{"id":3348,"date":"2022-02-28T08:42:54","date_gmt":"2022-02-28T08:42:54","guid":{"rendered":"https:\/\/www.trustrecipe.in\/?p=3348"},"modified":"2023-11-07T23:20:46","modified_gmt":"2023-11-07T23:20:46","slug":"using-solhint-ethereums-solidity-linter","status":"publish","type":"post","link":"https:\/\/immunebytes.com\/blog\/using-solhint-ethereums-solidity-linter\/","title":{"rendered":"Using Solhint: Ethereum&#8217;s Solidity Linter"},"content":{"rendered":"\n<p><em>An Introduction to Linting Solidity and Formatting with Solhint<\/em><\/p>\n\n\n\n<p>We are back with a new post! And this time we have, Solhint! This is an open-source project for linting Solidity code. Solhint provides both Security and Style Guide validations<\/p>\n\n\n\n<p>Most of the linting solutions available for detecting vulnerabilities in codes of Solidity ? underlying smart contracts in Ethereum ? usually always focus on code compliance with the best linting practices. Solhint covers a wide range of validation rules and also enables developers to add new ones, while complying with the Solidity style guide and granting a 2x?4x boost in performance.&nbsp;<\/p>\n\n\n\n<p><em><strong>With this blog post, we aim to provide an overview of a comprehensive Solhint linter that allows for detecting syntax-related security code vulnerabilities. Let&#8217;s get started!<\/strong><\/em><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Introduction to Solidity Linting<\/h3>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"536\" src=\"https:\/\/www.trustrecipe.in\/wp-content\/uploads\/2022\/02\/USING-SOLHINT-ETHEREUMS-SOLIDITY-LINTER-graphic-min-1024x536.png\" alt=\"\" class=\"wp-image-10200\" srcset=\"https:\/\/immunebytes.com\/blog\/wp-content\/uploads\/2022\/02\/USING-SOLHINT-ETHEREUMS-SOLIDITY-LINTER-graphic-min-1024x536.png 1024w, https:\/\/immunebytes.com\/blog\/wp-content\/uploads\/2022\/02\/USING-SOLHINT-ETHEREUMS-SOLIDITY-LINTER-graphic-min-300x157.png 300w, https:\/\/immunebytes.com\/blog\/wp-content\/uploads\/2022\/02\/USING-SOLHINT-ETHEREUMS-SOLIDITY-LINTER-graphic-min-768x402.png 768w, https:\/\/immunebytes.com\/blog\/wp-content\/uploads\/2022\/02\/USING-SOLHINT-ETHEREUMS-SOLIDITY-LINTER-graphic-min-1170x612.png 1170w, https:\/\/immunebytes.com\/blog\/wp-content\/uploads\/2022\/02\/USING-SOLHINT-ETHEREUMS-SOLIDITY-LINTER-graphic-min-585x306.png 585w, https:\/\/immunebytes.com\/blog\/wp-content\/uploads\/2022\/02\/USING-SOLHINT-ETHEREUMS-SOLIDITY-LINTER-graphic-min.png 1200w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>The Ethereum community has started to develop some great tools that allow users to get closer to the automated workflow that&#8217;s present in more mature languages like Javascript or Goes.<\/p>\n\n\n\n<p>Two of those tools touch the core part of a developer&#8217;s workflow: <strong><em>writing code<\/em><\/strong>.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Linters <\/strong>automatically analyze code for possible programmatic and styling errors (popular example: <a href=\"https:\/\/eslint.org\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>ESLint <\/strong><\/a>for Javascript).<\/li><\/ul>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Formatters <\/strong>automatically format code according to predefined rules and indentation defaults (popular example: <a href=\"https:\/\/go.dev\/blog\/gofmt\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>gofmt<\/strong> <\/a>for Go).<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Using Solhint<\/h3>\n\n\n\n<p><strong>Solhint<\/strong> is a fantastic community linter for the <strong><a href=\"http:\/\/solidity.readthedocs.io\/en\/develop\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Solidity programming language<\/a><\/strong>, which is similar to an automatic code reviewer who flags up security errors and instills best practices during the <strong><a style=\"color: #00d084;\" href=\"https:\/\/immunebytes.com\/blog\/smart-contract-audit\/\"><em>smart contract auditing&nbsp;<\/em><\/a><\/strong>process.<\/p>\n\n\n\n<p>Solhint is a library and a command-line tool for <strong>static analysis<\/strong> of the Solidity code. Unlike its alternatives that mostly focus on checking if the Solidity code complies with the best coding practices, this linter allows for detecting syntax-related security vulnerabilities, supports a wide range of rules, as well as enables to the addition of new ones if necessary.<\/p>\n\n\n\n<p>Solhint uses an <strong><a href=\"http:\/\/www.antlr.org\/\" target=\"_blank\" rel=\"noopener nofollow noreferrer\">antlr4-based<\/a><\/strong> implementation of the Solidity parser, enabling efficient parsing and validation performance. In comparison to other linting solutions, you can achieve a 2x?4x performance boost while linting the source code.<\/p>\n\n\n\n<p>Additionally, the tool also features flexible configuration options such as:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Using a preconfigured set of rules<\/li><li>Customizing default rule sets with the <em>.solhint.json<\/em> file<\/li><li>Managing the configuration rules at the code level, using special comments (e.g., ?<em>solhint-disable-line<\/em>?)<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Installing Solhint<\/h3>\n\n\n\n<p>To install the tool, run the following command:<\/p>\n\n\n\n<p><strong>npm install -g solhint<\/strong><\/p>\n\n\n\n<p><strong>solhint -h<\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Important Commands&nbsp;<\/h3>\n\n\n\n<p>Solhint has three major commands:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>By <strong>default<\/strong>, it receives a list of the file patterns (**\/*.sol, *.sol) and runs an analysis.<\/li><li>It is possible to provide a validating source code to STDIN of this application with the stdin command.<\/li><li>The init-config command allows for creating a basic configuration file that can be customized if needed.<\/li><\/ul>\n\n\n\n<p>One of the many great things about Solhint is that there is built-in integration with text editors such as <a href=\"https:\/\/www.sublimetext.com\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\"><strong>Sublime Text<\/strong><\/a> and <strong><a href=\"https:\/\/atom.io\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Atom<\/a><\/strong>. The delivered plugins enable developers to automatically analyze source code and highlight the elements with errors.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Usage<\/h4>\n\n\n\n<ul class=\"wp-block-list\"><li>First initialize a configuration file, if you don&#8217;t have one. This will create a .solhint.json file with the default rules enabled.&nbsp;<\/li><\/ul>\n\n\n\n<p><strong>solhint &#8211;init<\/strong><\/p>\n\n\n\n<p>The .json file has a format:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"924\" height=\"930\" src=\"https:\/\/www.trustrecipe.in\/wp-content\/uploads\/2023\/08\/carbon-29.png\" alt=\"\" class=\"wp-image-7981\" srcset=\"https:\/\/immunebytes.com\/blog\/wp-content\/uploads\/2023\/08\/carbon-29.png 924w, https:\/\/immunebytes.com\/blog\/wp-content\/uploads\/2023\/08\/carbon-29-298x300.png 298w, https:\/\/immunebytes.com\/blog\/wp-content\/uploads\/2023\/08\/carbon-29-150x150.png 150w, https:\/\/immunebytes.com\/blog\/wp-content\/uploads\/2023\/08\/carbon-29-768x773.png 768w, https:\/\/immunebytes.com\/blog\/wp-content\/uploads\/2023\/08\/carbon-29-585x589.png 585w\" sizes=\"auto, (max-width: 924px) 100vw, 924px\" \/><\/figure>\n\n\n\n<p>This file specifies exactly which rules you want Solhint to lint for. Solhint has a pretty amazing coverage of <strong><a href=\"https:\/\/github.com\/protofire\/solhint\/blob\/master\/docs\/rules.md#security-rules\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Security Rules, Style Guide rules, and Best Practice rules<\/a><\/strong><a href=\"https:\/\/github.com\/protofire\/solhint\/blob\/master\/docs\/rules.md#security-rules\" target=\"_blank\" rel=\"noreferrer noopener\">.<\/a> One thing to keep in mind before diving in is, <strong>very few of the rules are turned on by default<\/strong>.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Then run Solhint with one or more <a href=\"https:\/\/en.wikipedia.org\/wiki\/Glob_(programming)\">Globs<\/a> as arguments.&nbsp;<\/li><\/ul>\n\n\n\n<p>For example, to lint all files inside the contracts directory, you can do the:<\/p>\n\n\n\n<p><strong>solhint &#8216;contracts\/**\/*.sol&#8217;<\/strong><\/p>\n\n\n\n<p>Solhint runs on <strong>globs <\/strong>that match a file pattern. In the above, it runs on all **\/*.sol files in the contracts directory<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>To lint a single file:<\/li><\/ul>\n\n\n\n<p><strong>solhint contracts\/MyToken.sol<\/strong><\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Solhint Script<\/h4>\n\n\n\n<p>Edit your <strong>package.json<\/strong> to include a new script to run Solhint.<\/p>\n\n\n\n<p><strong>&#8220;solhint&#8221;: &#8220;.\/node_modules\/.bin\/solhint -f table contracts\/**\/*.sol&#8221;<\/strong><\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Solhint in action<\/h4>\n\n\n\n<p><strong>npm run solhint<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh5.googleusercontent.com\/QBtFcEmJG5CE3oCfnsN8EatnORgyLhQic6ijQGAfYAVWUrx-2XKNEixDIANz1RbZ5HklTBgyy2SwIfnEJuMstWzmxjBBEr4uKmkZm_XM_RA_2e0stchQJrX6IqKaken5SnH4DOTf\" alt=\"Solhint in action\"\/><\/figure>\n\n\n\n<p><em>Solhint in action<\/em><\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Setting up a rule&nbsp;<\/h4>\n\n\n\n<p>Solhint supports a wide range of rules but if you want to add new ones, here&#8217;s how to do it:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"822\" height=\"706\" src=\"https:\/\/www.trustrecipe.in\/wp-content\/uploads\/2023\/08\/carbon-30.png\" alt=\"\" class=\"wp-image-7982\" srcset=\"https:\/\/immunebytes.com\/blog\/wp-content\/uploads\/2023\/08\/carbon-30.png 822w, https:\/\/immunebytes.com\/blog\/wp-content\/uploads\/2023\/08\/carbon-30-300x258.png 300w, https:\/\/immunebytes.com\/blog\/wp-content\/uploads\/2023\/08\/carbon-30-768x660.png 768w, https:\/\/immunebytes.com\/blog\/wp-content\/uploads\/2023\/08\/carbon-30-585x502.png 585w\" sizes=\"auto, (max-width: 822px) 100vw, 822px\" \/><\/figure>\n\n\n\n<p>For example:&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"806\" height=\"782\" src=\"https:\/\/www.trustrecipe.in\/wp-content\/uploads\/2023\/08\/carbon-31.png\" alt=\"\" class=\"wp-image-7983\" srcset=\"https:\/\/immunebytes.com\/blog\/wp-content\/uploads\/2023\/08\/carbon-31.png 806w, https:\/\/immunebytes.com\/blog\/wp-content\/uploads\/2023\/08\/carbon-31-300x291.png 300w, https:\/\/immunebytes.com\/blog\/wp-content\/uploads\/2023\/08\/carbon-31-768x745.png 768w, https:\/\/immunebytes.com\/blog\/wp-content\/uploads\/2023\/08\/carbon-31-585x568.png 585w\" sizes=\"auto, (max-width: 806px) 100vw, 806px\" \/><\/figure>\n\n\n\n<p>A full list of all supported rules can be found <a href=\"https:\/\/github.com\/protofire\/solhint\/blob\/master\/docs\/rules.md\">here<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Concluding Words<\/h3>\n\n\n\n<p>Solhint is an effective and advanced tool used by auditors and security experts to filter out the bugs present in smart contracts or any code, written in the Solidity language.&nbsp;<\/p>\n\n\n\n<p>The Solhint project is always adapting to new use-cases and evolutions in the blockchain world. Complying with the Solidity style guide, the linter allows developers to detect security vulnerabilities across multiple validation rules and expand the list of them if required while enjoying a 2x?4x performance boost in comparison to alternative solutions.<\/p>\n\n\n\n<p class=\"has-medium-font-size\"><strong>About Us&nbsp;<\/strong><\/p>\n\n\n\n<p><em><a href=\"https:\/\/immunebytes.com\/blog\/\"><strong>ImmuneBytes is a<\/strong> <strong>Blockchain smart contract firm<\/strong><\/a> that employs the industry&#8217;s best tools and practices to provide a comprehensive <strong><a href=\"https:\/\/immunebytes.com\/blog\/smart-contract-audit\/\">smart contract audit<\/a><\/strong>. We have a team of robust and experienced security professionals who are adept at their niches and provide you with a quality service. We have worked on <strong>175+ projects <\/strong>spread across the world on different Blockchain frameworks with some of the industry&#8217;s top firms and we continue to unfold the decentralized movement.<\/em><\/p>\n\n\n\n<p><em>We are also providing consultancy, coming up with a <\/em><a href=\"#\"><em><strong>bug bounty platform<\/strong><\/em><\/a><em>, and also an insurance product to provide our clients with a hassle-free security product catalog. Stay tuned.<\/em><\/p>\n\n\n\n<h5 class=\"wp-block-heading\">Additional Resources<\/h5>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/www.trustrecipe.in\/transfer-in-solidity-why-you-should-stop-using-it\/\"><strong>TRANSFER() IN SOLIDITY: WHY YOU SHOULD STOP USING IT?<\/strong><\/a><\/li><li><a href=\"https:\/\/www.trustrecipe.in\/slither-a-solidity-static-analyzer-for-smart-contracts\/\"><strong>SLITHER: A SOLIDITY STATIC ANALYZER FOR SMART CONTRACTS<\/strong><\/a><\/li><\/ul>\n\n\n<p><\/p>","protected":false},"excerpt":{"rendered":"<p>An Introduction to Linting Solidity and Formatting with Solhint We are back with a new post! And this time we&hellip;<\/p>\n","protected":false},"author":2,"featured_media":10199,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_lmt_disableupdate":"","_lmt_disable":"","footnotes":""},"categories":[94],"tags":[],"class_list":["post-3348","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blockchain"],"_links":{"self":[{"href":"https:\/\/immunebytes.com\/blog\/wp-json\/wp\/v2\/posts\/3348","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/immunebytes.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/immunebytes.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/immunebytes.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/immunebytes.com\/blog\/wp-json\/wp\/v2\/comments?post=3348"}],"version-history":[{"count":16,"href":"https:\/\/immunebytes.com\/blog\/wp-json\/wp\/v2\/posts\/3348\/revisions"}],"predecessor-version":[{"id":10201,"href":"https:\/\/immunebytes.com\/blog\/wp-json\/wp\/v2\/posts\/3348\/revisions\/10201"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/immunebytes.com\/blog\/wp-json\/wp\/v2\/media\/10199"}],"wp:attachment":[{"href":"https:\/\/immunebytes.com\/blog\/wp-json\/wp\/v2\/media?parent=3348"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/immunebytes.com\/blog\/wp-json\/wp\/v2\/categories?post=3348"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/immunebytes.com\/blog\/wp-json\/wp\/v2\/tags?post=3348"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}