Olympix (Visual Studio Code Extension)
Visual Studio Code integration for Olympix, a Cybsersecurity Assistant for Web 3 projects written in Solidity.
This extension allows for integration into Visual Studio Code for Olympix. The Olympix extension performs static code analysis on projects written in Solidity. By using the Olympix extension in Visual Studio Code, developers can find potentially dangerous vulnerabilities while developing in real-time.
Features
- Analyze multiple opened workspaces
- Explore all vulnerabilities at once for all solidity files in the workspace
- View results as native Visual Studio Code information/warnings/errors
- See annotations for relevant source code for each issue
Requirements
- Visual Studio Code 1.80.0 or higher
Installation
Install Olympix from the Visual Studio Marketplace within the Extensions tab of Visual Studio Code.
Getting Started
- Install
Olympix from the marketplace.
- Enter your email and click on 'Get Access'.
- A new Olympix account will be created for you.
- Check your email for the code and enter it in the 'Apply Code' section.
- Open a Solidity project in Visual Studio Code.
- Click on 'Start Analysis' to analyze your Solidity code.
Configurations
You can toggle the visibility of vulnerabilities by accessing the configuration cog in the extension.
For more granular control, you can suppress specific vulnerability instances by adding the following comment either on the preceding line or at the end of the target line:
function someVulnerableLine(address alice, address bob, uint256 amount) public {
//#olympix:ignore
transferFrom(msg.sender, alice, amount);
transferFrom(msg.sender, bob, amount); //#olympix:ignore
}
This will hide the flagged vulnerabilities for the corresponding lines while keeping the rest visible.
Vulnerabilities Detected
| Vulnerability |
Severity |
Confidence |
Disabled by default |
| abi.encode() with Nested Array |
High |
High |
|
| abi.encodePacked() with Dynamic Types |
High |
High |
|
| Array Parameter Location |
High |
High |
|
| Directional Override Character |
High |
High |
|
| Locked Ether |
High |
High |
|
| Multiple Constructors |
High |
High |
|
| Nested Struct in Mapping |
High |
High |
|
| Same Named Contracts |
High |
High |
ENABLE IT ON SETTINGS |
| Signed Integer Array |
High |
High |
|
| Swapped Shift Parameters |
High |
High |
|
| Unenforced State Maintenance Keywords |
High |
High |
|
| Uninitialized Local Storage |
High |
High |
|
| Unsafe Self-destruct |
High |
High |
|
| Arbitrary Address Spoofing Attack |
High |
Medium |
|
| Arbitrary delegatecall |
High |
Medium |
|
| Arbitrary Sending of Ether |
High |
Medium |
|
| Arbitrary transferFrom() |
High |
Medium |
|
| Array Length Assignment |
High |
Medium |
|
| Assembly return instead of leave |
High |
Medium |
|
| Block Randomness |
High |
Medium |
|
| Calls Assembly return |
High |
Medium |
|
| Delegatecall in Loop |
High |
Medium |
|
| ERC-20 Interface |
High |
Medium |
|
| ERC-721 Interface |
High |
Medium |
|
| Increasing Length Array as Loop Variable |
High |
Medium |
|
| Potential Reentrancy |
High |
Medium |
|
| Unchecked Token Transfer |
High |
Medium |
|
| Enum Conversion Out of Range |
Medium |
High |
|
| Struct with Mapping Deletion |
Medium |
High |
|
| Unchecked Block with Subtraction |
Medium |
High |
|
| Uninitialized State Variable |
Medium |
Medium |
ENABLE IT ON SETTINGS |
| Faulty Division Operation |
Medium |
Medium |
|
| Owner as Single Point of Failure |
Medium |
Medium |
|
| Required tx.origin |
Medium |
Medium |
|
| Reused msg.value |
Medium |
Medium |
|
| Unary Plus Expression |
Medium |
Medium |
|
| Unchecked Low Level Call |
Medium |
Medium |
|
| Unchecked Send |
Medium |
Medium |
|
| Unused Return from Function Call |
Medium |
Medium |
|
| Default Visibility |
Low |
High |
ENABLE IT ON SETTINGS |
| Shadowing State |
Low |
High |
|
| Strict Ether Balance Check |
Low |
High |
|
| Unbounded Pragma |
Low |
High |
|
| Uninitialized Function Pointer in Constructor |
Low |
High |
|
| Use of tx.origin |
Low |
High |
|
| Call without Gas Budget |
Low |
Medium |
|
| Calls in Loop |
Low |
Medium |
|
| Downcast of Number to Address |
Low |
Medium |
|
| Empty Payable Fallback |
Low |
Medium |
|
| Expects Optional ERC-20 Functionality |
Low |
Medium |
|
| External Call Potential Out of Gas |
Low |
Medium |
|
| Missing Events on Price Change |
Low |
Medium |
ENABLE IT ON SETTINGS |
| Missing Gap Variable |
Low |
Medium |
|
| No Access Control on Payable Fallback |
Low |
Medium |
|
| No Parameter Validation in Constructor |
Low |
Medium |
ENABLE IT ON SETTINGS |
| Possible Division by Zero |
Low |
Medium |
|
| Reentrancy Affecting Events Ordering |
Low |
Medium |
|
| Shadowing Builtin Name |
Low |
Medium |
|
| Shadowing Reserved Keyword |
Low |
Medium |
ENABLE IT ON SETTINGS |
| uint to int Conversion |
Low |
Medium |
|
| Unsafe Downcast |
Low |
Medium |
|
| Zero as Parameter |
Low |
Medium |
|
