Using Cyfrinup
 
 #### Step 1: Install Cyfrinup
-
 Cyfrinup is a CLI tool that simplifies the installation and management of Cyfrin tools. To install Cyfrinup, run the following command in your terminal:
-
 ```sh
 curl -L https://raw.githubusercontent.com/Cyfrin/aderyn/dev/cyfrinup/install | bash
 ```
+If you get a `failed writing body` error in Windows, it's most likely because you are not using Windows Subsytem for Linux.
 
-If you get a `failed writing body` error in Windows, it's most likely because you don't have Windows Distribution system.
-
-You can fix this by going to Microsoft Store, download Ubuntu, and have it running.
 #### Step 2: Update Path
-
 The installer will prompt you to run a `source` command. Either run this command, or reload your terminal.
 
 #### Step 3: Install Aderyn using Cyfrinup
-
 After installing Cyfrinup, you can use it to install Aderyn. Run the following command in your terminal:
-
-```sh
-cyfrinup
-```
-
-#### Step 4: Verify installation
-
-```sh
-aderyn --version
-```
-
-#### Future Updates
-
-To update Aderyn to the latest version, you can run the cyfrinup:
 ```sh
 cyfrinup
 ```
+Verify the installation by running `aderyn --version`
 
-Cyfrinup will replace the existing version with the latest one.
+##### Upgrade older versions by (re)running: `cyfrinup`
 
+----------
 
 ### Using Homebrew
-
-```
+```sh
 brew install cyfrin/tap/aderyn
 ```
+##### Upgrade older versions by running: `brew upgrade cyfrin/tap/aderyn`
 
+----------
 ### Using npm 
-
-```
+```sh
 npm install @cyfrin/aderyn -g
 ```
+##### Upgrade older versions by (re)running: `npm install @cyfrin/aderyn -g`
+
+-----------
 
 If you are installing with Homebrew or npm, ensure that the correct version of Aderyn in your path comes from either the Homebrew or npm global packages directory. If an older version exists at `~/.cyfrin/bin/aderyn`, remove it using `rm -f ~/.cyfrin/bin/aderyn`, as this is no longer the default installation location.
 
+
 ## Quick Start
 Once Aderyn is installed on your system, you can run it against your Foundry-based codebase to find vulnerabilities in your code.
 

aderyn/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "aderyn"
-version = "0.4.2"
+version = "0.4.3"
 edition = "2021"
 authors = ["Cyfrin <aderyn@cyfrin.io>"]
 description = "Rust based Solidity AST analyzer"
@@ -12,7 +12,7 @@ homepage = "https://github.com/cyfrin/aderyn"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
-aderyn_driver = { path  = "../aderyn_driver", version = "0.4.2" }
+aderyn_driver = { path  = "../aderyn_driver", version = "0.4.3" }
 clap = { version = "4.4.6", features = ["derive"] }
 reqwest = { version = "0.12.2", default-features = false, features = ["blocking", "json", "rustls-tls"] }
 semver = "1.0.22"

aderyn/src/lib.rs

@@ -11,7 +11,7 @@ pub fn create_aderyn_toml_file_at(directory: String) {
     let aderyn_toml_path = PathBuf::from_str(&directory).unwrap().join("aderyn.toml");
     let mut file = File::create_new(aderyn_toml_path.clone()).expect("File already exists!");
     file.write_all(include_bytes!("../templates/aderyn.toml"))
-        .expect("To write contents into aderyn.toml");
+        .expect("unable to write to aderyn.toml");
     println!("Created aderyn.toml at {}", aderyn_toml_path.display());
 }
 
@@ -98,7 +98,7 @@ pub fn aderyn_is_currently_running_newest_version() -> Option<bool> {
 
     let data = latest_version_checker.json::<Value>().ok()?;
     let version_string = data.get("tag_name")?.as_str()?;
-    let newest = Version::parse(version_string.replace('v', "").as_str()).ok()?;
+    let newest = Version::parse(version_string.replace("aderyn-v", "").as_str()).ok()?;
     let current = Version::parse(env!("CARGO_PKG_VERSION")).expect("Pkg version not available");
 
     Some(current >= newest)
@@ -108,7 +108,6 @@ pub fn aderyn_is_currently_running_newest_version() -> Option<bool> {
 mod latest_version_checker_tests {
     use super::*;
 
-    #[ignore = "TODO later in the interest of time"]
     #[test]
     fn can_get_latest_version_from_crate_registry() {
         assert!(aderyn_is_currently_running_newest_version().is_some())

aderyn/src/main.rs

@@ -166,7 +166,8 @@ fn main() {
         if let Some(yes) = aderyn_is_currently_running_newest_version() {
             if !yes {
                 println!();
-                println!("NEW VERSION OF ADERYN AVAILABLE! Please run `cyfrinup` to upgrade.");
+                println!("NEW VERSION OF ADERYN AVAILABLE! Please upgrade aderyn by following the instruction here - https://github.com/cyfrin/aderyn");
+                println!("NOTE: You can skip this check by passing --skip-update-check flag");
             }
         }
     }

aderyn/templates/aderyn.toml

@@ -1,34 +1,42 @@
 # Aderyn Configuration File
-# This is a sample configuration for Aderyn
+# Help Aderyn work with more granular control
 
-# The root directory of smart contracts
-# root = "."
+# DO NOT CHANGE version below. As of now, only 1 is supported
+version = 1
 
-# By default, aderyn will try to extract the following values based on the framework that is being used.
-# However, if you want to be explicit consider mentioning them.
+# Read the description carefully and uncomment the examples in each paragraph should you consider using them.
 
-# The source directory containing the Solidity contracts.
-# This is often "contracts/" or "src/"
+# Base path for resolving remappings and compiling smart contracts, relative to workspace-root (directory in which the editor is open)
+# Most of the time, you want to point it to the directory containing foundry.toml or hardhat.config.js/ts.
+root = "."
+
+# Path of source directory containing the contracts, relative to root (above)
+# Aderyn traverse all the nested files inside scanning for vulnerabilities
+# If not specified, Aderyn will try to extract it from the framework that is being used. (Foundry / Hardhat)
+# That would be "contracts/" in case of Hardhat and in case of Foundry, it depends on foundry.toml and
+# many other factors like FOUNDRY_PROFILE environment variable used when starting VS Code, etc.
+# Please feel free to always specify the values explicitly.
+# Example:
 # src = "src/"
 
-# Contract files to include in the analysis.
-# This is a list of strings representing the file paths of the contracts to include.
+# Path segments of contract files to include in the analysis.
 # It can be a partial match like "/interfaces/", which will include all files with "/interfaces/" in the file path.
-# Or it can be a full match like "Counter.sol", which will include only the file with the exact file.
+# Or it can be a full match like "src/counters/Counter.sol", which will include only the file with the exact path.
 # If not specified, all contract files in the source directory will be included.
 # Example:
-# include = ["Counter.sol"]
-# include = []
+# include = ["src/counters/Counter.sol", "src/others/"]
+# include = ["/interfaces/"]
 
-# Contract files to exclude from the analysis.
-# This is a list of strings representing the file paths of the contracts to exclude.
+# Path segments of contract files to exclude in the analysis.
 # It can be a partial match like "/interfaces/", which will exclude all files with "/interfaces/" in the file path.
-# Or it can be a full match like "Counter.sol", which will exclude only the file with the exact file.
+# Or it can be a full match like "src/counters/Counter.sol", which will exclude only the file with the exact path.
 # If not specified, no contract files will be excluded.
 # Example:
+# exclude = ["src/counters/Counter.sol", "src/others/"]
 # exclude = ["/interfaces/"]
-# exclude = []
 
-## Remappings used for compiling the contracts.
+# Remappings used for compiling the contracts.
+# If not specified, Aderyn will try to derive the values from foundry.toml (if present.)
+# That would be the result of calling `foundry remappings`
 # Example:
 # remappings = ["@oz/contracts=lib/openzeppelin-contracts/contracts"]

aderyn_core/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "aderyn_core"
-version = "0.4.2"
+version = "0.4.3"
 edition = "2021"
 authors = ["Cyfrin <aderyn@cyfrin.io>"]
 description = "Rust based Solidity AST analyzer backend"