Solgrep - A grammar aware Solidity query tool
In the last few years, the blockchain usage has been growing rapidly. A lot of industries have been using and developing blockchain platforms to perform decentralized computations. One of the most popular underlying technologies is the Ethereum blockchain. Executing, verifying and enforcing credible...
| Autor: | |
|---|---|
| Tipo de recurso: | tesis de maestría |
| Fecha de publicación: | 2022 |
| País: | España |
| Institución: | Universitat Oberta de Catalunya (UOC) |
| Repositorio: | O2, repositorio institucional de la UOC |
| OAI Identifier: | oai:openaccess.uoc.edu:10609/145646 |
| Acceso en línea: | http://hdl.handle.net/10609/145646 |
| Access Level: | acceso abierto |
| Palabra clave: | Semgrep AST grammar YAML Node.js gramàtica gramática Computer security -- TFM Seguretat informàtica -- TFM Seguridad informática -- TFM |
| Sumario: | In the last few years, the blockchain usage has been growing rapidly. A lot of industries have been using and developing blockchain platforms to perform decentralized computations. One of the most popular underlying technologies is the Ethereum blockchain. Executing, verifying and enforcing credible computable transactions on blockchains is done using smart contracts which the code is written using a Turing complete language. Those contracts are typically written in a high-level programming language called Solidity, then compiled to Ethereum Virtual Machine (EVM) assembly instructions and deployed to the Ethereum blockchain. So many tools have been written to analyze and find vulnerabilities in Solidity smart contracts from a static and dynamic standpoint. However, none of the already developed tools allow easy contribution by the community without actually having to modify the tool source code itself or write complex syntax specific queries. In this project we have created Solgrep. Solgrep is a tool that allows static semantic aware search on Solidity code. The initial idea of Solgrep was to be used as part of Smart Contracts Solidity Audits as a remarkable tool in the arsenal of an auditor. However, it was noticed that this tool could be easily integrated with current Solidity development stacks to find common bad patterns and coding mistakes that Solidity developers tend to do. |
|---|