Home

Awesome

Caracal

Caracal is a static analyzer tool over the SIERRA representation for Starknet smart contracts.

Features

Installation

Precompiled binaries

Precompiled binaries are available on our releases page. If you are using Cairo compiler 1.x.x uses the binary v0.1.x otherwise if you are using the Cairo compiler 2.x.x uses v0.2.x.

Building from source

You need the Rust compiler and Cargo. Building from git:

cargo install --git https://github.com/crytic/caracal --profile release --force

Building from a local copy:

git clone https://github.com/crytic/caracal
cd caracal
cargo install --path . --profile release --force

Usage

List detectors:

caracal detectors

List printers:

caracal printers

Standalone

To use with a standalone cairo file and you have a local cairo compiler binary it's enough to point it to the file. Otherwise otherwise a bundled compiler is used and you need to pass the path to the corelib library either with the --corelib cli option or by setting the CORELIB_PATH environment variable.
Run detectors:

caracal detect path/file/to/analyze

caracal detect path/file/to/analyze --corelib path/to/corelib/src

Run printers:

caracal print path/file/to/analyze --printer printer_to_use --corelib path/to/corelib/src

Cairo project

If you have a cairo project with multiple files and contracts you may need to specify which contracts with --contract-path. The local cairo compiler binary is used if available otherwise a bundled compiler is used. In the latter case you also need to specify the corelib as explained above for the standalone case. The path is the directory where cairo_project.toml resides.
Run detectors:

caracal detect path/to/dir

caracal detect path/to/dir --contract-path token::myerc20::... token::myerc721::...

Run printers:

caracal print path/to/dir --printer printer_to_use

Scarb

If you have a project that uses Scarb you need to add the following in Scarb.toml:

[[target.starknet-contract]]
sierra = true

[cairo]
sierra-replace-ids = true

Then pass the path to the directory where Scarb.toml resides. Run detectors:

caracal detect path/to/dir

Run printers:

caracal print path/to/dir --printer printer_to_use

Detectors

NumDetectorWhat it DetectsImpactConfidenceCairo
1controlled-library-callLibrary calls with a user controlled class hashHighMedium1 & 2
2unchecked-l1-handler-fromDetect L1 handlers without from address checkHighMedium1 & 2
3felt252-unsafe-arithmeticDetect user controlled operations with felt252 type, which is not overflow/underflow safeMediumMedium1 & 2
4reentrancyDetect when a storage variable is read before an external call and written afterMediumMedium1 & 2
5read-only-reentrancyDetect when a view function read a storage variable written after an external callMediumMedium1 & 2
6unused-eventsEvents defined but not emittedMediumMedium1 & 2
7unused-returnUnused return valuesMediumMedium1 & 2
8unenforced-viewFunction has view decorator but modifies stateMediumMedium1
9tx-originDetect usage of the transaction origin address as access controlMediumMedium2
10unused-argumentsUnused argumentsLowMedium1 & 2
11reentrancy-benignDetect when a storage variable is written after an external call but not read beforeLowMedium1 & 2
12reentrancy-eventsDetect when an event is emitted after an external call leading to out-of-order eventsLowMedium1 & 2
13dead-codePrivate functions never usedLowMedium1 & 2
14use-after-pop-frontDetect use of an array or a span after removing element(s)LowMedium1 & 2

The Cairo column represent the compiler version(s) for which the detector is valid.

Printers

How to contribute

Check the wiki on the following topics:

Limitations