This article describes how to use the smart contract analyzer in the Alibaba Cloud BaaS Developers Service. Smart Contract Analyzer can detect and locate vulnerabilities in a smart contract, as well as violations of best practices, and then summarize these issues in the form of analysis reports. The analysis report also contains a detailed description of the vulnerability and best practices.
Use smart contract analyzer
Visit Alibaba Cloud BaaS Management Console. Click Application Development Services > Smart contract analyzing on the left navigation bar to enter the Smart Contract Analyzer page.
Create a smart contract analysis task. On the Smart Contract Analyzer page, click on Create Task on the right.
Upload smart contract, set Task Name and Contract Type, then click Create.
NoteThe file format supports the .sol source file, the .go source file, and the .tar.gz or .tar package. The contract type currently supports both Solidity and Fabric-Golang smart contract.
Check the analyzing status. You can click the “Refresh” button to refresh the status of the current contract analyzing task.
NoteGenerally, the smart contract analyzing task lasts for about 10 seconds to 2 minutes.
Download the smart contract analysis report. After the task is completed, you can click the Download button to download the analysis report.
Interpretation of the analysis report. The content of analysis report is categorized by the type of vulnerabilities found and the occurrence number of each vulnerability is shown as well.
Interpretation of vulnerability details. Click on the vulnerability to unfold the detailed description.
NoteThe Show Code/Hide Code button can show/hide the relevant code segments in the smart contract. The Explanation button can display a detailed description of this vulnerability and provide sample code for your reference. Click on Explanation again to close the popup.