Implementation of slither static code analysis

[antonyip]

Fixes: #83

Signed-off-by: Anton Yip Anton_Yip@hotmail.com

[jamesondh]

Hey @antonyip thanks for the PR!

Could you create a config file for Slither to include all of our contracts in the net-emissions-token-network/contracts directory? I see in the README that the script only shows the Governor contract and we have three others we'd like to scan. Thanks!

[antonyip]

Hi @jamesondh,
I added the config file as you asked.
However, Slither doesn’t do anything differently.

[jamesondh]

@antonyip Is it possible to analyze each file individually on your local repo? I tried the command slither contracts/NetEmissionsTokenNetwork.sol to run the test individually but it gave me an error crytic_compile.platform.exceptions.InvalidCompilation: [Errno 2] No such file or directory: 'solc'

[antonyip]

Hi @jamesondh,

I've tried going down that route..

1. install solc (npm install -g solc@0.7)
2. Running this command ( slither contracts/NetEmissionsTokenNetwork.sol --solc solcjs --solc-args "bin" --solc-remaps "/home/user/blockchain-carbon-accounting/net-emissions-token-network/node_modules/" )
3. I run into this error (crytic_compile.platform.exceptions.InvalidCompilation: Invalid solc compilation Error reading /home/user/blockchain-carbon-accounting/net-emissions-token-network/node_modules/: Error: EISDIR: illegal operation on a directory, read)\
4. or this -> (slither contracts/NetEmissionsTokenNetwork.sol --solc solcjs --solc-args "bin @openzeppelin/contracts/math/SafeMath.sol=/home/user/blockchain-carbon-accounting/net-emissions-token-network/node_modules/@openzeppelin/contracts/math/SafeMath.sol") (crytic_compile.platform.exceptions.InvalidCompilation: Invalid solc compilation Error reading @openzeppelin/contracts/math/SafeMath.sol=/home/user/blockchain-carbon-accounting/net-emissions-token-network/node_modules/@openzeppelin/contracts/math/SafeMath.sol: Error: ENOENT: no such file or directory, open '@openzeppelin/contracts/math/SafeMath.sol=/home/user/blockchain-carbon-accounting/net-emissions-token-network/node_modules/@openzeppelin/contracts/math/SafeMath.sol')

However, if i delete the files from the repo (because slither is only scanning 1 file at a time)... all the files can be scanned.

[jamesondh]

@antonyip

I'm not sure about the first error but perhaps the second is caused by OpenZeppelin's recent deprecation of SafeMath with Solidity 0.8.0? We will have to upgrade our contracts to 0.8.0 at some point.

Maybe we can do a workaround for now if you are able to get them to analyze individually, like a shell script that copies the contracts to an empty folder to be analyzed there?

Appreciate your help and hopefully we can get this working soon!

[antonyip]

@jamesondh Updated...

[jamesondh]

Thanks I am seeing all of the contracts now -- I will update the docs to get it up to date with main and merge this 👍