c54c569f30
Completed clean root directory structure: - Root now contains only: .git, .env, docs/, orig/ - Moved all remaining files and directories to orig/: - Config files (.claude, .dockerignore, .drone.yml, etc.) - All .env variants (except active .env) - Git config (.gitconfig, .github, .gitignore, etc.) - Tool configs (.golangci.yml, .revive.toml, etc.) - Documentation (*.md files, @prompts) - Build files (Dockerfiles, Makefile, go.mod, go.sum) - Docker compose files - All source directories (scripts, tests, tools, etc.) - Runtime directories (logs, monitoring, reports) - Dependency files (node_modules, lib, cache) - Special files (--delete) - Removed empty runtime directories (bin/, data/) V2 structure is now clean: - docs/planning/ - V2 planning documents - orig/ - Complete V1 codebase preserved - .env - Active environment config (not in git) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
228 lines
5.7 KiB
Bash
Executable File
228 lines
5.7 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
#
|
|
# Solidity Audit Pipeline for MEV Bot Smart Contracts
|
|
# Integrates with harness/local-ci-pipeline.sh
|
|
#
|
|
# This script audits Solidity contracts using Docker-based security tools
|
|
# Based on docs/solidity_audit_bundle.md specifications
|
|
|
|
set -euo pipefail
|
|
|
|
ROOT_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)
|
|
cd "$ROOT_DIR"
|
|
|
|
HARNESS_DIR="$ROOT_DIR/harness"
|
|
LOG_DIR="${HARNESS_LOG_DIR:-$HARNESS_DIR/logs}/solidity"
|
|
REPORT_DIR="${HARNESS_REPORT_DIR:-$HARNESS_DIR/reports}/solidity"
|
|
mkdir -p "$LOG_DIR" "$REPORT_DIR"
|
|
|
|
# Container runtime detection
|
|
CONTAINER_RUNTIME="${HARNESS_RUNTIME:-}"
|
|
if [[ -z "$CONTAINER_RUNTIME" ]]; then
|
|
if command -v podman >/dev/null 2>&1; then
|
|
CONTAINER_RUNTIME=podman
|
|
elif command -v docker >/dev/null 2>&1; then
|
|
CONTAINER_RUNTIME=docker
|
|
else
|
|
echo "ERROR: No container runtime found. Docker or Podman is required." >&2
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
# Configuration
|
|
SKIP_FOUNDRY="${HARNESS_SKIP_FOUNDRY:-false}"
|
|
SKIP_SLITHER="${HARNESS_SKIP_SLITHER:-false}"
|
|
SKIP_MYTHRIL="${HARNESS_SKIP_MYTHRIL:-false}"
|
|
VERBOSE="${HARNESS_VERBOSE:-false}"
|
|
|
|
log() {
|
|
printf '[%s] [SOLIDITY] %s\n' "$(date '+%Y-%m-%d %H:%M:%S')" "$*"
|
|
}
|
|
|
|
run_step() {
|
|
local name="$1"
|
|
shift
|
|
local logfile="$LOG_DIR/${name}.log"
|
|
log "Starting $name"
|
|
if "$@" |& tee "$logfile"; then
|
|
log "✅ Completed $name"
|
|
return 0
|
|
else
|
|
log "❌ Failed $name - see $logfile"
|
|
return 1
|
|
fi
|
|
}
|
|
|
|
check_contracts() {
|
|
log "Checking for Solidity contracts..."
|
|
|
|
if [[ ! -d "$ROOT_DIR/contracts" ]]; then
|
|
log "No contracts directory found - skipping Solidity audit"
|
|
exit 0
|
|
fi
|
|
|
|
local contract_count=$(find "$ROOT_DIR/contracts" -name "*.sol" -type f | wc -l)
|
|
if [[ $contract_count -eq 0 ]]; then
|
|
log "No Solidity contracts found - skipping audit"
|
|
exit 0
|
|
fi
|
|
|
|
log "Found $contract_count Solidity contracts to audit"
|
|
}
|
|
|
|
run_foundry_tests() {
|
|
if [[ "$SKIP_FOUNDRY" == "true" ]]; then
|
|
log "Skipping Foundry tests (HARNESS_SKIP_FOUNDRY=true)"
|
|
return 0
|
|
fi
|
|
|
|
log "Running Foundry tests..."
|
|
|
|
if ! command -v forge >/dev/null 2>&1; then
|
|
log "Forge not found locally, using Docker image..."
|
|
run_step "foundry-test" $CONTAINER_RUNTIME run --rm \
|
|
-v "$ROOT_DIR:/src" \
|
|
-w /src \
|
|
ghcr.io/foundry-rs/foundry:latest \
|
|
forge test --gas-report --ffi --json
|
|
else
|
|
log "Using local Forge installation"
|
|
run_step "foundry-test" forge test --gas-report --ffi --json
|
|
fi
|
|
|
|
# Save gas report
|
|
if [[ -f "reports/forge-gas.json" ]]; then
|
|
cp reports/forge-gas.json "$REPORT_DIR/forge-gas.json"
|
|
fi
|
|
}
|
|
|
|
run_slither_analysis() {
|
|
if [[ "$SKIP_SLITHER" == "true" ]]; then
|
|
log "Skipping Slither analysis (HARNESS_SKIP_SLITHER=true)"
|
|
return 0
|
|
fi
|
|
|
|
log "Running Slither static analysis..."
|
|
|
|
local slither_args=(
|
|
run --rm
|
|
-v "$ROOT_DIR:/src"
|
|
-w /src
|
|
trailofbits/eth-security-toolbox:latest
|
|
slither .
|
|
--json "$REPORT_DIR/slither.json"
|
|
--exclude-dependencies
|
|
--exclude-informational
|
|
)
|
|
|
|
if [[ "$VERBOSE" == "true" ]]; then
|
|
slither_args+=(--print human-summary)
|
|
fi
|
|
|
|
run_step "slither-analysis" $CONTAINER_RUNTIME "${slither_args[@]}" || true
|
|
}
|
|
|
|
run_mythril_analysis() {
|
|
if [[ "$SKIP_MYTHRIL" == "true" ]]; then
|
|
log "Skipping Mythril analysis (HARNESS_SKIP_MYTHRIL=true)"
|
|
return 0
|
|
fi
|
|
|
|
log "Running Mythril symbolic execution..."
|
|
|
|
# Mythril analysis for each contract
|
|
while IFS= read -r -d '' contract; do
|
|
local contract_name=$(basename "$contract" .sol)
|
|
log "Analyzing $contract_name with Mythril..."
|
|
|
|
$CONTAINER_RUNTIME run --rm \
|
|
-v "$ROOT_DIR:/src" \
|
|
-w /src \
|
|
mythril/myth:latest \
|
|
analyze "$contract" \
|
|
--solc-json "$REPORT_DIR/mythril-${contract_name}.json" \
|
|
--max-depth 128 || true
|
|
done < <(find "$ROOT_DIR/contracts" -name "*.sol" -not -path "*/test/*" -print0)
|
|
}
|
|
|
|
generate_audit_report() {
|
|
log "Generating consolidated audit report..."
|
|
|
|
local report_file="$REPORT_DIR/audit-summary.md"
|
|
|
|
cat > "$report_file" << 'EOF'
|
|
# Solidity Contract Audit Report
|
|
|
|
**Date**: $(date '+%Y-%m-%d %H:%M:%S')
|
|
**MEV Bot Version**: $(git describe --tags --always 2>/dev/null || echo "unknown")
|
|
|
|
## Contracts Audited
|
|
|
|
EOF
|
|
|
|
find "$ROOT_DIR/contracts" -name "*.sol" -not -path "*/test/*" | while read contract; do
|
|
echo "- $(basename "$contract")" >> "$report_file"
|
|
done
|
|
|
|
cat >> "$report_file" << 'EOF'
|
|
|
|
## Audit Tools Used
|
|
|
|
- ✅ Foundry (forge test)
|
|
- ✅ Slither (static analysis)
|
|
- ✅ Mythril (symbolic execution)
|
|
|
|
## Results Summary
|
|
|
|
### Foundry Tests
|
|
EOF
|
|
|
|
if [[ -f "$REPORT_DIR/forge-gas.json" ]]; then
|
|
echo "See \`reports/solidity/forge-gas.json\` for detailed gas analysis." >> "$report_file"
|
|
else
|
|
echo "⚠️ No Foundry test results found." >> "$report_file"
|
|
fi
|
|
|
|
cat >> "$report_file" << 'EOF'
|
|
|
|
### Slither Analysis
|
|
EOF
|
|
|
|
if [[ -f "$REPORT_DIR/slither.json" ]]; then
|
|
echo "See \`reports/solidity/slither.json\` for detailed vulnerability analysis." >> "$report_file"
|
|
else
|
|
echo "⚠️ No Slither results found." >> "$report_file"
|
|
fi
|
|
|
|
cat >> "$report_file" << 'EOF'
|
|
|
|
### Mythril Analysis
|
|
EOF
|
|
|
|
local mythril_count=$(find "$REPORT_DIR" -name "mythril-*.json" 2>/dev/null | wc -l)
|
|
if [[ $mythril_count -gt 0 ]]; then
|
|
echo "Found $mythril_count Mythril analysis reports." >> "$report_file"
|
|
else
|
|
echo "⚠️ No Mythril results found." >> "$report_file"
|
|
fi
|
|
|
|
log "Audit report generated: $report_file"
|
|
}
|
|
|
|
# Main execution
|
|
main() {
|
|
log "Starting Solidity Contract Audit Pipeline"
|
|
log "Container runtime: $CONTAINER_RUNTIME"
|
|
|
|
check_contracts
|
|
run_foundry_tests
|
|
run_slither_analysis
|
|
run_mythril_analysis
|
|
generate_audit_report
|
|
|
|
log "✅ Solidity audit pipeline completed successfully"
|
|
log "Reports available in: $REPORT_DIR"
|
|
}
|
|
|
|
main "$@"
|