

Discover more from Learn Pentesting like a Pro!
Stay updated on the latest cybersecurity insights from Cloud and Mobile to Blockchain. (HUNDREDS OF SUBSCRIBERS)
Continue reading
🧮 How to use solium (Ethlint) to audit smart contracts
Ethlint (formerly solium) is a tool that analyze your smart contract for style and security issues.
Ethlint (formerly solium) is a handy tool to use when we are doing static analysis with a smart contract written in Solidity.
Let’s go!
It can be installed easily with npm:
# npm install -g ethlint
Once installed, we can initialize a project in the current directory like this:
$ solium -i
This will create .soliumrc.json and .soliumignore files under the current directory.
By default, solium has the following configuration:
$ cat .soliumrc.json
{
"extends": "solium:recommended",
"plugins": [
"security"
],
"rules": {
"quotes": [
"error",
"double"
],
"indentation": [
"error",
4
],
"linebreak-style": [
"error",
"unix"
]
}
}
Now we can run solium on our contract:
$ solium -f blind-auction.sol
blind-auction.sol
28:19 error Syntax error: unexpected token (
✖ 1 error found.
WARNING: It seems not to work very well with pragma solidity ^0.8.4;
$ head -2 blind-auction.sol
// SPDX-License-Identifier: GPL-3.0
pragma solidity ^0.8.4;
Advanced usage:
$ solium --help
Usage: solium [options] <keyword>
Linter to find & fix style and security issues in Solidity smart contracts.
Options:
-V, --version output the version number
-i, --init Create default rule configuration files
-f, --file [filepath::String] Solidity file to lint
-d, --dir [dirpath::String] Directory containing Solidity files to lint
-R, --reporter [name::String] Format to report lint issues in (pretty | gcc) (default: "pretty")
-c, --config [filepath::String] Path to the .soliumrc configuration file
-, --stdin Read input file from stdin
--fix Fix Lint issues where possible
--fix-dry-run Output fix diff without applying it
--debug Display debug information
--watch Watch for file changes
--hot (Deprecated) Same as --watch
--no-soliumignore Do not look for .soliumignore file
--no-soliumrc Do not look for soliumrc configuration file
--rule [rule] Rule to execute. This overrides the specified rule's configuration in soliumrc if present (default: [])
--plugin [plugin] Plugin to execute. This overrides the specified plugin's configuration in soliumrc if present (default: [])
-h, --help output usage information