Solidity Visual Auditor Extension for VS Code
Today we’d like to introduce you to Solidity Visual Auditor, an extension for the popular Visual Studio Code editor.
Although we initially built Solidity Visual Auditor for our own use as auditors, we soon realized that security-conscious Solidity developers could also use these powerful tools to write safer code and get better insight into the complexity of their own contract systems.
Take a look at some of the features:
As auditors, we frequently use visualizations to quickly understand how code fits together. Solidity Visual Auditor’s “codelenses” give you easy access to a variety of useful visualization techniques.
UML diagrams are one useful visualization technique and can be especially helpful for documenting your code.
Surya graphs and reports
The extension makes it even easier to generate a lot of the outputs available with our popular surya CLI tool.
graph command gives you a nice dynamic view of the functions in the system and which ones call which.
inheritance command gives you an easy-to-read summary of the inheritance graph.
report command generates a markdown report listing each function, its visibility, and the modifiers on it.
Abstract Syntax Tree
parse command gives you a text based representation of the abstract syntax tree (AST).
ftrace prints all the functions reachable from the current function.
Solidity Visual Auditor goes beyond visualizations, providing contextual information right in the editor.
Tooltips give you easy access to important information about Solidity’s language features:
They even have information about assembly instructions 1:
State variable tracing provides useful semantic information, including:
Warnings about shadowed variables:
Indicators for inherited state variables:
Bookmarking with inline comments
@audit bookmarks to flag lines for security review or even start a security review discussion.
There are two ways to do this. Notice how clearly you can now refer to previous flags from the line numbers.
Get function selectors
For one reason or another, we often find ourselves generating a list of the function selectors in the smart contract. You can do this with
solc --hashes MyContract.sol, or you can use Solidity Visual Auditor’s
Whether you’re developing your own smart contracts or auditing someone else’s, Solidity Visual Auditor will put valuable information and insights right where you need them. We’d love for you to try it out and let us know what you think. (Issues are welcome in the GitHub repo.)
Obligatory reminder to use extreme caution if you insist on writing assembly. ↩︎