Tealer is a static analyzer for Teal code. It parses the Teal program, and builds its CFG. The analyzer comes with a set of vulnerabilities detectors and printers allowing to quickly review the contracts.
| Num | Check | What it Detects | Type |
|---|---|---|---|
| 1 | canDelete | Detect paths that can delete the application | Stateful |
| 2 | canUpdate | Detect paths that can update the application | Stateful |
| 3 | groupSize | Detect paths with a missing GroupSize check | StatefulGroup |
| 4 | rekeyTo | Detect paths with a missing RekeyTo check | StatefulGroup |
All the detectors are run by default
- Print CFG (
--print-cfg)
Printers output dot files.
Use xdot to open the files (sudo apt install xdot).
Run
python3 setup.py installWe recommend to install the tool in a virtualenv.
tealer code.tealThe following shows the CFG from algorand/smart-contracts.
git clone https://github.com/algorand/smart-contracts.git
cd smart-contracts
tealer ./devrel/permission-less-voting/vote_opt_out.teal --print-cfg