Home

Awesome

Tealer

Tealer is a static analyzer for Teal code. It parses the Teal program, and builds its CFG. The analyzer comes with a set of vulnerabilities detectors and printers allowing to quickly review the contracts. In addition, tealer allows for custom path discovery through regular expression, and can be configured to follow the group information of the application.

Usage

To detect vulnerabilities

tealer detect --contracts file.teal

To run a printer

tealer print <printer_name> --contracts file.teal

To run the regular expression engine

tealer regex <regex_file.txt> --contracts file.teal

For additional configuration, see the Usage documentation.

Detectors

NumDetectorWhat it detectsApplies ToImpactConfidence
1is-deletableDeletable ApplicationsStatefulHighHigh
2is-updatableUpgradable ApplicationsStatefulHighHigh
3unprotected-deletableUnprotected Deletable ApplicationsStatefulHighHigh
4unprotected-updatableUnprotected Upgradable ApplicationsStatefulHighHigh
5group-size-checkUsage of absolute indexes without validating GroupSizeStateless, StatefulHighHigh
6can-close-accountMissing CloseRemainderTo field ValidationStatelessHighHigh
7can-close-assetMissing AssetCloseTo Field ValidationStatelessHighHigh
8missing-fee-checkMissing Fee Field ValidationStatelessHighHigh
9rekey-toRekeyable Logic SignaturesStatelessHighHigh
10constant-gtxnUnoptimized GtxnStatelessOptimizationHigh
11self-accessUnoptimized self accessStatelessOptimizationHigh
12sender-accessUnoptimized GtxnStatelessOptimizationHigh

For more information, see

Printers

NumPrinterWhat it prints
1call-graphExport the call graph of contract to a dot file
2cfgExport the CFG of entire contract
3human-summaryPrint a human-readable summary of the contract
4subroutine-cfgExport the CFG of each subroutine
5transaction-contextOutput possible values of GroupIndices, GroupSize

Printers output dot files. Use xdot to open the files (sudo apt install xdot).

Regular expression

Tealer can detect if there is a path between a given label and a set of instruction using the regex subcommand: tealer regex regex.txt --contracts file.teal.

The Regular expression file must be on the form:

label =>
  ins1
  ins2

If there is a match, tealer will generate a DOT file with the graph.

For an example, run tealer regex tests/regex/regex.txt --contract tests/regex/vote_approval.teal, with:

Which will generate regex_result.dot.

How to install

pip3 install tealer

Using Git

git clone https://github.com/crytic/tealer.git && cd tealer
make dev

Group configuration

To help tealer reasons about applications that are meant to be run in a group of transaction, the user can provide the group information through a configuration file:

The file format is still in development, and it is likely to evolve in the future

License

Tealer is licensed and distributed under the AGPLv3 license. Contact us if you're looking for an exception to the terms.