🧮 How to use solium (Ethlint) to audit smart contracts

Ethlint (formerly solium) is a tool that analyze your smart contract for style and security issues.

It can be installed easily with npm:

# npm install -g ethlint

Once installed, we can initialize a project in the current directory like this:

$ solium -i

This will create .soliumrc.json and .soliumignore files under the current directory.

By default, solium has the following configuration:

$ cat .soliumrc.json 
{
"extends": "solium:recommended",
"plugins": [
"security"
],
"rules": {
"quotes": [
"error",
"double"
],
"indentation": [
"error",
4
],
"linebreak-style": [
"error",
"unix"
]
}
}

Now we can run solium on our contract:

$ solium -f blind-auction.sol 
blind-auction.sol
28:19 error Syntax error: unexpected token (

WARNING: It seems not to work very well with pragma solidity ^0.8.4;

$ head -2 blind-auction.sol 
// SPDX-License-Identifier: GPL-3.0
pragma solidity ^0.8.4;

Advanced usage:

$ solium --help 
Usage: solium [options] <keyword>
Linter to find & fix style and security issues in Solidity smart contracts.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
The Unweary Pentester 🥷

Pentesting since 2001. Writing about infrastructure, Linux, Windows, Web and blockchain cybersecurity