Integration of Audit Tools.

[SurfingNerd]

Slither

• [x] Configuration https://github.com/crytic/slither/wiki/Usage#configuration-file
• [x] Slither Integration: https://github.com/crytic/slither-action Slither has to be installed localy on the machine, and reads the slither.config.json from the repo

Mythril

• [x] mythril https://github.com/ConsenSys/mythril
• [ ] create a typescript to run the Mythril CLI command for generating the report, creating a process for each File.

The first Mythril report took more than 16 hours to generate - looks like it is not possible to integrate them as github tasks, but it's good to have preaudit.

Solhint

was already part of our development.

• [x] integrate solhint

[SurfingNerd]

slither_report.txt

[SurfingNerd]

mythril_results.zip slither-report.zip

[SurfingNerd]

dummy code for spawning

  import * as child from 'child_process';
  const solidityFile = "Some.sol";
  const promise = child.spawn('mythril', [solidityFile]);
  // promise has several .on(...) events where you can listen to data.

[axel-muller]

Securify2 repo looks abandoned (last commit 3 years ago). It's not possible to build docker image and use it for solidity version we are targeting in contracts (>=0.8.17). List of Securify2 supported vulnerabilities almost fully covered by combination of static analysis tools we already using - solhint, slither, mythril. So usage of Securify2 looks pretty useless and redundant.

[SurfingNerd]

removed sourcify2 from list of tools we should include