A powerful Solidity static analyzer that takes a bird's eye view over your smart contracts.
Docs Get support Website Twitter
Aderyn is an open-source public good developer tool. It is a Rust-based solidity smart contract static analyzer designed to help protocol engineers and security researchers find vulnerabilities in Solidity code bases.
Thanks to its collection of static vulnerability detectors, running Cyfrin Aderyn on your Solidity codebase will highlight potential vulnerabilities, drastically reducing the potential for unknown issues in your Solidity code and giving you the time to focus on more complex problems.
Built using Rust, Aderyn integrates seamlessly into small and enterprise-level development workflows, offering lighting-fast command-line functionality and a framework to build custom detectors to adapt to your codebase.
You can read the Cyfrin official documentation for an in-depth look at Aderyn's functionalities.
There is also an officially supported VSCode extension for Aderyn. Download from the Visual Studio Marketplace and start identifying vulnerabilities in your Solidity code with ease.
- Off the shelf support for Foundry projects.
- Off the shelf support for Hardhat projects. (Sometimes
remappings.txtmaybe required) - Configuration file (
adeyrn.toml) needed to support custom frameworks. - Modular detectors
- AST Traversal
- Markdown reports
NOTE Windows users must have WSL installed
Cyfrinup is the cross platform installation manager for Cyfrin tools.
Run aderyn --version to check the installation.
Run cyfrinup to upgrade everything to the latest version.
curl --proto '=https' --tlsv1.2 -LsSf https://github.com/cyfrin/aderyn/releases/latest/download/aderyn-installer.sh | bashbrew install cyfrin/tap/aderynnpm install @cyfrin/aderyn -gIf you are installing with Curl or Homebrew or npm, ensure that the correct version of Aderyn in your path comes from either the Homebrew or npm global packages directory. If an older version exists at ~/.cyfrin/bin/aderyn, remove it using rm -f ~/.cyfrin/bin/aderyn, as this is no longer the default installation location.
Quick Start example with video guide.
cd path/to/solidity/project/root
aderyn
See examples using more CLI options here
Officially supported VSCode extension for Aderyn. Download from Visual Studio Marketplace
Help us build Aderyn π¦ Please see our contribution guidelines for in-depth developer environment setup and PR approval process. Aderyn is an open-source software licensed under the GPL-3.0 License.
Aderyn makes it easy to build Static Analysis detectors that can adapt to any Solidity codebase and protocol. This guide will teach you how to build, test, and run your custom Aderyn detectors. To learn how to create your custom Aderyn detectors, checkout the official docs
This project exists thanks to all the people who contribute.
- AST Visitor code from solc-ast-rs.
- Foundry Compilers for backend AST generation foundry-compilers
- Original detectors based on 4naly3er detectors.
- Shoutout to the original king of static analysis slither.
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}
![@github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=64&v=4){kind=small}
