Unable to get the example running

[RickVM]

This example is for the openchrono repo

1. cd src/apps/contracts
2. git submodule add git@github.com:Byont-Ventures/smart-contract-analysis-tools.git security-scans
3. Based on example

   yarn --cwd ./ run scan:generate-report \
    /Users/rick/Documents/projects/openchrono/apps/contracts/security-scans/ \
    ../  \
    /Users/rick/Documents/projects/openchrono/apps/contracts/analysis-config.toml

Result:

yarn run v1.22.19
warning package.json: No license field
warning ../package.json: No license field
$ cargo run --manifest-path ./report_generator/Cargo.toml --  /Users/rick/Documents/projects/openchrono/apps/contracts/security-scans ../ /Users/rick/Documents/projects/openchrono/apps/contracts/analysis-config.toml
warning: function `type_of` is never used
  --> /Users/rick/Documents/projects/openchrono/apps/contracts/security-scans/slither/slither_runner/src/lib.rs:12:4
   |
[..... Lots of warnings]

warning: `report_generator` (bin "report_generator") generated 12 warnings (run `cargo fix --bin "report_generator"` to apply 3 suggestions)
    Finished dev [unoptimized + debuginfo] target(s) in 0.09s
     Running `report_generator/target/debug/report_generator /Users/rick/Documents/projects/openchrono/apps/contracts/security-scans/ ../ /Users/rick/Documents/projects/openchrono/apps/contracts/analysis-config.toml`
thread 'main' panicked at /Users/rick/Documents/projects/openchrono/apps/contracts/security-scans/slither/slither_runner/src/lib.rs:39:62:
called `Result::unwrap()` on an `Err` value: Os { code: 2, kind: NotFound, message: "No such file or directory" }
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
error Command failed with exit code 101.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.

[enzoevers]

What is in apps/contracts/security-scans/slither/results/TimePieceEscrow/TimePieceEscrow-Slither.result? And how does your analysis-config.toml look?

But from the error message it seems that path to security scanner/slither/slither.config.json can't be found. This file exists and is updated during execution. Before running slither.

You could try adding the following lines in security-scans/slither/slither_runner/src/lib.rs before line 39:

println!("\nslither_config_path: {slither_config_path}\n");
println!("\nslither_config_tmp_path: {slither_config_tmp_path}\n");

[enzoevers]

I guess that in your case you need to use:

yarn --cwd ./ run scan:generate-report                                                                        \
     /Users/rick/Documents/projects/openchrono/apps/contracts/                                \
     ./                                                                                                                             \
     /Users/rick/Documents/projects/openchrono/apps/contracts/analysis-config.toml

[enzoevers]

I was able to create slither reports (see report-openchrono-slither.zip). However, I had to update the docker file (Dockerfile.analysisToolbox) a bit. Since the Byont analysis-toolbox image was only build for apple silicon and building it from scratch gave from build problems. So I commented out the base-ubuntu-tooling-z3-solc-kevm part, the # Install Mythril part and updated SLITHER_VERSION to 0.10.0. I also updated SOLC_VERSION to 0.8.23 but I don't know if that was really needed.

With SLITHER_VERSION=0.9.2 I got the following error when running slither: slither.exceptions.SlitherException: unresolved reference to identifier INITIALIZABLE_STORAGE.

This is my apps/contracts/analysis-config.toml:

[environment]
security_scans_rel_path = "./security-scans"
source_rel_path = "./src"
remappings = [
    "ds-test/=libs/forge-std/lib/ds-test/src/",
    "@openzeppelin/contracts-upgradeable/=libs/openzeppelin-contracts-upgradeable/contracts/",
    "@openzeppelin/contracts/=libs/openzeppelin-contracts/contracts/",
    "@openzeppelin/foundry-upgrades/=libs/openzeppelin-foundry-upgrades/src/",
    "@contracts/=src/",
    "@interfaces/=src/interfaces/",
    "ds-test/=libs/ds-test/src/",
    "forge-std/=libs/forge-std/src/"
]
solc_version = "0.8.23"

[report]
report_output_rel_path = "./report"

[[report.contract]]
name = "TimePieceEscrow"
report_custom_name = ""

[[report.contract]]
name = "TimePiecePayments"
report_custom_name = ""

[[report.contract]]
name = "TimePiecePassport"
report_custom_name = ""

[mythril]
enabled = false

[slither]
enabled = true

[smtchecker]
enabled = false

[kevm]
enabled = false
kevm_spec_rel_path = "./kevm-specs"