Smart Contract Code Review Using Smartcheck

Posted By : Ayush Gupta | 27-Dec-2021

What is Smart Contract?

Smart contracts came into the existence first time in 1994 and were proposed by Nick Szabo, who is an American computer scientist.

Szabo was the one who was the inventor of the virtual currency known as "Bit Gold" in the year 1998.

Smart contracts are contracts between two entities such as buyer and seller with the terms of the agreement between the two and written in a form of code.

The code and agreements in a smart contract are placed across a distributed and decentralized blockchain network.

The transactions of a smart contract can be tracked and are irreversible.

 

Advantages of Smart Contract Review:

1. It helps in determining bugs in the smart contract.
2. It helps in checking the best practice used in smart contract development.
3. It helps in providing tips for improving the security and readability of smart contracts.
4. It helps in finding the design defects, logic issues, and access controls.
5. It helps in checking loops in a smart contract for miner attacks.

 

What is the smart check?

 

A smart check is an analysis tool for finding bugs and vulnerabilities and other issues in a code of smart contract which is written in solidity language.

 

Pre-requisites

 

1. Java 8 must be installed in a system.

If not installed then in ubuntu you can install using the below command:-

 

#sudo apt install openjdk-8-jdk

 

STEPS FOR CODE REVIEW

 

1. Download the smart check tool from the below link.

https://drive.google.com/drive/folders/1TNnnteMfD-0yi9ApXEMUshRyjF47xZAj?usp=sharing

You will see the following after downloading

 

ayush@ayush:~/Downloads/smartcheck$ ls
artifacts  cache      hardhat.config.js  main          pom.xml    report.txt  rule_descriptions  sol.sh  src     test
astra      contracts  LICENSE            package.json  README.md  roman       smart-contract     somoto  target  tests_not_used_now

 

2. Locate the code for a smart contract in your system.

For eg. The code files are in the contracts folder.

Then copy the path of the folder.

 

3. Go to the smartcheck tool and locate " smartcheck-2.1-SNAPSHOT-jar-with-dependencies.jar " inside target folder.

 

ayush@ayush:~/Downloads/smartcheck/target$ ls smartcheck-2.1-SNAPSHOT-jar-with-dependencies.jar
smartcheck-2.1-SNAPSHOT-jar-with-dependencies.jar

 

4. Now to start the analysis of the contract run the below command and pass the directory which contains the contract code files.

 

java -jar smartcheck-2.1-SNAPSHOT-jar-with-dependencies.jar -p <path to the contract code files>

 

5. After the code has been analysed the following output will be shown on the screen.

 

../contract/
   3:16    severity:1   Compiler version not fixed                   SOLIDITY_PRAGMAS_VERSION_23fc32                       
   20:12   severity:1   Private modifier                             SOLIDITY_PRIVATE_MODIFIER_DOES_NOT_HIDE_DATA_5616b2   
   28:4    severity:1   Prefer external to public visibility level   SOLIDITY_UNUSED_FUNCTION_SHOULD_BE_EXTERNAL_73ufc1    
   35:4    severity:1   Prefer external to public visibility level   SOLIDITY_UNUSED_FUNCTION_SHOULD_BE_EXTERNAL_73ufc1    
   54:4    severity:1   Prefer external to public visibility level   SOLIDITY_UNUSED_FUNCTION_SHOULD_BE_EXTERNAL_73ufc1    
   63:4    severity:1   Prefer external to public visibility level   SOLIDITY_UNUSED_FUNCTION_SHOULD_BE_EXTERNAL_73ufc1    
../contract/
   3:16    severity:1   Compiler version not fixed                   SOLIDITY_PRAGMAS_VERSION_23fc32                       
   21:12   severity:1   Private modifier                             SOLIDITY_PRIVATE_MODIFIER_DOES_NOT_HIDE_DATA_5616b2   
   80:16   severity:1   Private modifier                             SOLIDITY_PRIVATE_MODIFIER_DOES_NOT_HIDE_DATA_5616b2   
   46:4    severity:1   Prefer external to public visibility level   SOLIDITY_UNUSED_FUNCTION_SHOULD_BE_EXTERNAL_73ufc1    
   65:4    severity:1   Prefer external to public visibility level   SOLIDITY_UNUSED_FUNCTION_SHOULD_BE_EXTERNAL_73ufc1    
   74:4    severity:1   Prefer external to public visibility level   SOLIDITY_UNUSED_FUNCTION_SHOULD_BE_EXTERNAL_73ufc1   

 

6. Copy the command output and paste it in a text file and name the file as desired.


7. The rules and their description for smart contract development can be found at the below link.

 

rules :https://github.com/smartdec/smartcheck/tree/master/rule_descriptions

 

Conclusion

 

A smart check is an efficient tool for reviewing smart contract code quality and fixing bugs and vulnerabilities.

It helps in creating more secure and good-quality smart contracts.

 

 

 

About Author

loading
Ayush Gupta

He is an engineering graduate in computer science. He's interested in learning new technologies and taking up new challenges. His skills include DevOps, Ansible, RedHat v8, AWS Cloud, and OpenStack.

Leave a Comment

Name is required

Comment is required

Recaptcha is required.

No Comments Yet.

    Request For Proposal

    By using this site, you allow our use of cookies. For more information on the cookies we use and how to delete or block them, please read our cookie notice.

    We would love to hear from you!

    Oodles | Blockchain Development Company

    Please enter a valid Phone Number

    Please remove URL from text

    Recaptcha is required.