This is an open source project for linting Solidity code. This project provides both Security and Style Guide validations.
You can install Solhint using npm:
npm install -g solhint
# verify that it was installed correctly
solhint -V
For linting Solidity files you need to run Solhint with one or more Globs as arguments. For example, to lint all files inside contracts
directory, you can do:
solhint contracts/**/*.sol
To lint a single file:
solhint contracts/MyToken.sol
Solhint command description:
Usage: solhint [options] <file> [...other_files]
Linter for Solidity programming language
Options:
-V, --version output the version number
-f, --formatter [name] report formatter name (stylish, table, tap, unix)
-h, --help output usage information
Commands:
stdin [options] put source code to stdin of this utility
init-config create sample solhint config in current folder
You can use a .solhint.json
file to configure solhint globally. This file has the following
format:
{
"extends": "default",
"rules": {
"avoid-throw": false,
"avoid-suicide": "error",
"avoid-sha3": "warn",
"indent": ["warn", 4]
}
}
You can use comments in the source code to configure solhint in a given line or file.
For example, to disable all validations in the line following a comment:
// solhint-disable-next-line
uint[] a;
You can disable a single rule on a given line. For example, to disable validation of fixed compiler version in the next line:
// solhint-disable-next-line compiler-fixed, compiler-gt-0_4
pragma solidity ^0.4.4;
Disable validation on current line:
pragma solidity ^0.4.4; // solhint-disable-line
Disable validation of fixed compiler version validation on current line:
pragma solidity ^0.4.4; // solhint-disable-line compiler-fixed, compiler-gt-0_4
You can disable a rule for a group of lines:
/* solhint-disable avoid-throw */
if (a > 1) {
throw;
}
/* solhint-enable avoid-throw */
Or disable all validations for a group of lines:
/* solhint-disable */
if (a > 1) {
throw;
}
/* solhint-enable */
Rule ID | Error |
---|---|
reentrancy | Possible reentrancy vulnerabilities. Avoid state changes after transfer. |
avoid-sha3 | Use "keccak256" instead of deprecated "sha3" |
avoid-suicide | Use "selfdestruct" instead of deprecated "suicide" |
avoid-throw | "throw" is deprecated, avoid to use it |
func-visibility | Explicitly mark visibility in function |
state-visibility | Explicitly mark visibility of state |
check-send-result | Check result of "send" call |
avoid-call-value | Avoid to use ".call.value()()" |
compiler-fixed | Compiler version must be fixed |
compiler-gt-0_4 | Use at least '0.4' compiler version |
no-complex-fallback | Fallback function must be simple |
mark-callable-contracts | Explicitly mark all external contracts as trusted or untrusted |
multiple-sends | Avoid multiple calls of "send" method in single transaction |
no-simple-event-func-name | Event and function names must be different |
avoid-tx-origin | Avoid to use tx.origin |
no-inline-assembly | Avoid to use inline assembly. It is acceptable only in rare cases |
not-rely-on-block-hash | Do not rely on "block.blockhash". Miners can influence its value. |
avoid-low-level-calls | Avoid to use low level calls. |
* - All security rules implemented according ConsenSys Guide for Smart Contracts
Rule ID | Error |
---|---|
func-name-mixedcase | Function name must be in camelCase |
func-param-name-mixedcase | Function param name must be in mixedCase |
var-name-mixedcase | Variable name must be in mixedCase |
event-name-camelcase | Event name must be in CamelCase |
const-name-snakecase | Constant name must be in capitalized SNAKE_CASE |
modifier-name-mixedcase | Modifier name must be in mixedCase |
contract-name-camelcase | Contract name must be in CamelCase |
use-forbidden-name | Avoid to use letters 'I', 'l', 'O' as identifiers |
visibility-modifier-order | Visibility modifier must be first in list of modifiers |
imports-on-top | Import statements must be on top |
two-lines-top-level-separator | Definition must be surrounded with two blank line indent |
func-order | Function order is incorrect |
quotes | Use double quotes for string literals |
no-mix-tabs-and-spaces | Mixed tabs and spaces |
indent | Indentation is incorrect |
bracket-align | Open bracket must be on same line. It must be indented by other constructions by space |
array-declaration-spaces | Array declaration must not contains spaces |
separate-by-one-line-in-contract | Definitions inside contract / library must be separated by one line |
expression-indent | Expression indentation is incorrect. |
statement-indent | Statement indentation is incorrect. |
space-after-comma | Comma must be separated from next element by space |
no-spaces-before-semicolon | Semicolon must not have spaces before |
* - All style guide rules implemented according Solidity Style Guide
Rule ID | Error |
---|---|
max-line-length | Line length must be no more than 120 but current length is 121. |
payable-fallback | When fallback is not payable you will not be able to receive ethers |
no-empty-blocks | Code contains empty block |
no-unused-vars | Variable "name" is unused |
function-max-lines | Function body contains "count" lines but allowed no more than "maxLines" lines |
code-complexity | Function has cyclomatic complexity "current" but allowed no more than "max" |
max-states-count | Contract has "curCount" states declarations but allowed no more than "max" |
Related documentation you may find there.
- Sublime Text 3
- Atom
- Vim
- JetBrains IDEA, WebStorm, CLion, etc.
- VS Code: Solidity by Juan Blanco
- VS Code: Solidity Language Support by CodeChain.io
MIT