ParserError: Source "..." not found: ENOENT: no such file or directory

[aquiladev]

When I compile my project via truffle build everything works, but when I execute truffle run verify I have amount of errors on compilation:

ParserError: Source "openzeppelin-solidity/contracts/math/SafeMath.sol" not found:
ENOENT: no such file or directory, stat 'openzeppelin-solidity/contracts/math/SafeMath.sol'
...

truffle config is pretty standard

module.exports = {
  networks: {
    development: {
      host: "127.0.0.1", 
      port: 8545,
      network_id: "*",
    },
  },

  compilers: {
    solc: {
      version: '0.5.4'
    }
  },
  plugins: ["truffle-security"]
}

[imthatcarlos]

I can confirm. Need to include a relative path to the libraries for this command to work. It would be great if we didn't have to :)

[muellerberndt]

Hmm, usually if the project is already built, Truffle Security shouldn't recompile it at all. Can you try to run truffle compile before truffle run verify? Or is that already implied by truffle build?

[imthatcarlos]

In my case, what happens is:

1. I compile the contracts successfully (excluding relative path for libs)
2. I run truffle verify
3. It seems to start to compile my contracts...
4. It doesn't produce any errors, and doesn't give the same output I was getting when I included related path to libs

[rocky]

@b-mueller things have changed slightly in the latest version. Because we don't use truffle's compile artifact JSON anymore, but instead roll our own, a truffle compile doesn't directly help truffle verify. truffle verify needs to do its own compile (adjusting to capture imported-file information which the standard truffle compile doesn't do), and then store that in its own location. But truffle-security does this using the underlying truffle libraries as much as it can.

The good news though is that if someone can come up with a small sample truffle project, I think we will be able to handle this with or without relative paths

[tagomaru]

I got same kind of problem.

Error case

import "openzeppelin-solidity/contracts/my/VulnerableParent.sol";
contract VulnerableChild is VulnerableParent {}

Success case

import "./VulnerableParent.sol";
contract VulnerableChild is VulnerableParent {}

In the Error case, I got the below message.

"These smart contracts were not found: VulnerableChild"

I guess it cannot consider about relative path from npm directory (node_modules) for like zeppeline yet.

[jo-tud]

The good news though is that if someone can come up with a small sample truffle project, I think we will be able to handle this with or without relative paths

Problem exists in this repo: https://github.com/Roger-Wu/DividendPayingToken

truffle compile

Compiling your contracts...
===========================
> Everything is up to date, there is nothing to compile.

$ truffle run verify
Compiling ./contracts/DividendPayingToken.sol...
Compiling ./contracts/DividendPayingTokenInterface.sol...
Compiling ./contracts/DividendPayingTokenOptionalInterface.sol...
Compiling ./contracts/math/SafeMathInt.sol...
Compiling ./contracts/math/SafeMathUint.sol...

Error: /home/jo/projects/DividendPayingToken/contracts/DividendPayingToken.sol:3:1: ParserError: Source "openzeppelin-solidity/contracts/token/ERC20/ERC20Mintable.sol" not found: ENOENT: no such file or directory, stat 'openzeppelin-solidity/contracts/token/ERC20/ERC20Mintable.sol'
import "openzeppelin-solidity/contracts/token/ERC20/ERC20Mintable.sol";
^---------------------------------------------------------------------^
    at CompileError.ExtendableError (/home/jo/.nvm/versions/node/v10.11.0/lib/node_modules/truffle-security/node_modules/truffle-error/index.js:10:17)
    at new CompileError (/home/jo/.nvm/versions/node/v10.11.0/lib/node_modules/truffle-security/compat/truffle-compile/compileerror.js:12:23)
    at supplier.load.then.solc (/home/jo/.nvm/versions/node/v10.11.0/lib/node_modules/truffle-security/compat/truffle-compile/index.js:234:11)
Truffle v5.0.7 (core: 5.0.7)
Node v10.11.0

[muellerberndt]

Same error with ENS project:

$ truffle run verify
Compiling ./contracts/BaseRegistrar.sol...
Compiling ./contracts/BaseRegistrarImplementation.sol...
Compiling ./contracts/DummyOracle.sol...
Compiling ./contracts/ETHRegistrarController.sol...
Compiling ./contracts/PriceOracle.sol...
Compiling ./contracts/SafeMath.sol...
Compiling ./contracts/SimplePriceOracle.sol...
Compiling ./contracts/StablePriceOracle.sol...
Compiling ./contracts/StringUtils.sol...
Compiling ./contracts/_TestDeps.sol...

Error: /Users/bernhardmueller/Projects/ethregistrar/contracts/BaseRegistrar.sol:3:1: ParserError: Source "@ensdomains/ens/contracts/ENS.sol" not found: ENOENT: no such file or directory, stat '@ensdomains/ens/contracts/ENS.sol'
import "@ensdomains/ens/contracts/ENS.sol";
^-----------------------------------------^
,/Users/bernhardmueller/Projects/ethregistrar/contracts/BaseRegistrar.sol:4:1: ParserError: Source "@ensdomains/ens/contracts/HashRegistrar.sol" not found: ENOENT: no such file or directory, stat '@ensdomains/ens/contracts/HashRegistrar.sol'
import "@ensdomains/ens/contracts/HashRegistrar.sol";
^---------------------------------------------------^
,/Users/bernhardmueller/Projects/ethregistrar/contracts/BaseRegistrar.sol:5:1: ParserError: Source "openzeppelin-solidity/contracts/token/ERC721/ERC721.sol" not found: ENOENT: no such file or directory, stat 'openzeppelin-solidity/contracts/token/ERC721/ERC721.sol'
import "openzeppelin-solidity/contracts/token/ERC721/ERC721.sol";
^---------------------------------------------------------------^
,/Users/bernhardmueller/Projects/ethregistrar/contracts/BaseRegistrar.sol:6:1: ParserError: Source "openzeppelin-solidity/contracts/ownership/Ownable.sol" not found: ENOENT: no such file or directory, stat 'openzeppelin-solidity/contracts/ownership/Ownable.sol'
import "openzeppelin-solidity/contracts/ownership/Ownable.sol";
^-------------------------------------------------------------^
    at CompileError.ExtendableError (/usr/local/lib/node_modules/truffle-security/node_modules/truffle-error/index.js:10:17)
    at new CompileError (/usr/local/lib/node_modules/truffle-security/compat/truffle-compile/compileerror.js:12:23)
    at supplier.load.then.solc (/usr/local/lib/node_modules/truffle-security/compat/truffle-compile/index.js:234:11)
Truffle v5.0.5 (

[aquiladev]

import "./../node_modules/openzeppelin-solidity/contracts/math/SafeMath.sol";

fixes the issue, but I expect it should work without ./../node_modules/

[rocky]

As it should be apparent from the above we are currnetly working on this.

[muellerberndt]

Hey guys, Rocky is on it. Will be fixed hopefully in the next few days, fingers crossed 🤞

[jo-tud]

In your log, it looks like this previously compiled. What step am I missing to get this to truffle compile? npm install

[rocky]

Will be fixed hopefully in the next few days, fingers crossed

Current plan is to do another release over the weekend of whatever we have by then.

There will be other small changes/improvements in that release. And as always, more to do in the pipeline.

[imthatcarlos]

Awesome, thanks for the updates guys 👍

[rocky]

For those of you who are up to it, please try out the master branch which has a proposed fix. Unless people find problems, I will be releasing this over the upcoming weekend.

Thanks for all of your help.

[muellerberndt]

FYI, try this:

$ npm install -g git+https://git@github.com/ConsenSys/truffle-security.git

[rocky]

@aquiladev release 1.3.1 is now out. (If you "watch" the project, you can get release notes sent to you).

If this fixes the problem, close this issue. Otherwise let us know what is wrong.

Also note that in future releases we'll be addressing things like

• EthPM packages
• globally installed NPM packages
• EIP 82

and these are marked as separate issues now.

[aquiladev]

works for me, close #119