Home
CodeHawks
Solodit
Updraft
Support

CLI Options

Below are options which may be included with the aderyn CLI command.

aderyn [OPTIONS]

aderyn <ROOT>

The root directory of your Solidity project.

Input:

aderyn .

--help

Outputs the options and arguments available when using Aderyn.

Rust based Solidity AST analyzer

Usage: aderyn [OPTIONS] <ROOT>

Arguments:
  <ROOT>  Foundry or Hardhat (or other) project root directory 

Options:
  -o, --output <OUTPUT>    Desired file path for the final report (will overwrite existing one) [default: report.md]
  -s, --scope <SCOPE>      List of path strings to include, delimited by comma (no spaces). Any solidity file path not containing these strings will be ignored
  -e, --exclude <EXCLUDE>  List of path strings to exclude, delimited by comma (no spaces). Any solidity file path containing these strings will be ignored
  -n, --no-snippets        Do not include code snippets in the report (reduces report size in large repos)
  -h, --help               Print help
  -V, --version            Print version

-o, --output <OUTPUT>

- The default output is report.md. This can be renamed to anything you'd like. Currently supported formats include Markdown and JSON. JSON is particularly useful in CI/CD pipelines to compile properties from the generated report.

Examples:

aderyn -o my-report.json
aderyn -o my-report.md

-s, --src <SOURCE_PATH>

The path to the source contracts folder. If not provided, the ROOT directory will be used.

If your project has a foundry.toml file in the ROOT, then aderyn will obtain this value from it.

Examples based on the below directory structure:

└── my_project/
    ├── hardhat.config.js
    ├── contracts/
    │   ├── Apples.sol
    │   └── Bananas.sol
    ├── script/
    │   └── Deploy.dol
    ├── test/
    │   ├── Apples.test.js
    │   └── Bananas.test.js
    ├── util/
    └── node_modules/

Command:

aderyn --src contracts/

-i, --path-includes <PATH_INCLUDES>

A string, or list of strings separated by commas that pertain to the filenames/directories in scope. These are the files/directories that Aderyn will be run on.

Note: strings passed to the scope command are case-sensitive.

Examples will be based on the below repo:

├── src
│   ├── interfaces
│   │   ├── IFlashLoanReceiver.sol
│   │   ├── IPoolFactory.sol
│   │   ├── ITSwapPool.sol
│   │   └── IThunderLoan.sol
│   ├── protocol
│   │   ├── AssetToken.sol
│   │   ├── OracleUpgradeable.sol
│   │   └── ThunderLoan.sol
│   └── upgradedProtocol
│       └── ThunderLoanUpgraded.sol

Input:

aderyn -i src/interfaces

Output:

Input:

aderyn --path-includes Thund

Output:

-x, --path-excludes <PATH_EXCLUDE>

the opposite of --path-includes, this will exclude any files or directories that contain the passed string.

Input:

aderyn -x Thunder

Output:

-n, --no-snippets

The default behavior is to include the line number, as well as snippets of code where the vulnerability is detected within the generated report. This can potentially take up a lot of space in the report. This option will disable the snippets, leaving the line number readouts only.

Input (default):

aderyn -i Thunder`

  • Found in src/protocol/ThunderLoan.sol Line: 239

        function setAllowedToken(IERC20 token, bool allowed) external onlyOwner returns (AssetToken) {

Input (no-snippets):

aderyn -i Thunder -n
aderyn -i Thunder --no-snippets

Output:

  • Found in src/protocol/ThunderLoan.sol Line: 239

aderyn --version

Outputs the current version of Aderyn installed

Input:

aderyn -v
aderyn --version

Output:

aderyn 0.0.13

aderyn registry

Output the list of detectors.

Input:

aderyn registry

Output:

Detector Registry

Name                             Title

Low

centralization-risk            - Centralization Risk for trusted owners
solmate-safe-transfer-lib      - Solmate's SafeTransferLib does not check for token contract's existence
avoid-abi-encode-packed        - `abi.encodePacked()` should not be used with dynamic types when passing the result to a hash function such as `keccak256()`
ecrecover                      - `ecrecover` is susceptible to signature malleability
...

High
...
PreviousQuickstartNextWhat is a Detector?

Last updated