search
Ctrlk
HomeProfileCodeHawksSoloditUpdraftSupport

CLI Options

Below are options which may be included with the aderyn CLI command.

If you are looking to leverage these options in VS Code extension, please use aderyn.toml file instead, https://cyfrin.gitbook.io/cyfrin-docs/aderyn-vs-code/aderyn.toml-configurationarrow-up-right That makes the configuration persistent for the project. 

aderyn [OPTIONS]

hashtag
aderyn <ROOT>

The root directory of your Solidity project.

Input:

aderyn .

hashtag
--help

Outputs the options and arguments available when using Aderyn.

Rust based Solidity AST analyzer

Usage: aderyn [OPTIONS] [ROOT] [COMMAND]

Commands:
  registry  Browse detector registry
  init      Initialize aderyn.toml in the root directory or in an optional subdirectory
  help      Print this message or the help of the given subcommand(s)

Arguments:
  [ROOT]
          Foundry or Hardhat project root directory (or path to single solidity file)

          [default: .]

Options:
  -s, --src <SRC>
          Path to the source contracts. Used to avoid analyzing libraries, tests or scripts and focus on the contracts.

          In Foundry projects, it's auto-captured by foundry.toml and it's usually not necessary to provide it.

          In a Hardhat project:

          --src=contracts/

  -i, --path-includes <PATH_INCLUDES>
          List of path strings to include, delimited by comma (no spaces).

          It allows to include only one or more specific contracts in the analysis: aderyn -i src/MyContract.sol aderyn -i src/MyContract.sol,src/MyOtherContract.sol

  -x, --path-excludes <PATH_EXCLUDES>
          List of path strings to exclude, delimited by comma (no spaces).

          It allows to exclude one or more specific contracts from the analysis: aderyn -x src/MyContract.sol aderyn -x src/MyContract.sol,src/MyOtherContract.sol

  -o, --output <OUTPUT>
          Desired file path for the final report (will overwrite existing one)

          [default: report.md]

  -l, --lsp
          [BETA] Start Aderyn's LSP server on stdout

      --no-snippets
          Do not include code snippets in the report (reduces report size in large repos)

      --highs-only
          Only use the high detectors

      --stdout
          Print the output to stdout instead of a file

      --skip-cloc
          Skip cloc analysis (line numbers, etc.)

      --skip-update-check
          Skip checking for new versions of Aderyn

      --auditor-mode
          Run in Auditor mode, which only outputs manual audit helpers

  -h, --help
          Print help (see a summary with '-h')

  -V, --version
          Print version

hashtag
-o, --output <OUTPUT>

- The default output is report.md. This can be renamed to anything you'd like. Currently supported formats include Markdown and JSON. JSON is particularly useful in CI/CD pipelines to compile properties from the generated report.

Examples:

hashtag
-s, --src <SOURCE_PATH>

The path to the source contracts folder. If not provided, the ROOT directory will be used.

If your project has a foundry.toml file in the ROOT, then aderyn will obtain this value from it.

Examples based on the below directory structure:

Command:

aderyn --src contracts/

hashtag
-i, --path-includes <PATH_INCLUDES>

A string, or list of strings separated by commas that pertain to the filenames/directories in scope. These are the files/directories that Aderyn will be run on.

Note: strings passed to the scope command are case-sensitive.

Examples will be based on the below repo:

Input:

aderyn -i src/interfaces

Output:

Filepath
nSLOC

src/interfaces/IFlashLoanReceiver.sol

13

src/interfaces/IPoolFactory.sol

4

src/interfaces/ITSwapPool.sol

4

src/interfaces/IThunderLoan.sol

4

Total

25

Input:

aderyn --path-includes Thund

Output:

Filepath
nSLOC

src/interfaces/IThunderLoan.sol

4

src/protocol/ThunderLoan.sol

176

src/upgradedProtocol/ThunderLoanUpgraded.sol

172

Total

352

hashtag
-x, --path-excludes <PATH_EXCLUDE>

the opposite of --path-includes, this will exclude any files or directories that contain the passed string.

Input:

aderyn -x Thunder

Output:

Filepath
nSLOC

src/interfaces/IFlashLoanReceiver.sol

13

src/interfaces/IPoolFactory.sol

4

src/interfaces/ITSwapPool.sol

4

src/protocol/AssetToken.sol

65

src/protocol/OracleUpgradeable.sol

23

Total

109

hashtag
-n, --no-snippets

The default behavior is to include the line number, as well as snippets of code where the vulnerability is detected within the generated report. This can potentially take up a lot of space in the report. This option will disable the snippets, leaving the line number readouts only.

Input (default):

aderyn -i Thunder`

  • Found in src/protocol/ThunderLoan.sol Line: 239

Input (no-snippets):

Output:

  • Found in src/protocol/ThunderLoan.sol Line: 239

hashtag
aderyn --version

Outputs the current version of Aderyn installed

Input:

Output:

aderyn 0.0.13

hashtag
aderyn registry

Output the list of detectors.

Input:

Output:

PreviousQuickstartNextWhat is Aderyn VS Code extension?

Last updated