Solidity Visual Auditor Extension for VS Code

Today we’d like to introduce you to Solidity Visual Auditor, an extension for the popular Visual Studio Code editor.

Although we initially built Solidity Visual Auditor for our own use as auditors, we soon realized that security-conscious Solidity developers could also use these powerful tools to write safer code and get better insight into the complexity of their own contract systems.

Take a look at some of the features:

Visualizations

As auditors, we frequently use visualizations to quickly understand how code fits together. Solidity Visual Auditor’s “codelenses” give you easy access to a variety of useful visualization techniques.

UML

UML diagrams are one useful visualization technique and can be especially helpful for documenting your code.

Surya graphs and reports

The extension makes it even easier to generate a lot of the outputs available with our popular surya CLI tool.

Call graphs

The graph command gives you a nice dynamic view of the functions in the system and which ones call which.

Inheritance graphs

The inheritance command gives you an easy-to-read summary of the inheritance graph.

Function summaries

The report command generates a markdown report listing each function, its visibility, and the modifiers on it.

Abstract Syntax Tree

The parse command gives you a text based representation of the abstract syntax tree (AST).

Function tracing

ftrace prints all the functions reachable from the current function.

Other Features

Solidity Visual Auditor goes beyond visualizations, providing contextual information right in the editor.

Tooltip documentation

Tooltips give you easy access to important information about Solidity’s language features:


They even have information about assembly instructions 1:

Semantic highlighting

State variable tracing provides useful semantic information, including:

Warnings about shadowed variables:


Indicators for inherited state variables:

Bookmarking with inline comments

Add in @audit bookmarks to flag lines for security review or even start a security review discussion.

There are two ways to do this. Notice how clearly you can now refer to previous flags from the line numbers.

Get function selectors

For one reason or another, we often find ourselves generating a list of the function selectors in the smart contract. You can do this with solc --hashes MyContract.sol, or you can use Solidity Visual Auditor’s hashes command:


Summary

Whether you’re developing your own smart contracts or auditing someone else’s, Solidity Visual Auditor will put valuable information and insights right where you need them. We’d love for you to try it out and let us know what you think. (Issues are welcome in the GitHub repo.)


  1. Obligatory reminder to use extreme caution if you insist on writing assembly.

More posts chevronRight icon