search

eth-sri / securify

[DEPRECATED] Security Scanner for Ethereum Smart Contracts
Apache License 2.0
216 stars 50 forks source link

Add argument option to specify solc manually. #77

Closed mattaereal closed 5 years ago

mattaereal commented 5 years ago

Closes #76. Adds the possibility to specify different version compilers other than the one provided by the system installation.

(patch-solc-path*) $ java -jar build/libs/securify-0.1.jar -fs ~/zeppelin/contracts/example.sol
/home/matt/zeppelin/contracts/example:1:1: Error: Source file requires different compiler version (current compiler is 0.5.0+commit.1d4f565a.Linux.g++ - note that nightly builds are considered to be strictly less than the released version
pragma solidity ^0.4.25;
^----------------------^
/home/matt/zeppelin/contracts/example.sol:2:1: Error: Unsupported experimental feature name.
pragma experimental "v0.5.0";
^---------------------------^
Exception in thread "main" java.lang.RuntimeException
        at ch.securify.CompilationHelpers.compileContracts(CompilationHelpers.java:112)
        at ch.securify.Main.processSolidityFile(Main.java:101)
        at ch.securify.Main.main(Main.java:242)

This is because the current contract uses a lower version of solc and the compiler installed is ahead.

(patch-solc-path*) $ solc --version                                                                                               
solc, the solidity compiler commandline interface
Version: 0.5.0+commit.1d4f565a.Linux.g++

Now with a downloaded statically solc 0.4.25

(patch-solc-path*) $ ./solc-static-linux --version                                                                                
solc, the solidity compiler commandline interface
Version: 0.4.25+commit.59dbf8f1.Linux.g++

Trying again with the new parameter --solc-path:

(patch-solc-path*) $ java -jar build/libs/securify-0.1.jar --solc-path ./solc-static-linux -fs ~/zeppelin/contracts/Example.sol
Processing contract: /home/matt/zeppelin/contracts/Example.sol:SarasaMath
  Attempt to decompile the contract with methods...
  Failed to decompile methods. Attempt to decompile the contract without identifying methods...
  Propagating constants...
  Verifying patterns...
Warning for LockedEther in contract 'SarasaMath':
    |
    |
  > |library SarasaMath {
    |    /**
    |    * @dev Returns the absolute positive of the int256 as uint256
  at /home/matt/zeppelin/contracts/Example.sol(10)
ghost commented 5 years ago

DeepCode analyzed this pull request. There are no new issues.

hiqua commented 5 years ago

Merged, thanks!