Help developers ship faster, safe code. Olympix was created to meet developers where they are at, integrating with multiple smart contract development environments.
Installation
Launch VS Code Quick Open (Ctrl+P), paste the following command, and press enter.
Visual Studio Code integration for Olympix, a Cybsersecurity Assistant for Web 3 projects written in Solidity.
This extension allows for integration into Visual Studio Code for Olympix. The Olympix extension performs static code analysis on projects written in Solidity. By using the Olympix extension in Visual Studio Code, developers can find potentially dangerous vulnerabilities while developing in real-time.
Features
Analyze multiple opened workspaces
Explore all vulnerabilities at once for all solidity files in the workspace
View results as native Visual Studio Code information/warnings/errors
See annotations for relevant source code for each issue
Requirements
Visual Studio Code 1.80.0 or higher
Installation
Install Olympix from the Visual Studio Marketplace within the Extensions tab of Visual Studio Code.
Getting Started
Install Olympix from the marketplace.
Enter your email and click on 'Get Access'.
A new Olympix account will be created for you.
Check your email for the code and enter it in the 'Apply Code' section.
Open a Solidity project in Visual Studio Code.
Click on 'Start Analysis' to analyze your Solidity code.
Vulnerabilities Detected
Vulnerability
Severity
Confidence
Notes
transferFrom uses arbitrary from
High
High
100% implemented
Modifying storage array by value
High
High
100% implemented
The order of parameters in a shift instruction is incorrect
High
High
It is not checking to see that the shr() / shl() functions are wrapped in an assembly block
Multiple constructor schemes
High
High
100% implemented
Contract's name reused
High
High
It currently only checks for name collision in the same file
Right-To-Left-Override control character is used
High
High
100% implemented
State variables shadowing
Low
High
It doesn't check for inheritance
Functions allowing anyone to destruct the contract
High
High
100% implemented
Uninitialized state variables
High
High
100% implemented
Tainted array length assignment
High
Medium
100% implemented
msg.value inside a loop
Medium
Medium
100% implemented
Signed storage integer array compiler bug
High
High
100% implemented
Weak PRNG
High
Medium
It doesn't check for now; does check for div, and checks for a few other block.X properties
Detects ERC20 tokens with function whose collides with EIP-2612's DOMAIN_SEPARATOR()
Medium
High
100% implemented
Dangerous strict equalities
Low
Medium
It only checks for ether balance comparisons, not token balances
Contracts that lock ether
High
High
100% implemented
Dangerous usage of tx.origin
High
High
100% implemented
Local variables shadowing
Low
High
100% implemented
Uninitialized function pointer calls in constructors
Low
High
100% implemented
Multiple calls in a loop
Low
Medium
100% implemented
Missing Events Arithmetic Overflow/Underflow
Low
Medium
100% implemented
Dangerous unary expressions
Medium
Medium
100% implemented
Dangerous usage of block.timestamp
High
Medium
It checks this only in the context of suspected "weak PRNG" situations