Oxorio Auditor Tools

A Visual Studio Code extension providing specialized tools for Oxorio Solidity auditors to streamline the audit process, manage findings, and generate comprehensive reports. This extension integrates with GitHub and requires access to Oxorio's audits repository for certain features.

Oxorio Auditor Tools

Installation

Open Visual Studio Code
Go to Extensions (Ctrl+Shift+X / Cmd+Shift+X)
Search for "Oxorio Auditor"
Click Install

Requirements

Visual Studio Code 1.60.0 or higher
Inline Bookmarks extension
GitHub account with access to Oxorio's audits repository

Configuration

Add this configuration for the Inline Bookmarks plugin to your global (not workspace) user settings.json:

"inline-bookmarks.default.words.purple": "",
"inline-bookmarks.default.words.red": "",
"inline-bookmarks.default.words.green": "",
"inline-bookmarks.default.words.blue": "",
"inline-bookmarks.expert.custom.words.mapping": {
    "critical": ["@audit-c\\s"],
    "major": ["@audit-m\\s"],
    "warning": ["@audit-w\\s"],
    "info": ["@audit-i\\s"],
    "note": ["@audit\\s"],
},
"inline-bookmarks.expert.custom.styles": {
    "critical": {
        "gutterIconColor": "#F7075D",
        "overviewRulerColor": "#F7075D",
        "light": {
            "color": "#F7075D",
            "fontWeight": "bold",
            "textDecoration": "underline",
        },
        "dark": {
            "color": "#F7075D",
            "fontWeight": "bold",
            "textDecoration": "underline",
        }
    },
    "major": {
        "gutterIconColor": "#FD991F",
        "overviewRulerColor": "#FD991F",
        "light": {
            "color": "#FD991F",
            "fontWeight": "bold",
            "textDecoration": "underline",
        },
        "dark": {
            "color": "#FD991F",
            "fontWeight": "bold",
            "textDecoration": "underline",
        }
    },
    "warning": {
        "gutterIconColor": "#AE82F3",
        "overviewRulerColor": "#AE82F3",
        "light": {
            "color": "#AE82F3",
            "fontWeight": "bold",
            "textDecoration": "underline",
        },
        "dark": {
            "color": "#AE82F3",
            "fontWeight": "bold",
            "textDecoration": "underline",
        }
    },
    "info": {
        "gutterIconColor": "#66D9EF",
        "overviewRulerColor": "#66D9EF",
        "light": {
            "color": "#66D9EF",
            "fontWeight": "bold",
            "textDecoration": "underline",
        },
        "dark": {
            "color": "#66D9EF",
            "fontWeight": "bold",
            "textDecoration": "underline",
        }
    },
    "note": {
        "gutterIconColor": "#d3d3d3",
        "overviewRulerColor": "#d3d3d3",
        "light": {
            "color": "#d3d3d3",
            "fontWeight": "light",
        },
        "dark": {
            "color": "#d3d3d3",
            "fontWeight": "light",
        }
    }
}

Features

Issue Bookmarking

The extension supports different severity levels for audit findings using inline comments:

Mark	Severity	Description
@audit-c	CRITICAL	Critical security issues that must be fixed
@audit-m	MAJOR	Major issues that pose significant risks
@audit-w	WARNING	Warning level issues that should be addressed
@audit-i	INFO	Informational findings and suggestions
@audit	NOTE	Internal notes (not included in the report)

Report Generation

The extension provides several commands for report generation:

Markdown Report Generation

Use the Generate Markdown Audit Report for Workspace command to collect all @audit-X bookmarks in the current workspace and generate a new Markdown report with the identified issues. You will be prompted to input the client's repository link and the hash of the auditing commit.

PDF Report Generation

To generate a PDF audit report, open the markdown report and execute the Generate PDF Audit Report from Markdown command. You will need to choose an existing web report or create a new one. Please note that selecting an existing web report will overwrite it.

The report will be generated and uploaded to the Oxorio Slack workspace.

Updating the Report with Client Responses

To update the audit markdown report and add client responses as well as issue statuses, execute the Import Web Audit Report command and provide the Report ID that was used during the generation of the PDF report for the client.

Troubleshooting

If you encounter any problems, run the Developer: Show logs -> Extension Host commands to view the extension logs.

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

License

[License Type] - See LICENSE for more information.

About Oxorio Security Audits

Oxorio is a leading blockchain security firm specializing in smart contract audits for DeFi, NFT, and Web3 projects. Our team has audited major protocols including Lido, 1inch, Fathom, and many others.

Our Services

Smart Contract Security Audits
DeFi Protocol Reviews
Web3 Security Consulting
Custom Security Solutions

Request an Audit

🌐 Visit oxor.io to request an audit
📋 Review our previous audits to see our expertise
📧 Contact us through our website for custom requirements

Oxorio Auditor

Oxorio