SherlockChain Save

SherlockChain is a streamlined AI analysis framework for Solidity, Vyper and Plutus contracts

Project README

SherlockChain: A Powerful AI Smart Contract Analysis Framework

SherlockChain is a powerful smart contract analysis framework that combines the capabilities of the renowned Slither tool with advanced AI-powered features. Developed by a team of security experts and AI researchers, SherlockChain offers unparalleled insights and vulnerability detection for Solidity, Vyper and Plutus smart contracts.

Key Features

Comprehensive Vulnerability Detection: SherlockChain's suite of detectors identifies a wide range of vulnerabilities, including high-impact issues like reentrancy, unprotected upgrades, and more.
AI-Powered Analysis: Integrated AI models enhance the accuracy and precision of vulnerability detection, providing developers with actionable insights and recommendations.
Seamless Integration: SherlockChain seamlessly integrates with popular development frameworks like Hardhat, Foundry, and Brownie, making it easy to incorporate into your existing workflow.
Intuitive Reporting: SherlockChain generates detailed reports with clear explanations and code snippets, helping developers quickly understand and address identified issues.
Customizable Analyses: The framework's flexible API allows users to write custom analyses and detectors, tailoring the tool to their specific needs.
Continuous Monitoring: SherlockChain can be integrated into your CI/CD pipeline, providing ongoing monitoring and alerting for your smart contract codebase.

Installation

To install SherlockChain, follow these steps:

git clone https://github.com/0xQuantumCoder/SherlockChain.git
cd SherlockChain
pip install .

AI-Powered Features

SherlockChain's AI integration brings several advanced capabilities to the table:

Intelligent Vulnerability Prioritization: AI models analyze the context and potential impact of detected vulnerabilities, providing developers with a prioritized list of issues to address.
Automated Remediation Suggestions: The AI component suggests potential fixes and code modifications to address identified vulnerabilities, accelerating the remediation process.
Proactive Security Auditing: SherlockChain's AI models continuously monitor your codebase, proactively identifying emerging threats and providing early warning signals.
Natural Language Interaction: Users can interact with SherlockChain using natural language, allowing them to query the tool, request specific analyses, and receive detailed responses. he --help command in the SherlockChain framework provides a comprehensive overview of all the available options and features. It includes information on:

Vulnerability Detection: The --detect and --exclude-detectors options allow users to specify which vulnerability detectors to run, including both built-in and AI-powered detectors.
Reporting: The --report-format, --report-output, and various --report-* options control how the analysis results are reported, including the ability to generate reports in different formats (JSON, Markdown, SARIF, etc.).
Filtering: The --filter-* options enable users to filter the reported issues based on severity, impact, confidence, and other criteria.
AI Integration: The --ai-* options allow users to configure and control the AI-powered features of SherlockChain, such as prioritizing high-impact vulnerabilities, enabling specific AI detectors, and managing AI model configurations.
Integration with Development Frameworks: Options like --truffle and --truffle-build-directory facilitate the integration of SherlockChain into popular development frameworks like Truffle.
Miscellaneous Options: Additional options for compiling contracts, listing detectors, and customizing the analysis process.

The --help command provides a detailed explanation of each option, its purpose, and how to use it, making it a valuable resource for users to quickly understand and leverage the full capabilities of the SherlockChain framework.

Example usage:

sherlockchain --help

This will display the comprehensive usage guide for the SherlockChain framework, including all available options and their descriptions.

usage: sherlockchain [-h] [--version] [--solc-remaps SOLC_REMAPS] [--solc-settings SOLC_SETTINGS]
                    [--solc-version SOLC_VERSION] [--truffle] [--truffle-build-directory TRUFFLE_BUILD_DIRECTORY]
                    [--truffle-config-file TRUFFLE_CONFIG_FILE] [--compile] [--list-detectors]
                    [--list-detectors-info] [--detect DETECTORS] [--exclude-detectors EXCLUDE_DETECTORS]
                    [--print-issues] [--json] [--markdown] [--sarif] [--text] [--zip] [--output OUTPUT]
                    [--filter-paths FILTER_PATHS] [--filter-paths-exclude FILTER_PATHS_EXCLUDE]
                    [--filter-contracts FILTER_CONTRACTS] [--filter-contracts-exclude FILTER_CONTRACTS_EXCLUDE]
                    [--filter-severity FILTER_SEVERITY] [--filter-impact FILTER_IMPACT]
                    [--filter-confidence FILTER_CONFIDENCE] [--filter-check-suicidal]
                    [--filter-check-upgradeable] [--filter-check-erc20] [--filter-check-erc721]
                    [--filter-check-reentrancy] [--filter-check-gas-optimization] [--filter-check-code-quality]
                    [--filter-check-best-practices] [--filter-check-ai-detectors] [--filter-check-all]
                    [--filter-check-none] [--check-all] [--check-suicidal] [--check-upgradeable]
                    [--check-erc20] [--check-erc721] [--check-reentrancy] [--check-gas-optimization]
                    [--check-code-quality] [--check-best-practices] [--check-ai-detectors] [--check-none]
                    [--check-all-detectors] [--check-all-severity] [--check-all-impact] [--check-all-confidence]
                    [--check-all-categories] [--check-all-filters] [--check-all-options] [--check-all]
                    [--check-none] [--report-format {json,markdown,sarif,text,zip}] [--report-output OUTPUT]
                    [--report-severity REPORT_SEVERITY] [--report-impact REPORT_IMPACT]
                    [--report-confidence REPORT_CONFIDENCE] [--report-check-suicidal]
                    [--report-check-upgradeable] [--report-check-erc20] [--report-check-erc721]
                    [--report-check-reentrancy] [--report-check-gas-optimization] [--report-check-code-quality]
                    [--report-check-best-practices] [--report-check-ai-detectors] [--report-check-all]
                    [--report-check-none] [--report-all] [--report-suicidal] [--report-upgradeable]
                    [--report-erc20] [--report-erc721] [--report-reentrancy] [--report-gas-optimization]
                    [--report-code-quality] [--report-best-practices] [--report-ai-detectors] [--report-none]
                    [--report-all-detectors] [--report-all-severity] [--report-all-impact]
                    [--report-all-confidence] [--report-all-categories] [--report-all-filters]
                    [--report-all-options] [--report-all] [--report-none] [--ai-enabled] [--ai-disabled]
                    [--ai-priority-high] [--ai-priority-medium] [--ai-priority-low] [--ai-priority-all]
                    [--ai-priority-none] [--ai-confidence-high] [--ai-confidence-medium] [--ai-confidence-low]
                    [--ai-confidence-all] [--ai-confidence-none] [--ai-detectors-all] [--ai-detectors-none]
                    [--ai-detectors-specific AI_DETECTORS_SPECIFIC] [--ai-detectors-exclude AI_DETECTORS_EXCLUDE]
                    [--ai-models-path AI_MODELS_PATH] [--ai-models-update] [--ai-models-download]
                    [--ai-models-list] [--ai-models-info] [--ai-models-version] [--ai-models-check]
                    [--ai-models-upgrade] [--ai-models-remove] [--ai-models-clean] [--ai-models-reset]
                    [--ai-models-backup] [--ai-models-restore] [--ai-models-export] [--ai-models-import]
                    [--ai-models-config AI_MODELS_CONFIG] [--ai-models-config-update] [--ai-models-config-reset]
                    [--ai-models-config-export] [--ai-models-config-import] [--ai-models-config-list]
                    [--ai-models-config-info] [--ai-models-config-version] [--ai-models-config-check]
                    [--ai-models-config-upgrade] [--ai-models-config-remove] [--ai-models-config-clean]
                    [--ai-models-config-reset] [--ai-models-config-backup] [--ai-models-config-restore]
                    [--ai-models-config-export] [--ai-models-config-import] [--ai-models-config-path AI_MODELS_CONFIG_PATH]
                    [--ai-models-config-file AI_MODELS_CONFIG_FILE] [--ai-models-config-url AI_MODELS_CONFIG_URL]
                    [--ai-models-config-name AI_MODELS_CONFIG_NAME] [--ai-models-config-description AI_MODELS_CONFIG_DESCRIPTION]
                    [--ai-models-config-version-major AI_MODELS_CONFIG_VERSION_MAJOR]
                    [--ai-models-config-version-minor AI_MODELS_CONFIG_VERSION_MINOR]
                    [--ai-models-config-version-patch AI_MODELS_CONFIG_VERSION_PATCH]
                    [--ai-models-config-author AI_MODELS_CONFIG_AUTHOR]
                    [--ai-models-config-license AI_MODELS_CONFIG_LICENSE]
                    [--ai-models-config-url-documentation AI_MODELS_CONFIG_URL_DOCUMENTATION]
                    [--ai-models-config-url-source AI_MODELS_CONFIG_URL_SOURCE]
                    [--ai-models-config-url-issues AI_MODELS_CONFIG_URL_ISSUES]
                    [--ai-models-config-url-changelog AI_MODELS_CONFIG_URL_CHANGELOG]
                    [--ai-models-config-url-support AI_MODELS_CONFIG_URL_SUPPORT]
                    [--ai-models-config-url-website AI_MODELS_CONFIG_URL_WEBSITE]
                    [--ai-models-config-url-logo AI_MODELS_CONFIG_URL_LOGO]
                    [--ai-models-config-url-icon AI_MODELS_CONFIG_URL_ICON]
                    [--ai-models-config-url-banner AI_MODELS_CONFIG_URL_BANNER]
                    [--ai-models-config-url-screenshot AI_MODELS_CONFIG_URL_SCREENSHOT]
                    [--ai-models-config-url-video AI_MODELS_CONFIG_URL_VIDEO]
                    [--ai-models-config-url-demo AI_MODELS_CONFIG_URL_DEMO]
                    [--ai-models-config-url-documentation-api AI_MODELS_CONFIG_URL_DOCUMENTATION_API]
                    [--ai-models-config-url-documentation-user AI_MODELS_CONFIG_URL_DOCUMENTATION_USER]
                    [--ai-models-config-url-documentation-developer AI_MODELS_CONFIG_URL_DOCUMENTATION_DEVELOPER]
                    [--ai-models-config-url-documentation-faq AI_MODELS_CONFIG_URL_DOCUMENTATION_FAQ]
                    [--ai-models-config-url-documentation-tutorial AI_MODELS_CONFIG_URL_DOCUMENTATION_TUTORIAL]
                    [--ai-models-config-url-documentation-guide AI_MODELS_CONFIG_URL_DOCUMENTATION_GUIDE]
                    [--ai-models-config-url-documentation-whitepaper AI_MODELS_CONFIG_URL_DOCUMENTATION_WHITEPAPER]
                    [--ai-models-config-url-documentation-roadmap AI_MODELS_CONFIG_URL_DOCUMENTATION_ROADMAP]
                    [--ai-models-config-url-documentation-blog AI_MODELS_CONFIG_URL_DOCUMENTATION_BLOG]
                    [--ai-models-config-url-documentation-community AI_MODELS_CONFIG_URL_DOCUMENTATION_COMMUNITY]

This comprehensive usage guide provides information on all the available options and features of the SherlockChain framework, including:

Vulnerability detection options: --detect, --exclude-detectors
Reporting options: --report-format, --report-output, --report-*
Filtering options: --filter-*
AI integration options: --ai-*
Integration with development frameworks: --truffle, --truffle-build-directory
Miscellaneous options: --compile, --list-detectors, --list-detectors-info

By reviewing this comprehensive usage guide, you can quickly understand how to leverage the full capabilities of the SherlockChain framework to analyze your smart contracts and identify potential vulnerabilities. This will help you ensure the security and reliability of your DeFi protocol before deployment.

AI-Powered Detectors

Num	Detector	What it Detects	Impact	Confidence
1	`ai-anomaly-detection`	Detect anomalous code patterns using advanced AI models	High	High
2	`ai-vulnerability-prediction`	Predict potential vulnerabilities using machine learning	High	High
3	`ai-code-optimization`	Suggest code optimizations based on AI-driven analysis	Medium	High
4	`ai-contract-complexity`	Assess contract complexity and maintainability using AI	Medium	High
5	`ai-gas-optimization`	Identify gas-optimizing opportunities with AI	Medium	Medium

Detectors

Num	Detector	What it Detects	Impact	Confidence
1	`abiencoderv2-array`	Storage abiencoderv2 array	High	High
2	`arbitrary-send-erc20`	transferFrom uses arbitrary `from`	High	High
3	`array-by-reference`	Modifying storage array by value	High	High
4	`encode-packed-collision`	ABI encodePacked Collision	High	High
5	`incorrect-shift`	The order of parameters in a shift instruction is incorrect.	High	High
6	`multiple-constructors`	Multiple constructor schemes	High	High
7	`name-reused`	Contract's name reused	High	High
8	`protected-vars`	Detected unprotected variables	High	High
9	`public-mappings-nested`	Public mappings with nested variables	High	High
10	`rtlo`	Right-To-Left-Override control character is used	High	High
11	`shadowing-state`	State variables shadowing	High	High
12	`suicidal`	Functions allowing anyone to destruct the contract	High	High
13	`uninitialized-state`	Uninitialized state variables	High	High
14	`uninitialized-storage`	Uninitialized storage variables	High	High
15	`unprotected-upgrade`	Unprotected upgradeable contract	High	High
16	`codex`	Use Codex to find vulnerabilities.	High	Low
17	`arbitrary-send-erc20-permit`	transferFrom uses arbitrary from with permit	High	Medium
18	`arbitrary-send-eth`	Functions that send Ether to arbitrary destinations	High	Medium
19	`controlled-array-length`	Tainted array length assignment	High	Medium
20	`controlled-delegatecall`	Controlled delegatecall destination	High	Medium
21	`delegatecall-loop`	Payable functions using `delegatecall` inside a loop	High	Medium
22	`incorrect-exp`	Incorrect exponentiation	High	Medium
23	`incorrect-return`	If a `return` is incorrectly used in assembly mode.	High	Medium
24	`msg-value-loop`	msg.value inside a loop	High	Medium
25	`reentrancy-eth`	Reentrancy vulnerabilities (theft of ethers)	High	Medium
26	`return-leave`	If a `return` is used instead of a `leave`.	High	Medium
27	`storage-array`	Signed storage integer array compiler bug	High	Medium
28	`unchecked-transfer`	Unchecked tokens transfer	High	Medium
29	`weak-prng`	Weak PRNG	High	Medium
30	`domain-separator-collision`	Detects ERC20 tokens that have a function whose signature collides with EIP-2612's DOMAIN_SEPARATOR()	Medium	High
31	`enum-conversion`	Detect dangerous enum conversion	Medium	High
32	`erc20-interface`	Incorrect ERC20 interfaces	Medium	High
33	`erc721-interface`	Incorrect ERC721 interfaces	Medium	High
34	`incorrect-equality`	Dangerous strict equalities	Medium	High
35	`locked-ether`	Contracts that lock ether	Medium	High
36	`mapping-deletion`	Deletion on mapping containing a structure	Medium	High
37	`shadowing-abstract`	State variables shadowing from abstract contracts	Medium	High
38	`tautological-compare`	Comparing a variable to itself always returns true or false, depending on comparison	Medium	High
39	`tautology`	Tautology or contradiction	Medium	High
40	`write-after-write`	Unused write	Medium	High
41	`boolean-cst`	Misuse of Boolean constant	Medium	Medium
42	`constant-function-asm`	Constant functions using assembly code	Medium	Medium
43	`constant-function-state`	Constant functions changing the state	Medium	Medium
44	`divide-before-multiply`	Imprecise arithmetic operations order	Medium	Medium
45	`out-of-order-retryable`	Out-of-order retryable transactions	Medium	Medium
46	`reentrancy-no-eth`	Reentrancy vulnerabilities (no theft of ethers)	Medium	Medium
47	`reused-constructor`	Reused base constructor	Medium	Medium
48	`tx-origin`	Dangerous usage of `tx.origin`	Medium	Medium
49	`unchecked-lowlevel`	Unchecked low-level calls	Medium	Medium
50	`unchecked-send`	Unchecked send	Medium	Medium
51	`uninitialized-local`	Uninitialized local variables	Medium	Medium
52	`unused-return`	Unused return values	Medium	Medium
53	`incorrect-modifier`	Modifiers that can return the default value	Low	High
54	`shadowing-builtin`	Built-in symbol shadowing	Low	High
55	`shadowing-local`	Local variables shadowing	Low	High
56	`uninitialized-fptr-cst`	Uninitialized function pointer calls in constructors	Low	High
57	`variable-scope`	Local variables used prior their declaration	Low	High
58	`void-cst`	Constructor called not implemented	Low	High
59	`calls-loop`	Multiple calls in a loop	Low	Medium
60	`events-access`	Missing Events Access Control	Low	Medium
61	`events-maths`	Missing Events Arithmetic	Low	Medium
62	`incorrect-unary`	Dangerous unary expressions	Low	Medium
63	`missing-zero-check`	Missing Zero Address Validation	Low	Medium
64	`reentrancy-benign`	Benign reentrancy vulnerabilities	Low	Medium
65	`reentrancy-events`	Reentrancy vulnerabilities leading to out-of-order Events	Low	Medium
66	`return-bomb`	A low level callee may consume all callers gas unexpectedly.	Low	Medium
67	`timestamp`	Dangerous usage of `block.timestamp`	Low	Medium
68	`assembly`	Assembly usage	Informational	High
69	`assert-state-change`	Assert state change	Informational	High
70	`boolean-equal`	Comparison to boolean constant	Informational	High
71	`cyclomatic-complexity`	Detects functions with high (> 11) cyclomatic complexity	Informational	High
72	`deprecated-standards`	Deprecated Solidity Standards	Informational	High
73	`erc20-indexed`	Un-indexed ERC20 event parameters	Informational	High
74	`function-init-state`	Function initializing state variables	Informational	High
75	`incorrect-using-for`	Detects using-for statement usage when no function from a given library matches a given type	Informational	High
76	`low-level-calls`	Low level calls	Informational	High
77	`missing-inheritance`	Missing inheritance	Informational	High
78	`naming-convention`	Conformity to Solidity naming conventions	Informational	High
79	`pragma`	If different pragma directives are used	Informational	High
80	`redundant-statements`	Redundant statements	Informational	High
81	`solc-version`	Incorrect Solidity version	Informational	High
82	`unimplemented-functions`	Unimplemented functions	Informational	High
83	`unused-import`	Detects unused imports	Informational	High
84	`unused-state`	Unused state variables	Informational	High
85	`costly-loop`	Costly operations in a loop	Informational	Medium
86	`dead-code`	Functions that are not used	Informational	Medium
87	`reentrancy-unlimited-gas`	Reentrancy vulnerabilities through send and transfer	Informational	Medium
88	`similar-names`	Variable names are too similar	Informational	Medium
89	`too-many-digits`	Conformance to numeric notation best practices	Informational	Medium
90	`cache-array-length`	Detects `for` loops that use `length` member of some storage array in their loop condition and don't modify it.	Optimization	High
91	`constable-states`	State variables that could be declared constant	Optimization	High
92	`external-function`	Public function that could be declared external	Optimization	High
93	`immutable-states`	State variables that could be declared immutable	Optimization	High
94	`var-read-using-this`	Contract reads its own variable using `this`	Optimization	High

Open Source Agenda is not affiliated with "SherlockChain" Project. README Source: 0xQuantumCoder/SherlockChain

Stars

106

Open Issues

Last Commit

2 weeks ago

Repository

0xQuantumCoder/SherlockChain

License

AGPL-3.0

Open Source Agenda Badge

<a href="https://www.opensourceagenda.com/projects/sherlockchain"><img src="https://www.opensourceagenda.com/projects/sherlockchain/reviews/badge.svg" alt="Open Source Agenda"></a>

Submit Review Review Your Favorite Project

Submit Resource Articles, Courses, Videos

Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?

From the blog

Dec 11, 2022