Skip to main content

Teal analyzer.

Project description

Tealer

Tealer is a static analyzer for Teal code. It parses the Teal program, and builds its CFG. The analyzer comes with a set of vulnerabilities detectors and printers allowing to quickly review the contracts. In addition, tealer allows for custom path discovery through regular expression, and can be configured to follow the group information of the application.

Usage

To detect vulnerabilities

tealer detect --contracts file.teal

To run a printer

tealer print <printer_name> --contracts file.teal

To run the regular expression engine

tealer regex <regex_file.txt> --contracts file.teal

For additional configuration, see the Usage documentation.

Detectors

Num Detector What it detects Applies To Impact Confidence
1 is-deletable Deletable Applications Stateful High High
2 is-updatable Upgradable Applications Stateful High High
3 unprotected-deletable Unprotected Deletable Applications Stateful High High
4 unprotected-updatable Unprotected Upgradable Applications Stateful High High
5 group-size-check Usage of absolute indexes without validating GroupSize Stateless, Stateful High High
6 can-close-account Missing CloseRemainderTo field Validation Stateless High High
7 can-close-asset Missing AssetCloseTo Field Validation Stateless High High
8 missing-fee-check Missing Fee Field Validation Stateless High High
9 rekey-to Rekeyable Logic Signatures Stateless High High
10 constant-gtxn Unoptimized Gtxn Stateless Optimization High
11 self-access Unoptimized self access Stateless Optimization High
12 sender-access Unoptimized Gtxn Stateless Optimization High

For more information, see

Printers

Num Printer What it prints
1 call-graph Export the call graph of contract to a dot file
2 cfg Export the CFG of entire contract
3 human-summary Print a human-readable summary of the contract
4 subroutine-cfg Export the CFG of each subroutine
5 transaction-context Output possible values of GroupIndices, GroupSize

Printers output dot files. Use xdot to open the files (sudo apt install xdot).

Regular expression

Tealer can detect if there is a path between a given label and a set of instruction using the regex subcommand: tealer regex regex.txt --contracts file.teal.

The Regular expression file must be on the form:

label =>
  ins1
  ins2

If there is a match, tealer will generate a DOT file with the graph.

For an example, run tealer regex tests/regex/regex.txt --contract tests/regex/vote_approval.teal, with:

Which will generate regex_result.dot.

How to install

pip3 install tealer

Using Git

git clone https://github.com/crytic/tealer.git && cd tealer
python3 setup.py install

We recommend to install the tool in a virtualenv.

Group configuration

To help tealer reasons about applications that are meant to be run in a group of transaction, the user can provide the group information through a configuration file:

The file format is still in development, and it is likely to evolve in the future

License

Slither is licensed and distributed under the AGPLv3 license. Contact us if you're looking for an exception to the terms.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

tealer-0.1.0.tar.gz (174.2 kB view details)

Uploaded Source

Built Distribution

tealer-0.1.0-py3-none-any.whl (232.3 kB view details)

Uploaded Python 3

File details

Details for the file tealer-0.1.0.tar.gz.

File metadata

  • Download URL: tealer-0.1.0.tar.gz
  • Upload date:
  • Size: 174.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.10.9

File hashes

Hashes for tealer-0.1.0.tar.gz
Algorithm Hash digest
SHA256 49851ede367747239b5a7aa0505b7db354d6a95aa12f527e81a99c82f4efdeb2
MD5 f2ac15aefdcde188ad2262c1e53c0f53
BLAKE2b-256 479014851fcf4f6d6bca7d3d695f567315765ce9e33907f57217cb5d0f41d70d

See more details on using hashes here.

File details

Details for the file tealer-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: tealer-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 232.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.10.9

File hashes

Hashes for tealer-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 826472332803a5c624330e3ed016d8e49b1e913d8ffec041c44460316bf235ed
MD5 547684473e443a632988380cfb11b846
BLAKE2b-256 bf8928b23d60352e053e267caf46c5eccbe050a22dd50db0aaf5b14fb20d75ad

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page