diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9dfec98..a4ba35d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -27,13 +27,45 @@ jobs: - name: Run Unit Tests run: make test + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: '3.10' + - name: Run Integration Tests run: make anvil-test - - name: Run Slither - uses: crytic/slither-action@v0.3.0 + analyze-message-transmitter: + runs-on: ubuntu-latest + steps: + - name: Check out repository code + uses: actions/checkout@v4 + with: + submodules: 'true' + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: '3.10' + + - name: Run Static Analysis on Message Transmitter + run: make analyze-message-transmitter + + analyze-token-messenger-minter: + runs-on: ubuntu-latest + steps: + - name: Check out repository code + uses: actions/checkout@v4 + with: + submodules: 'true' + + - name: Set up Python + uses: actions/setup-python@v5 with: - fail-on: none + python-version: '3.10' + + - name: Run Static Analysis on Token Messenger Minter + run: make analyze-token-messenger-minter scan: needs: lint-and-test diff --git a/Makefile b/Makefile index 3fa14cf..81470a7 100644 --- a/Makefile +++ b/Makefile @@ -17,7 +17,7 @@ deploy: anvil: docker rm -f anvil || true - @${ANVIL} "anvil --host 0.0.0.0 -a 13 --code-size-limit 250000" + @${ANVIL} "anvil --host 0.0.0.0 -a 13 --code-size-limit 250000" anvil-test: anvil pip3 install -r requirements.txt @@ -31,10 +31,15 @@ cast-call: cast-send: @docker exec anvil cast send ${contract_address} "${function}" --rpc-url http://localhost:8545 --private-key 0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80 - + clean: @${FOUNDRY} "forge clean" -analyze: - pip3 install -r requirements.txt - slither . +analyze-message-transmitter: + pip3 install mythril==0.24.8 + myth -v4 analyze src/MessageTransmitter.sol --solc-json mythril.config.json --solv 0.7.6 + +analyze-token-messenger-minter: + pip3 install mythril==0.24.8 + myth -v4 analyze src/TokenMessenger.sol --solc-json mythril.config.json --solv 0.7.6 + myth -v4 analyze src/TokenMinter.sol --solc-json mythril.config.json --solv 0.7.6 diff --git a/README.md b/README.md index 2e0cdd9..039d996 100644 --- a/README.md +++ b/README.md @@ -38,7 +38,7 @@ Run `make anvil-test` to setup `anvil` test node in docker container and run int Run `yarn lint` to lint all `.sol` files in the `src` and `test` directories. ### Static analysis -Run `make analyze` to set up Python dependencies from `requirements.txt` and run Slither on all source files, requiring the foundry cli to be installed locally. If all dependencies have been installed, alternatively run `slither .` to run static analysis on all `.sol` files in the `src` directory. +Run `make analyze-{message-transmitter | token-messenger-minter}` to set up Mythril dependency and run Mythril on all source files. If Mythril dependency has been installed, alternatively run `myth -v4 analyze $FILE_PATH --solc-json mythril.config.json --solv 0.7.6` to run static analysis on a `.sol` file at the given `$FILE_PATH`. Please note that this can take several minutes. ### Continuous Integration using Github Actions We use Github actions to run linter and all the tests. The workflow configuration can be found in [.github/workflows/ci.yml](.github/workflows/ci.yml) @@ -79,4 +79,4 @@ The contracts are deployed using [Forge Scripts](https://book.getfoundry.sh/tuto 3. Run `make deploy RPC_URL= SENDER=` to deploy the contracts ## License -For license information, see LICENSE and additional notices stored in NOTICES. \ No newline at end of file +For license information, see LICENSE and additional notices stored in NOTICES. diff --git a/mythril.config.json b/mythril.config.json new file mode 100644 index 0000000..62a08ae --- /dev/null +++ b/mythril.config.json @@ -0,0 +1,8 @@ +{ + "remappings": [ + "@memview-sol/=lib/memview-sol/", + "@openzeppelin/=lib/openzeppelin-contracts/", + "ds-test/=lib/ds-test/src/", + "forge-std/=lib/forge-std/src/" + ] +} diff --git a/requirements.txt b/requirements.txt index 5d92b31..76697de 100644 --- a/requirements.txt +++ b/requirements.txt @@ -34,7 +34,6 @@ requests==2.28.1 rlp==2.0.1 semantic-version==2.10.0 six==1.16.0 -slither-analyzer==0.8.3 toolz==0.12.0 urllib3==1.26.11 varint==1.0.2 diff --git a/slither.config.json b/slither.config.json deleted file mode 100644 index 14d940b..0000000 --- a/slither.config.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "filter_paths": "lib|test", - "solc_remaps": [ - "@memview-sol/=lib/memview-sol", - "@openzeppelin/=lib/openzeppelin-contracts", - "ds-test/=lib/ds-test/src/", - "forge-std/=lib/forge-std/src/" - ] - } \ No newline at end of file