What is Smart Contract?
Smart contracts came into the existence first time in 1994 and were proposed by Nick Szabo, who is an American computer scientist.
Szabo was the one who was the inventor of the virtual currency known as "Bit Gold" in the year 1998.
Smart contracts are contracts between two entities such as buyer and seller with the terms of the agreement between the two and written in a form of code.
The code and agreements in a smart contract are placed across a distributed and decentralized blockchain network.
The transactions of a smart contract can be tracked and are irreversible.
Advantages of Smart Contract Review:
1. It helps in determining bugs in the smart contract.
2. It helps in checking the best practice used in smart contract development.
3. It helps in providing tips for improving the security and readability of smart contracts.
4. It helps in finding the design defects, logic issues, and access controls.
5. It helps in checking loops in a smart contract for miner attacks.
What is the smart check?
A smart check is an analysis tool for finding bugs and vulnerabilities and other issues in a code of smart contract which is written in solidity language.
Pre-requisites
1. Java 8 must be installed in a system.
If not installed then in ubuntu you can install using the below command:-
#sudo apt install openjdk-8-jdk
STEPS FOR CODE REVIEW
1. Download the smart check tool from the below link.
https://drive.google.com/drive/folders/1TNnnteMfD-0yi9ApXEMUshRyjF47xZAj?usp=sharing
You will see the following after downloading
ayush@ayush:~/Downloads/smartcheck$ ls
artifacts cache hardhat.config.js main pom.xml report.txt rule_descriptions sol.sh src test
astra contracts LICENSE package.json README.md roman smart-contract somoto target tests_not_used_now
2. Locate the code for a smart contract in your system.
For eg. The code files are in the contracts folder.
Then copy the path of the folder.
3. Go to the smartcheck tool and locate " smartcheck-2.1-SNAPSHOT-jar-with-dependencies.jar " inside target folder.
ayush@ayush:~/Downloads/smartcheck/target$ ls smartcheck-2.1-SNAPSHOT-jar-with-dependencies.jar
smartcheck-2.1-SNAPSHOT-jar-with-dependencies.jar
4. Now to start the analysis of the contract run the below command and pass the directory which contains the contract code files.
java -jar smartcheck-2.1-SNAPSHOT-jar-with-dependencies.jar -p <path to the contract code files>
5. After the code has been analysed the following output will be shown on the screen.
../contract/
3:16 severity:1 Compiler version not fixed SOLIDITY_PRAGMAS_VERSION_23fc32
20:12 severity:1 Private modifier SOLIDITY_PRIVATE_MODIFIER_DOES_NOT_HIDE_DATA_5616b2
28:4 severity:1 Prefer external to public visibility level SOLIDITY_UNUSED_FUNCTION_SHOULD_BE_EXTERNAL_73ufc1
35:4 severity:1 Prefer external to public visibility level SOLIDITY_UNUSED_FUNCTION_SHOULD_BE_EXTERNAL_73ufc1
54:4 severity:1 Prefer external to public visibility level SOLIDITY_UNUSED_FUNCTION_SHOULD_BE_EXTERNAL_73ufc1
63:4 severity:1 Prefer external to public visibility level SOLIDITY_UNUSED_FUNCTION_SHOULD_BE_EXTERNAL_73ufc1
../contract/
3:16 severity:1 Compiler version not fixed SOLIDITY_PRAGMAS_VERSION_23fc32
21:12 severity:1 Private modifier SOLIDITY_PRIVATE_MODIFIER_DOES_NOT_HIDE_DATA_5616b2
80:16 severity:1 Private modifier SOLIDITY_PRIVATE_MODIFIER_DOES_NOT_HIDE_DATA_5616b2
46:4 severity:1 Prefer external to public visibility level SOLIDITY_UNUSED_FUNCTION_SHOULD_BE_EXTERNAL_73ufc1
65:4 severity:1 Prefer external to public visibility level SOLIDITY_UNUSED_FUNCTION_SHOULD_BE_EXTERNAL_73ufc1
74:4 severity:1 Prefer external to public visibility level SOLIDITY_UNUSED_FUNCTION_SHOULD_BE_EXTERNAL_73ufc1
6. Copy the command output and paste it in a text file and name the file as desired.
7. The rules and their description for smart contract development can be found at the below link.
rules :https://github.com/smartdec/smartcheck/tree/master/rule_descriptions
Conclusion
A smart check is an efficient tool for reviewing smart contract code quality and fixing bugs and vulnerabilities.
It helps in creating more secure and good-quality smart contracts.