Running a Scan with CodeHound
CodeHound offers various ways to run scans on your Solidity code, whether it's standalone files, full projects, or using an EVM smart contract address. This guide will explain each option and provide best practices to ensure your scan runs smoothly.
General Requirements
Regardless of how you choose to submit your code - either by file upload, GitHub connection, or smart contract address - the code must be structured properly and ready to be compiled. CodeHound performs static analysis and compiles your code server-side. If the structure isn't correct, the scan will fail.
Standalone File Scans
If you’re uploading standalone Solidity files, make sure they are flattened and include a pragma solidity statement. The pragma line helps CodeHound set the appropriate compiler version for your code.
Example structure:
Main Folder
├── file1.sol
├── file2.sol
└── anotherFile.sol
Each of these files will be treated as independent code files. This means that if one file depends on another, the scan will fail since CodeHound compiles each file individually. Ensure your files can compile independently, or flatten them properly before uploading.
How to Run a Standalone File Scan:
- ZIP up your
.solfiles into a.ziparchive.
An example of a ZIP including 2 independant standalone solidity files can be seen below:
- Upload the ZIP file to CodeHound and submit.
- Upload If the scan succeeded, enjoy!
Project Scans (Hardhat, Truffle, Foundry)
CodeHound also supports full project scans for frameworks like Hardhat, Truffle, and Foundry. When uploading a project, it’s crucial to include the package.json file or other relevant configuration files (e.g., hardhat.config.js or foundry.toml). The package.json file is used to install dependencies on the server-side before compiling the project.
Example structure for a project:
Project Folder
├── contracts/
├── Token.sol
└── somethingElse.sol
├── package.json
├── foundry.toml (or hardhat.config.js in the case of hardhat, typescript is also accepted)
For project scans, CodeHound will install dependencies and compile the code, which may take longer than scanning individual files due to pre-compilation tasks.
How to Run a Project Scan:
- ZIP the entire project folder into a
.ziparchive.
An example of a ZIP including the necessary files (for hardhat in this case) can be seen below:
- Upload the ZIP file to CodeHound.
Alternatively, you can connect CodeHound to your GitHub account and select a repository that has a properly structured project.
Scanning by Smart Contract Address (EVM)
If you have a deployed smart contract on an Ethereum-based blockchain, you can provide the contract’s EVM address. CodeHound will fetch the code from the blockchain, compile it server-side, and run the scan.
How to Run an EVM Address Scan:
- Enter the EVM smart contract address in the provided input field.
- Click Run Scan.
Please note: Not all blockchains are supported. Make sure to check whether the chain you’re using is supported by CodeHound.
By ensuring your code is properly structured and meets the compilation requirements, you can run successful scans and get the most out of CodeHound’s vulnerability detection.