add mythril reports and slither VSCode config (#504)

* add mythril reports and slither VSCode config

* split analyze and myth scripts

Author: glmaljkovich

package.json

@@ -105,7 +105,8 @@
     "prettier:ts": "prettier --write 'test/**/*.ts'",
     "prettier:sol": "prettier --write 'contracts/*.sol'",
     "analyze": "scripts/analyze",
-    "flatten": "scripts/flatten",
+    "myth": "scripts/myth",
+    "flatten": "scripts/flatten && scripts/clean",
     "typechain": "hardhat typechain",
     "verify": "hardhat verify",
     "size": "hardhat size-contracts"

scripts/analyze

@@ -3,8 +3,10 @@
 ## Before running:
 # This tool requires to have solc installed.
 # Ensure that you have the binaries installed by pip3 in your path.
-# Install: https://github.com/crytic/slither#how-to-install
-# Usage: https://github.com/crytic/slither/wiki/Usage
+# Install: 
+# - https://github.com/crytic/slither#how-to-install
+# Usage:
+# - https://github.com/crytic/slither/wiki/Usage
 
 mkdir -p reports
 
@@ -21,6 +23,9 @@ slither . \
     --exclude similar-names,naming-convention \
     --disable-color \
     &> reports/analyzer-report.sarif && \
+echo "Slither report generated at ./reports/analyzer-report.sarif"
+echo "Checking ERC compliance..."
 slither-check-erc build/flatten/GraphToken.sol GraphToken &> reports/analyzer-report-erc.log
+echo "Compliance report generated at ./reports/analyzer-report-erc.log"
 
 echo "Done!"

scripts/clean

@@ -0,0 +1,32 @@
+#!/bin/bash
+
+OUT_DIR="build/flatten"
+
+mkdir -p ${OUT_DIR}
+
+echo "Cleaning flattened contracts..."
+
+FLATTENED_FILES=(
+    "$OUT_DIR/Controller.sol"
+    "$OUT_DIR/GraphGovernance.sol"
+    "$OUT_DIR/GNS.sol"
+    "$OUT_DIR/ServiceRegistry.sol"
+    "$OUT_DIR/Curation.sol"
+    "$OUT_DIR/GraphCurationToken.sol"
+    "$OUT_DIR/Staking.sol"
+    "$OUT_DIR/RewardsManager.sol"
+    "$OUT_DIR/GraphToken.sol"
+    "$OUT_DIR/EpochManager.sol"
+    "$OUT_DIR/GraphProxy.sol"
+    "$OUT_DIR/GDAI.sol"
+    "$OUT_DIR/GSRManager.sol"
+)
+
+for path in ${FLATTENED_FILES[@]}; do
+    echo "Clean > ${path}"
+    sed -i \
+        -e "s|pragma solidity.*||g" \
+        -e "s|// SPDX-License-Identifier:.*||g" \
+        -e 's|pragma experimental ABIEncoderV2;|//pragma experimental ABIEncoderV2;|g' \
+        -e '1s|^|pragma experimental ABIEncoderV2;\n|' $path
+done

scripts/myth

@@ -0,0 +1,35 @@
+#!/bin/bash
+
+## Before running:
+# This tool requires to have solc installed.
+# Ensure that you have the binaries installed by pip3 in your path.
+# Install: 
+# - https://github.com/ConsenSys/mythril#installation-and-setup
+# Usage:
+# - https://github.com/ConsenSys/mythril#usage
+
+pip3 install --user mythril && \
+yarn build && \
+mkdir -p reports/myth
+
+echo "Myth Analysis..."
+
+start_time="$(date -u +%s)"
+
+for filename in build/flatten/*.sol; do
+    step_start_time="$(date -u +%s)"
+    echo "Scanning $filename ..."
+    myth analyze \
+        --parallel-solving \
+        --execution-timeout 30 \
+        --solver-timeout 6000 \
+        -o markdown "$filename" \
+        &> "reports/myth/$(basename "$filename" .sol)-report.md" && \
+
+    end_time="$(date -u +%s)"
+    total_elapsed="$(($end_time-$start_time))"
+    step_elapsed="$(($end_time-$step_start_time))"
+    echo "> Took $step_elapsed seconds. Total elapsed: $total_elapsed seconds."
+done
+
+echo "Done!"

slither.config.json

@@ -0,0 +1,6 @@
+{
+    "hardhat_artifacts_directory": "./build/contracts",
+    "filter_paths": "contracts/bancor/.*|contracts/tests/.*|contracts/staking/libs/Cobbs.*|contracts/staking/libs/LibFixedMath.*|contracts/staking/libs/MathUtils.*",
+    "detectors_to_exclude": "similar-names,naming-convention",
+    "exclude_dependencies": true
+}