Skip to content

A tool for detecting common security vulnerabilities and insecure patterns in FRAME pallets using static program analysis techniques like data-flow analysis, abstract interpretation and symbolic execution.

License

Apache-2.0, MIT licenses found

Licenses found

Apache-2.0
LICENSE-APACHE
MIT
LICENSE-MIT
Notifications You must be signed in to change notification settings

davidsemakula/pallet-verifier

Repository files navigation

pallet-verifier

pallet-verifier is a tool for detecting common security vulnerabilities and insecure patterns in FRAME pallets using static program analysis techniques like data-flow analysis, abstract interpretation and symbolic execution.

FRAME pallets are modules used to build/compose Substrate-based blockchains.

NOTE: 🚧 This project is still work in progress, check back over the next few weeks for regular updates.

Installation

Prerequisites

NOTE: pallet-verifier requires a Clang binary that supports WebAssembly. On macOS, the Clang binary from Xcode doesn't support WebAssembly, so you'll need to install clang/llvm via homebrew and add it to your PATH.

NOTE: On platforms where gcc is the default C compiler (e.g. Debian and Ubuntu), make sure the gcc-multilib package is also installed.

Installing pallet-verifier

git clone https://github.com/davidsemakula/pallet-verifier.git
cd pallet-verifier
cargo install --locked --path ./

Usage

Run the following command from the crate root of a FRAME pallet (i.e. the directory that contains the Cargo.toml file for the FRAME pallet).

cargo verify-pallet

NOTE: pallet-verifier compiles the target FRAME pallet code in "test mode" (i.e. the equivalent of running cargo test or rustc --test), so you'll need to ensure that all prerequisites for test compilation are installed and/or configured properly, otherwise compilation will fail.

Documentation

Binary Documentation

cargo verfiy-pallet subcommand help text.

A tool for detecting common security vulnerabilities and insecure patterns in FRAME pallets using static program analysis techniques.

Usage: cargo verify-pallet

Options:
    -h, --help               Print help
    -V, --version            Print version
    --pointer-width <32|64>  The pointer width for the target execution environment

Library Documentation

You can access library documentation locally by running the following command from the project root

cargo doc --no-deps --open

Architecture Documentation

To learn more about how pallet-verifier works under the hood, check out ARCHITECTURE.md (see also).

Testing

You can run UI tests by running the following command from the project root

cargo test

Check out TESTING.md for more details.

License

Licensed under either MIT or Apache-2.0 license at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

Acknowledgements

🌱 Funded by: the Web3 Foundation.

About

A tool for detecting common security vulnerabilities and insecure patterns in FRAME pallets using static program analysis techniques like data-flow analysis, abstract interpretation and symbolic execution.

Resources

License

Apache-2.0, MIT licenses found

Licenses found

Apache-2.0
LICENSE-APACHE
MIT
LICENSE-MIT

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages