Scout is an extensible open-source tool intended to assist ink! smart contract developers and auditors detect common security issues and deviations from best practices.
Home Page: https://coinfabrik.github.io/scout/
License: MIT License
test-cases directory is not being included for linting and formatting. It should be included in order to detect lint or formatting errors.
Makefile the missing formatting and linting of the test-cases directoryA test-case for unsafe-unwrap. This vulnerability is done when calling any sort of unwrap() operation on a Result or Option or any other. The correct way would be to define a custom Error type.
unsafe-unwrap should be created3
1
A detector for unsafe-unwrap. This vulnerability is done when calling any sort of unwrap() operation on a Result or Option or any other. The correct way would be to define a custom Error type.
unsafe-unwrap should be created3
1
User provided addresses should not be the zero address or any of the default test accounts (e.g. Bob, Alice).
Complete doc for Getting Started section.
Include these subsections
2
1
Allows user to set path where to run the tool
Implements the following command:
cargo scout –manifest-path <PATH_TO_CARGO_TOML>
1
1
Add options to allow:
Implements the following commands:
cargo scout -–filter-by-detectors <DETECTOR_LIST_SEPARATED_BY_COMAS>cargo scout –-exclude-detectors <DETECTOR_LIST_SEPARATED_BY_COMAS>cargo scout –-list-detectors5
1
Display help message and version message.
Implements the following commands:
cargo scout --help
cargo scout -h
cargo scout --version
1
1
Detectors are being downloaded from the old web3-grant repository, causing the tests of new detectors to fail.
Write documentation for floating point and numerical precision test case.
1
Install and try scout on Windows 10.
Command cargo scout runs successfully without errors on sample repo.
1
1
We need to have a basic working CLI, and then start adding features to it.
dylint to run the linters against the given smart contract8 days
1
Usage of unwrap() is frowned upon in production code, which can cause the contract execution to revert with panic without providing a reason or a proper error control. This is similar to the panic-error vulnerability.
In the same way as slither detects delegate-calls, we should have a detector for it. This is an exploratory issue for learning the usage of MIR and testing in a low-hanging fruit example such as delegatecall.
5
1
Complete documentation on detectors.
Add intro to detectors.
Add references to types of detectors and detection techniques
Add a separate page for each detector.
5
1
A detector and test-case for unsafe-expect. This vulnerability is done when calling any sort of expect() operation on a Result or Option or any other. The correct way would be to define a custom Error type.
unsafe-expect should be createdSome detectors needs other toolchains to work as intended. We need to make that each detector has his own rust-toolchain
A verification should be done in order to verify the detector for integer-overflow-underflow is complete for all arithmetic operations that could produce an overflow/underflow.
1
In the same way as slither detects delegate-calls, we should have a detector for it. This is an exploratory issue for learning the usage of MIR and testing in a low-hanging fruit example such as delegatecall.
5
1
Add minimum test section (just a paragraph) explaining:
cargo-scoutDue to the impossibility to represent floating point numbers in Ink, order of multiplications and divisions are important to ensure numerical precision.
Take for example the following function. It is intended to return the percentage of a total profit:
#[ink::message]
pub fn split_profit(uint64 percentage, uint64 total_profit) -> uint64 {
(percentage / 100) * total_profit
}The result however, will always be zero, given the integer division percentage / 100 yields zero.
Reordering operations to perform multiplications before divisions is a good way to avoid loss of precision:
#[ink::message]
pub fn split_profit(uint64 percentage, uint64 total_profit) -> uint64 {
(percentage * total_profit) / 100
}CI github workflow takes now around 40 minutes. This is too long and we will run out of our monthly free quota in no time.
Ensure the following columns are in the table:
Install and try scout on Mac.
Command cargo scout runs successfully without errors on sample repo.
1
1
Complete Vulnerability documentation to docs.
Add an intro to vulnerabilities.
Add references for further reading.
Add separate pages for each class of vulnerability
3
1
Add main sections and image to README.md
Add scout image within assets folder. Link the image to the README.md
Add license and license badge.
Add the following sections:
1
1
For each icon, image or logo in this drive create an equivalent image for scout, maintaining file format an size.
Please take a look at the subfolder Image Ideas for an idea on how each image should look like.
Leave all the new image files in the folder Scout Icons.
Follow the image names specified in the Acceptance Criteria below.
The following files in bold must be saved in the Scout Icons folder.
To be confirmed
1
Using block.number or block.timestamp together with a hash function to produce random numbers is insecure, since these attributes can be manipulated by miners for the current block or read by anyone else if using attributes of a previous block.
A detector and test-case for unsafe-expect. This vulnerability is done when calling any sort of expect() operation on a Result or Option or any other. The correct way would be to define a custom Error type.
unsafe-expect should be createdAdd an option to allow output to be exported to a file (e.g: json file).
Specifies the output file type.
Implements the following command:
cargo scout –output-file <OUTPUT_FILE_NAME>
To be discussed
1
The goal of this task is to enhance the repository by adding a vulnerabilities folder and/or tests folder. The folder should contain examples of vulnerabilities, both before and after remediation, as specified in the Proof of Concept (PoC) milestone.
1
1
Add integrations tests to ensure that detectors mantain their expected behaviour as we modify scout and add new detectors. Proposal: create a vulnerabilities folder with the vulnerability examples and a tests folder with the necessary scripts to automate scout's run on these vulnerabilities.
To be defined.
1
Remove READMEs from all test-cases and add a README.md in the main test-case folder linking to the docusaurus.
Add options to allow:
Implements the following commands:
cargo scout –-filter-by-categories <CATEGORY_LIST_SEPARATED_BY_COMAS>cargo scout –-exclude-categories <CATEGORY_LIST_SEPARATED_BY_COMAS>cargo scout -–list-categories3
1
User provided addresses should not be the zero address or any of the default test accounts (e.g. Bob, Alice).
zero address or a default test accountIn the current iteration of the vscode extension, whenever a Rust project is detected, doesn't matter if it's a smart contract or not, the extension is activated. This is not the correct behaviour as the linter is only suitable for Ink! smart contracts.
As a suggestion, the detection could be done verifying if the Cargo.toml has the dependencies needed to create a smart contract.
2
1
Deploy documentation in Github Pages.
Due to the impossibility to represent floating point numbers in Ink, order of multiplications and divisions are important to ensure numerical precision.
Take for example the following function. It is intended to return the percentage of a total profit:
#[ink::message]
pub fn split_profit(uint64 percentage, uint64 total_profit) -> uint64 {
(percentage / 100) * total_profit
}The result however, will always be zero, given the integer division percentage / 100 yields zero.
Reordering operations to perform multiplications before divisions is a good way to avoid loss of precision:
#[ink::message]
pub fn split_profit(uint64 percentage, uint64 total_profit) -> uint64 {
(percentage * total_profit) / 100
}floating-point-and-numerical-precisionTool should be ran against deployed projects in order to verify false positives and general usage.
Usage of unwrap() is frowned upon in production code, which can cause the contract execution to revert with panic without providing a reason or a proper error control. This is similar to the panic-error vulnerability.
Install and try scout on Linux
Command cargo scout runs successfully without errors on sample repo.
1
1
Add sections and links associated to the key features of our project to the front page.
2
1
This is an exploratory issue about creating a vscode extension for scout.
3
1
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.