From 7591b34e98194f611a20c2294fdad2ed4d4197e7 Mon Sep 17 00:00:00 2001 From: tongshi Date: Thu, 21 Nov 2024 13:14:08 -0800 Subject: [PATCH] Migrate from Slither to Mythril for static analysis (#47) ### Summary Migrate from Slither to Mythril for static analysis ### Detail - update Makefile command and update CI - remove Slither relevant configs and add Mythril config - update Readme -- *story*: https://circlepay.atlassian.net/browse/STABLE-7559 --- .github/workflows/ci.yml | 51 ++++++++++++++++++++++++++++++++++++---- Makefile | 21 +++++++++++++---- README.md | 2 +- mythril.config.json | 8 +++++++ requirements.txt | 1 - slither.config.json | 9 ------- 6 files changed, 72 insertions(+), 20 deletions(-) create mode 100644 mythril.config.json delete mode 100644 slither.config.json diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c243576..da2e374 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -15,7 +15,7 @@ jobs: - name: Setup Python uses: actions/setup-python@v5 with: - python-version: '3.10' + python-version: '3.10' - name: Install Node uses: actions/setup-node@v4 @@ -38,10 +38,53 @@ jobs: - name: Run v2 Integration Tests run: make anvil-test-v2 - - name: Run Slither - uses: crytic/slither-action@v0.3.0 + analyze-message-transmitter: + runs-on: ubuntu-latest + steps: + - name: Check out repository code + uses: actions/checkout@v4 + with: + submodules: 'true' + + - name: Set up Python + uses: actions/setup-python@v5 with: - fail-on: none + python-version: '3.10' + + - name: Run Static Analysis on Message Transmitter + run: make analyze-message-transmitter + + analyze-message-transmitter-v2: + runs-on: ubuntu-latest + steps: + - name: Check out repository code + uses: actions/checkout@v4 + with: + submodules: 'true' + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: '3.10' + + - name: Run Static Analysis on Message Transmitter V2 + run: make analyze-message-transmitter-v2 + + analyze-token-messenger-minter: + runs-on: ubuntu-latest + steps: + - name: Check out repository code + uses: actions/checkout@v4 + with: + submodules: 'true' + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: '3.10' + + - name: Run Static Analysis on Token Messenger Minter + run: make analyze-token-messenger-minter scan: needs: lint-and-test diff --git a/Makefile b/Makefile index cba6c8b..81d4d62 100644 --- a/Makefile +++ b/Makefile @@ -53,7 +53,7 @@ deploy-address-utils-external: anvil: docker rm -f anvil || true - @${ANVIL} "anvil --host 0.0.0.0 -a 13 --code-size-limit 250000" + @${ANVIL} "anvil --host 0.0.0.0 -a 13 --code-size-limit 250000" anvil-test: anvil pip3 install -r requirements.txt @@ -71,10 +71,21 @@ cast-call: cast-send: @docker exec anvil cast send ${contract_address} "${function}" --rpc-url http://localhost:8545 --private-key 0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80 - + clean: @${FOUNDRY} "forge clean" -analyze: - pip3 install -r requirements.txt - slither . +analyze-message-transmitter: + pip3 install mythril==0.24.8 + myth -v4 analyze src/MessageTransmitter.sol --solc-json mythril.config.json --solv 0.7.6 + +analyze-message-transmitter-v2: + pip3 install mythril==0.24.8 + myth -v4 analyze src/v2/MessageTransmitterV2.sol --solc-json mythril.config.json --solv 0.7.6 + +analyze-token-messenger-minter: + pip3 install mythril==0.24.8 + myth -v4 analyze src/TokenMessenger.sol --solc-json mythril.config.json --solv 0.7.6 + myth -v4 analyze src/TokenMinter.sol --solc-json mythril.config.json --solv 0.7.6 + myth -v4 analyze src/v2/TokenMessengerV2.sol --solc-json mythril.config.json --solv 0.7.6 + myth -v4 analyze src/v2/TokenMinterV2.sol --solc-json mythril.config.json --solv 0.7.6 diff --git a/README.md b/README.md index be7f29a..b5c663e 100644 --- a/README.md +++ b/README.md @@ -47,7 +47,7 @@ Run `yarn lint` to lint all `.sol` files in the `src` and `test` directories. ### Static analysis -Run `make analyze` to set up Python dependencies from `requirements.txt` and run Slither on all source files, requiring the foundry cli to be installed locally. If all dependencies have been installed, alternatively run `slither .` to run static analysis on all `.sol` files in the `src` directory. +Run `make analyze-{message-transmitter | message-transmitter-v2 | token-messenger-minter}` to set up Mythril dependency and run Mythril on all source files. If Mythril dependency has been installed, alternatively run `myth -v4 analyze $FILE_PATH --solc-json mythril.config.json --solv 0.7.6` to run static analysis on a `.sol` file at the given `$FILE_PATH`. Please note that this can take several minutes. ### Continuous Integration using Github Actions diff --git a/mythril.config.json b/mythril.config.json new file mode 100644 index 0000000..62a08ae --- /dev/null +++ b/mythril.config.json @@ -0,0 +1,8 @@ +{ + "remappings": [ + "@memview-sol/=lib/memview-sol/", + "@openzeppelin/=lib/openzeppelin-contracts/", + "ds-test/=lib/ds-test/src/", + "forge-std/=lib/forge-std/src/" + ] +} diff --git a/requirements.txt b/requirements.txt index e65806c..68b3142 100644 --- a/requirements.txt +++ b/requirements.txt @@ -34,7 +34,6 @@ requests==2.28.1 rlp==2.0.1 semantic-version==2.10.0 six==1.16.0 -slither-analyzer==0.8.3 toolz==0.12.0 urllib3==1.26.11 varint==1.0.2 diff --git a/slither.config.json b/slither.config.json deleted file mode 100644 index 14d940b..0000000 --- a/slither.config.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "filter_paths": "lib|test", - "solc_remaps": [ - "@memview-sol/=lib/memview-sol", - "@openzeppelin/=lib/openzeppelin-contracts", - "ds-test/=lib/ds-test/src/", - "forge-std/=lib/forge-std/src/" - ] - } \ No newline at end of file