UNPKG

xrpl-evm-auditor

Version:

A Solidity static analysis tool for XRPL EVM sidechain. Detects common smart contract vulnerabilities.

77 lines (47 loc) โ€ข 1.96 kB
# ๐Ÿ“ฆ XRPL EVM Solidity Smart Contract Security Analyzer [![npm version](https://badge.fury.io/js/xrpl-evm-auditor.svg)](https://badge.fury.io/js/xrpl-evm-auditor) A lightweight static analysis tool to detect common security vulnerabilities in Solidity smart contracts running on the XRPL EVM Sidechain. ## ๐Ÿš€ Features - ๐Ÿ” Detects tx.origin misuse. - โš™๏ธ Detects low-level calls: .call, .delegatecall, .send. - ๐Ÿ’ธ Detects unchecked ERC20 methods: transfer, approve, transferFrom. - โฐ Detects block.timestamp misuse. - โš”๏ธ Detects dangerous opcodes: blockhash, selfdestruct. - ๐Ÿšช Detects missing access control on state-changing public/external functions. - ๐Ÿ’จ Detects gas optimization issues: unbounded loops, storage writes inside loops, multiple writes to the same storage slot. - ๐Ÿ“œ Outputs reports in Markdown or JSON formats. ## โš™๏ธ Installation (Optional for local use) ``` git clone https://github.com/hiddenciphers/xrpl-evm-auditor.git cd xrpl-evm-auditor npm install ``` ## ๐Ÿ’ป Usage (via NPX โ€” no install required) Analyze a Solidity contract directly: ``` npx xrpl-evm-auditor analyze ./contracts/YourContract.sol --format markdown ``` ### Options: - `--format markdown`: Output as Markdown. - `--format json`: Output as JSON. ## ๐Ÿงช Run Tests (if cloned locally) `npm test` ## ๐Ÿ“„ Example Usage & Output `npm start analyze ./contracts/sample.sol --format markdown ` Example Output (Markdown): ``` # Audit Report for ./contracts/sample.sol ## Issues Found (2) ### 1. Use of tx.origin detected **Type:** Security **Description:** Avoid using tx.origin for authorization. Use msg.sender instead. **Location:** Line 12 ``` ## ๐Ÿ“ฌ Contributions PRs are welcome! Please open an issue to discuss any major changes or ideas first. ## ๐Ÿ“œ License MIT License ## ๐ŸŒ Links - npm Package: https://www.npmjs.com/package/xrpl-evm-auditor - GitHub Repo: https://github.com/hiddenciphers/xrpl-evm-auditor