ico-arrow-big-left

Maru - Development of a Static Code Analyser for Ethereum Smart Contracts

Key Information

Register
Submit
The challenge is finished.
Show Deadlines

Challenge Overview

Maru is a prototype of a lightweight, fast and extensible code analyser for Ethereum smart contracts. It is in the early development stage, and the work will be largerly crowdsourced via Topcoder community. In this challenge you will take care about misc updates and enhancements specified below.

Technology Stack

Maru is a NodeJS command-line tool, written in TypeScript. Mocha is used as the test framework.

Code Access

The codebase is proprietary, and must not be shared nor used beyond the scope of this challenge, as per the standard Topcoder Terms of Use. In the challenge forum you will find a ZIP archive with the current snapshot of the codebase Git repository. You will work out of the commit 276fb59ecc324bc7fe485518b67cc6218a18b38e.

Individual Requirements

All to be considered as major:

  • Convert all JavaScript code to TypeScript. Fine-tuning of tsconfig.json is allowed; strict type-checking MUST be enabled.
  • Ensure that plugins properly report any exceptions encountered during their execution; i.e. if there is an exception in a Maru analyser module, then an appropriate error message should be shown.
  • Add --output (alias -o) command line option to choose between textual (option set to txt) and JSON (option set to json) outputs. The textual output is implemented already, the JSON one should be implemented in this challenge.
  • Provide --plugin (alias -p) command line option to execute individual plugin(s), specified by names given as comma-separated value of this argument.
  • Update swc-test_cases.js to support the current version of SWC-registry, and work properly for JSON output. Make sure all test cases are executed.
  • Parse the SWCs in https://github.com/SmartContractSecurity/SWC-registry/tree/master/entries and output weakness meta data along with the location information.
  • Update unit tests.
In case of any doubts, do not hesitate to raise questions in the challenge forum!

Final Submission Guidelines

Submit Git patch with your changes, along with any verification notes you might have, and a brief verification video.

Reliability Rating and Bonus

For challenges that have a reliability bonus, the bonus depends on the reliability rating at the moment of registration for that project. A participant with no previous projects is considered to have no reliability rating, and therefore gets no bonus. Reliability bonus does not apply to Digital Run winnings. Since reliability rating is based on the past 15 projects, it can only have 15 discrete values.
Read more.

ELIGIBLE EVENTS:

Topcoder Open 2019

REVIEW STYLE:

Final Review:

Community Review Board
?

Approval:

User Sign-Off
?

CHALLENGE LINKS:

Review Scorecard

?