v0.1.2
Amarna
Amarna is a static-analyzer and linter for the Cairo programming language.
Features
- Finds code-smells and potential vulnerabilities in Cairo code
- Compiler-identical parsing of Cairo code and StarkNet contracts
- Supports creating local and global rules
- Exports the parsed AST of a Cairo file
- Exports static-analysis results to the SARIF format.
Currently supported rules
| # | Rule | What it finds | Impact | Precision |
|---|---|---|---|---|
| 1 | Arithmetic operations | All uses of arithmetic operations +, -, *, and / | Info | High |
| 2 | Unused arguments | Function arguments that are not used in the functions in which they appear | Warning | High |
| 3 | Unused imports | Unused imports | Info | High |
| 4 | Mistyped decorators | Mistyped code decorators | Info | High |
| 5 | Unused functions | Functions that are never called | Info | Medium |
| 6 | Error codes | Function calls that have return values that must be checked | Info | High |
| 7 | Inconsistent assert usage | Asserts that use the same constant in different ways, e.g., assert_le(amount, BOUND) and assert_le(amount, BOUND - 1) |
Warning | High |
| 8 | Dead stores | Variables that are assigned values but not used before a return statement | Info | Medium |
| 9 | Unchecked overflows | Function calls that ignore the returned overflow flags, e.g., uint256_add |
Warning | High |
| 10 | Caller address return value | Function calls to the get_caller_address function. |
Info | High |
| 11 | Storage variable collision | Multiple @storage_var with the same name. |
Warning | High |
| 12 | Implicit function import | Function with decorator @external, @view, @l1_handler that is being implicitly imported. |
Info | High |
| 13 | Unenforced view function | State modification within a @view function |
Info | High |
| 14 | Uninitialized variable | Local variables that are never initialized. | Info | High |