This article describes how to use the smart contract analyzer in the Alibaba Cloud BaaS Developers Service. Smart Contract Analyzer can detect and locate vulnerabilities in a smart contract, as well as violations of best practices, and then summarize these issues in the form of analysis reports. The analysis report also contains a detailed description of the vulnerability and best practices.
Visit Alibaba Cloud BaaS Management Console。Click the drop-down button in the left navigation bar and select “Smart contract analyzing” to enter the Smart Contract Analyzer page.
Create a smart contract analysis task. On the Smart Contract Analyzer page, click on “Create Task” on the right.
Upload smart contract，set “Task Name” and “Contract Type”, then click “Create”。
- The file format supports the .sol source file, the .go source file, and the .tar.gz or .tar package.
- The contract type currently supports both Solidity and Fabric-Golang smart contract.
- Check the analyzing status. You can click the “Refresh” button to refresh the status of the current contract analyzing task.
Note: Generally, the smart contract analyzing task lasts for about 10 seconds to 2 minutes.
Download the smart contract analysis report. After the task is completed, you can click the “Download” button to download the analysis report.
Interpretation of the analysis report. The content of analysis report is categorized by the type of vulnerabilities found and the occurrence number of each vulnerability is shown as well.
Interpretation of vulnerability details. Click on the vulnerability to unfold the detailed description.
Note: The Show Code/Hide Code button can show/hide the relevant code segments in the smart contract. The “Explanation” button can display a detailed description of this vulnerability and provide sample code for your reference. Click on “Explanation” again to close the popup.