xrpl-evm-auditor
Version:
A Solidity static analysis tool for XRPL EVM sidechain. Detects common smart contract vulnerabilities.
77 lines (47 loc) โข 1.96 kB
Markdown
# ๐ฆ XRPL EVM Solidity Smart Contract Security Analyzer
[](https://badge.fury.io/js/xrpl-evm-auditor)
A lightweight static analysis tool to detect common security vulnerabilities in Solidity smart contracts running on the XRPL EVM Sidechain.
## ๐ Features
- ๐ Detects tx.origin misuse.
- โ๏ธ Detects low-level calls: .call, .delegatecall, .send.
- ๐ธ Detects unchecked ERC20 methods: transfer, approve, transferFrom.
- โฐ Detects block.timestamp misuse.
- โ๏ธ Detects dangerous opcodes: blockhash, selfdestruct.
- ๐ช Detects missing access control on state-changing public/external functions.
- ๐จ Detects gas optimization issues: unbounded loops, storage writes inside loops, multiple writes to the same storage slot.
- ๐ Outputs reports in Markdown or JSON formats.
## โ๏ธ Installation (Optional for local use)
```
git clone https://github.com/hiddenciphers/xrpl-evm-auditor.git
cd xrpl-evm-auditor
npm install
```
## ๐ป Usage (via NPX โ no install required)
Analyze a Solidity contract directly:
```
npx xrpl-evm-auditor analyze ./contracts/YourContract.sol --format markdown
```
### Options:
- `--format markdown`: Output as Markdown.
- `--format json`: Output as JSON.
## ๐งช Run Tests (if cloned locally)
`npm test`
## ๐ Example Usage & Output
`npm start analyze ./contracts/sample.sol --format markdown
`
Example Output (Markdown):
```
# Audit Report for ./contracts/sample.sol
## Issues Found (2)
### 1. Use of tx.origin detected
**Type:** Security
**Description:** Avoid using tx.origin for authorization. Use msg.sender instead.
**Location:** Line 12
```
## ๐ฌ Contributions
PRs are welcome! Please open an issue to discuss any major changes or ideas first.
## ๐ License
MIT License
## ๐ Links
- npm Package: https://www.npmjs.com/package/xrpl-evm-auditor
- GitHub Repo: https://github.com/hiddenciphers/xrpl-evm-auditor