A tool for analyzing Solidity smart contracts to detect zero address validation patterns in constructors, initialize functions, and all functions with address parameters.
- Comprehensive Analysis: Scans individual files or entire directories for
.solfiles - Smart Detection:
- Identifies constructors and initialize functions automatically
- NEW: Analyzes all functions with address parameters using
--all-functionsflag
- Advanced Type Recognition:
- Detects address arrays (
address[],address[] memory,address[] calldata)
- Detects address arrays (
- Zero Address Validation Detection:
- Direct equality checks (
== address(0),!= address(0)) require()statements with zero address validation
- Direct equality checks (
- Detailed Reporting:
- Shows which address arguments are validated with full type information
- Highlights missing validations per argument
- Provides summary statistics
- NEW: Complete function definitions displayed in terminal output
- Multiple Output Formats:
- JSON output without code(
--json) - Summary-only mode (
--summary) - Beautiful colored terminal output for human readability
- JSON output without code(
- Rust 1.86 or later
git clone https://github.com/oakenknight/construstor.git
cd construstor
cargo build --releasecargo install construstorThe binary will be available at target/release/construstor.
Run the tool with a file or directory:
# Analyze only constructors and initialize functions (default)
construstor MyContract.sol
# Analyze ALL functions with address parameters
construstor MyContract.sol --all-functions
# Output in JSON format
construstor MyContract.sol --json
# Show only summary statistics
construstor MyContract.sol --summary
# Combine flags
construstor MyContract.sol --all-functions --json
# Interactive mode (will prompt for path)
construstor--all-functions/-a: Analyze all functions with address parameters, not just constructors and initialize functions--json/-j: Output results in JSON format (excludes code for cleaner output)--summary/-s: Show only summary statistics--help/-h: Display help information--version/-V: Display version information
Constructor and Initialize Functions (Default):
Constructor in MyContract.sol:
π Found 2 address argument(s): address _owner, address _manager
β
Zero address validation found:
β’ Direct address(0) comparison
β’ require() statement with zero address check
β Checking variable: _owner
β Checking variable: _manager
β
All address arguments are validated!
Arguments: address _owner, address _manager
Code:
constructor(address _owner, address _manager) {
require(_owner != address(0), "Owner cannot be zero address");
require(_manager != address(0), "Manager cannot be zero address");
owner = _owner;
manager = _manager;
}
All Functions Analysis (--all-functions):
Function 'setTokens' in MyContract.sol:
π Found 3 address argument(s): address _token, address[] memory _addresses, address _fallback
β
Zero address validation found:
β’ require() statement with zero address check
β Checking variable: _token
β Missing zero address validation for:
β οΈ Argument: _addresses
β οΈ Argument: _fallback
Arguments: address _token, address[] memory _addresses, address _fallback
Code:
function setTokens(address _token, address[] memory _addresses, address _fallback) {
require(_token != address(0), "Token cannot be zero");
// Missing validation for _addresses array and _fallback
}
π Analysis Summary:
Total functions analyzed: 1
Functions with address arguments: 1
Fully validated: 0
Partially validated: 1
Not validated: 0
JSON Output (--json):
[
{
"function_type": "Constructor",
"file_name": "MyContract.sol",
"arguments": "address _owner, address _manager",
"address_arguments": ["_owner", "_manager"],
"validated_variables": ["_owner", "_manager"],
"missing_validations": [],
"validation_types": ["RequireStatement"]
}
]Run the test suite:
cargo testRun tests with verbose output:
cargo test -- --nocaptureconstructor(address _owner, address[] memory _tokens) {
require(_owner != address(0), "Owner cannot be zero");
// Missing validation for _tokens array β
owner = _owner;
tokens = _tokens;
}function initialize(address _hookManager, address _test) external initializer {
require(_hookManager != address(0), "Hook manager cannot be zero address");
if (_test == address(0)) revert("Test cannot be zero address");
// Both arguments validated β
}function setTokenAddresses(
address _primary,
address[] calldata _secondary,
address storage _fallback
) external onlyOwner {
require(_primary != address(0), "Primary cannot be zero");
// Missing validation for _secondary array and _fallback β
primaryToken = _primary;
secondaryTokens = _secondary;
fallbackToken = _fallback;
}The tool now recognizes various address parameter types:
- Simple addresses:
address _owner - Address arrays:
address[] _tokens,address[] memory _list,address[] calldata _external - Storage keywords:
address storage _stored,address memory _temp - Mixed parameters: Functions with both address and non-address parameters
The tool is structured with the following key components:
ConstructorAnalyzer: Core analysis engine with regex-based pattern matchingAnalysisResult: Structured data representing analysis findingsResultPrinter: Pretty-printed output with colors and formatting- Error Handling: Comprehensive error types and propagation
- Testing: Unit tests covering core functionality
- Enhanced Regex:
(address(?:\[\])?(?:\s+memory|\s+storage|\s+calldata)?)\s+(\w+) - Matches:
- Simple:
address _owner,address tokenContract - Arrays:
address[] _tokens,address[] memory _list - Storage:
address storage _stored,address calldata _external
- Simple:
- Constructors:
constructor\s*\((.*?)\)\s*\{(.*?)\} - Initialize Functions:
function\s+initialize\s*\((.*?)\)\s*[^{]*\{(.*?)\} - Regular Functions:
function\s+(\w+)\s*\((.*?)\)\s*[^{]*\{(.*?)\}(with--all-functions)
- Regex:
(\w+)\s*(?:==|!=)\s*address\(0\) - Matches:
_owner == address(0),token != address(0)
- Regex:
(?:require)\s*\(\s*([^,)]+)\s*(?:==|!=)\s*address\(0\) - Matches:
require(_owner != address(0), "message")
This tool helps identify potential security vulnerabilities in smart contracts:
- Zero Address Attacks: Prevent accidental or malicious zero address assignments
- Constructor Security: Ensure critical addresses are validated during deployment
- Upgradeable Contracts: Validate addresses in initialize functions for proxy contracts
- Function Security: With
--all-functions, catch missing validations in all address-handling functions - Array Validation: Detect missing validations for address arrays that could contain zero addresses
0: Analysis completed successfully1: Error occurred during analysis (file not found, invalid syntax, etc.)
The --json flag outputs clean JSON without code blocks, perfect for:
- Automated security reporting
- Integration with other tools
- Dashboard visualization
- Audit trail generation
- Fork the repository
- Create a feature branch:
git checkout -b feature/amazing-feature - Commit your changes:
git commit -m 'Add amazing feature' - Push to the branch:
git push origin feature/amazing-feature - Open a Pull Request
- Add tests for new functionality
- Follow Rust naming conventions
- Update documentation for new features
- Ensure
cargo clippypasses without warnings
- Rust community for excellent tooling and documentation
- Solidity developers for security best practices
- Smart contract auditing community for inspiration
- Special thanks to Wyatt Chamberlin (@elkaholic6) for giving me the idea with his Solidity-constructor-analysis
This project is licensed under the MIT License - see the LICENSE file for details.