Solgrep - A grammar aware Solidity query tool

Celades Pons, Ferran

Please use this identifier to cite or link to this item: http://hdl.handle.net/10609/145646

Title:	Solgrep - A grammar aware Solidity query tool
Author:	Celades Pons, Ferran
Tutor:	Ballesteros Rodríguez, Alberto
Abstract:	In the last few years, the blockchain usage has been growing rapidly. A lot of industries have been using and developing blockchain platforms to perform decentralized computations. One of the most popular underlying technologies is the Ethereum blockchain. Executing, verifying and enforcing credible computable transactions on blockchains is done using smart contracts which the code is written using a Turing complete language. Those contracts are typically written in a high-level programming language called Solidity, then compiled to Ethereum Virtual Machine (EVM) assembly instructions and deployed to the Ethereum blockchain. So many tools have been written to analyze and find vulnerabilities in Solidity smart contracts from a static and dynamic standpoint. However, none of the already developed tools allow easy contribution by the community without actually having to modify the tool source code itself or write complex syntax specific queries. In this project we have created Solgrep. Solgrep is a tool that allows static semantic aware search on Solidity code. The initial idea of Solgrep was to be used as part of Smart Contracts Solidity Audits as a remarkable tool in the arsenal of an auditor. However, it was noticed that this tool could be easily integrated with current Solidity development stacks to find common bad patterns and coding mistakes that Solidity developers tend to do.
Keywords:	Semgrep AST grammar YAML Node.js
Document type:	info:eu-repo/semantics/masterThesis
Issue Date:	31-May-2022
Publication license:	http://creativecommons.org/licenses/by-nc-nd/3.0/es/
Appears in Collections:	Trabajos finales de carrera, trabajos de investigación, etc.