Discover more from Learn Pentesting like a Pro!

Stay updated on the latest cybersecurity insights from Cloud and Mobile to Blockchain. (HUNDREDS OF SUBSCRIBERS)

🧮 How to use solium (Ethlint) to audit smart contracts

Ethlint (formerly solium) is a tool that analyze your smart contract for style and security issues.

Jan 6, 2023

Ethlint (formerly solium) is a handy tool to use when we are doing static analysis with a smart contract written in Solidity.

Let’s go!

It can be installed easily with npm:

# npm install -g ethlint

Once installed, we can initialize a project in the current directory like this:

$ solium -i

This will create .soliumrc.json and .soliumignore files under the current directory.

By default, solium has the following configuration:

$ cat .soliumrc.json 
{
  "extends": "solium:recommended",
  "plugins": [
    "security"
  ],
  "rules": {
    "quotes": [
      "error",
      "double"
    ],
    "indentation": [
      "error",
      4
    ],
    "linebreak-style": [
      "error",
      "unix"
    ]
  }
}

Now we can run solium on our contract:

$ solium -f blind-auction.sol

blind-auction.sol
  28:19    error    Syntax error: unexpected token (

✖ 1 error found.

WARNING: It seems not to work very well with pragma solidity ^0.8.4;

$ head -2 blind-auction.sol 
// SPDX-License-Identifier: GPL-3.0
pragma solidity ^0.8.4;

Advanced usage:

$ solium --help 
Usage: solium [options] <keyword>

Linter to find & fix style and security issues in Solidity smart contracts.

Options:
  -V, --version                    output the version number
  -i, --init                       Create default rule configuration files
  -f, --file [filepath::String]    Solidity file to lint
  -d, --dir [dirpath::String]      Directory containing Solidity files to lint
  -R, --reporter [name::String]    Format to report lint issues in (pretty | gcc) (default: "pretty")
  -c, --config [filepath::String]  Path to the .soliumrc configuration file
  -, --stdin                       Read input file from stdin
  --fix                            Fix Lint issues where possible
  --fix-dry-run                    Output fix diff without applying it
  --debug                          Display debug information
  --watch                          Watch for file changes
  --hot                            (Deprecated) Same as --watch
  --no-soliumignore                Do not look for .soliumignore file
  --no-soliumrc                    Do not look for soliumrc configuration file
  --rule [rule]                    Rule to execute. This overrides the specified rule's configuration in soliumrc if present (default: [])
  --plugin [plugin]                Plugin to execute. This overrides the specified plugin's configuration in soliumrc if present (default: [])
  -h, --help                       output usage information