What is a Detector?
Adapting an enterprise-level Solidity static analyzer to your codebase can be daunting. Cyfrin Aderyn solves this by giving smart contract developers and security researchers an open-source tool to easily write, test, run, and contribute with their custom Aderyn static analysis detectors tailored to their needs.
Suppose you're unfamiliar with the concept of detectors: a detector is a snippet of code that, given a smart contract Abstract Syntax Tree (AST), will verify the presence of vulnerabilities based on user-defined patterns.
If you've ever built a scraper, the concept is very similar.
Aderyn static analysis detector
When you build a web scraper/crawler, you usually write a Python script that, given a URL, takes the content of a web page, filters it to find the exact information you need, and performs operations with that data based on your needs.
Let’s say you want to save the biographies of all Twitter users. You would feed a list of Twitter users' URLs into your script that should then filter through the HTML of the scraped page, find the text, and save those biographies - if the biography isn't there, continue.
Detectors and Aderyn essentially work the same way:
Overly simplified: Aderyn is the scraping library, acting as the scraper; you give it a smart contract (a URL), and it will create a JSON-like representation of your smart contract or code base, called AST or Abstract Syntax Tree, just like the content of your HTML page, it will contain all the data you need about your smart contract's code.
Let's say that you have the following code:
The AST of the code above will look as follows:
As you can see, the AST contains information like:
contract name
function names
definitions
variables
modifiers
Essentially, all the relevant information about your Solidity smart contract code and its content. You can read more about AST on the dedicated documentation page.
While Aderyn provides you with the AST, the detectors running on it verify that the data inside the AST contains the right things at the right place, and if not, it means there's a vulnerability.
Let's make an example.
Example of an Aderyn Detector
Let's say we must ensure that the nonReentrant modifier is the first assigned to each appropriate function in my codebase.
That means every function should be:
and not:
If the nonReentrant modifier isn’t the first assigned, we might incur reentrancy issues inside other modifiers.
With the information in our code's Abstract Syntax Tree (AST), we can build a detector that checks through all the modifiers assigned to every function in the codebase and verifies that "nonReentrant" is the first one assigned. If not, it should be reported.
Here's how the detector would look like:
Source: https://github.com/Cyfrin/aderyn/blob/dev/aderyn_core/src/detect/low/non_reentrant_before_others.rs
In the code above, we’re declaring a new detector called NonReentrantBeforeOthersDetector
, to which we attach an IssueDetector that implements the detect() function.
Inside the detect() function, we can use the AST representation of our smart contract to run the logic to find if the modifier is the first assigned to every function.
To do it, we:
Loop through each function definition
For each function, the modifiers array length
If the length is >1
Check if there is a
nonReentrant
modifierIf there is, and is not at position zero - YOU FOUND AN ISSUE!
As simple as that. Like filtering through our HTML tags, we can traverse the AST representation of our solidity smart contract and write code that finds vulnerabilities while you write them.
Now that you know what a detector is and what it looks like, learn how to write your custom detector or find more examples of custom detectors on the official Aderyn playground GitHub repo.
Where do I find vulnerability patterns?
Get access to 8000+ smart contract findings, vulnerabilities, bug bounties, and competitions completely free on Cyfrin Solodit.
Learn from the world’s top auditors and create detectors to spot those vulnerabilities while you can, using Cyfrin Aderyn.
Conclusion
A detector is a snippet of code that, given a smart contract Abstract Syntax Tree (AST), will verify the presence of vulnerabilities based on user-defined patterns.
Developers can study vulnerability patterns on Solodit and develop their custom detectors, tailored to their codebase, using Cyfrin Aderyn.
Last updated