So you have a project involving smart contracts that are being continuously worked on and updated. How do you implement continuous integration to automate testing and auditing of these smart contracts? That is what I am going to cover.
Using an existing MythX CLI tool called we are going to automate test of a specific smart contract every time an automated build is completed by
Step 1— Create a MythX account
First step is create an account at
Step 2 — Open your project config.yaml file
I am assuming you already have your project setup with CircleCi. If not there are plenty of guides on that. Add the following run step.
- run: yarn mythx
Step 3 — Open the project package.json file
We are going to update scripts section to include the MythX command and the dependencies to include .
Install a MythX CLI clientnpm install -D @cleanunicorn/mythos --save
For this example I am using an example but you can use a flattener like for files with imports included. You can automate the flattening as well by including the flatten call in your config.yaml.
Update scripts section of package.json"mythx": "mythos analyze ./test.sol Tokensale"
Step 4 — Configure Circle CI
Now configure CircleCli to environment. Look inside your project settings for environment variables
Select Add Variable to add the MythX credentials:MYTHX_ETH_ADDRESS
MYTHX_PASSWORD
Step 4 — Deploy your new build
When the CircleCI build process calls yarn MythX you should see the console output if it finds any issues. Note that warnings do not stop the build but errors do.
That’s it. Now you have MythX integrated into your automated deployment build!
Note: I haven’t tested all scenarios to know if it will always stop the build if there is an error.
Covering test across multiple smart contracts
You can group multiple smart contracts to check in the package.json using && and multiple scenarios by tagging them in the package.json
Test two smart contracts with “yarn mythx”:
"mythx": "mythos analyze ./test.sol Tokensale && mythos analyze ./token.sol MyToken"
Also skip testing specific smart contract with flag “yarn mythx:nosale”:
"mythx:nosale": "mythos analyze ./token.sol MyToken"
You can add multiple scenarios to your config.yaml and package.json. Depending on what test coverage you want.
Disclaimer: provides a toolset and API for auditing smart contracts but it does not replace or augment getting a professional audit of your smart contracts completed. Any smart contract you publish for public use or even private for that matter should go through a professional audit. These tools are simply a way to help point out common known issues and help avoid them. It may not cover everything which is why any smart contract should go through a professional audit.
Published at Wed, 17 Apr 2019 00:07:53 +0000
