Java World Knowledge Sharing Portal: Solidity Ethereum Blockchain Best Practice

Best practise is must for good code quality deliverables. As in java projects we have code analysis tool like SonarQube, BlackDuck, PMD we had code coverage tool like JACOCO same way we have different tools set for Solidiy Ethereum code project.

1- Static and dynamic code analysis tools

Please refer to the this site and you will fine best of quality tools for the same.

https://consensys.github.io/smart-contract-best-practices/security-tools/static-and-dynamic-analysis/

2- For Remix IDE you can also use the remix static analysis plug tool for the same.

https://remix-ide.readthedocs.io/en/latest/static_analysis.html

Click on Activate button.

If Auto run checkbox is checked, analysis will be performed each time a contract is compiled. Uncheck the checkbox if you want to stop this behavior.

Clicking on warning details will highlight the relevant code in the editor.

2- Static VSCode as IDE you can use below url for static code analysis.

https://github.com/ConsenSys/vscode-solidity-auditor

Once installed run the following command in pallets.

I had installed following available plugin for better developer use/assist.

3- Code coverage tool for Solidity. (This is best suit if you are using hardhat framework instead of truffle)

For code coverage in Solidity you can use belwo url.

https://github.com/sc-forks/solidity-coverage

before installation on the above plugin make sure you have installed Hardhat in your system if not installed it using this command.

npm i hardhat

PS C:\Ethereum_workspace\siddhuethreuminfuraproject> npm i hardhat
 
added 216 packages, and audited 583 packages in 3m
 
71 packages are looking for funding
  run `npm fund` for details
 
3 moderate severity vulnerabilities
 
Some issues need review, and may require choosing
a different dependency.
 
Run `npm audit` for details.
npm notice
npm notice New minor version of npm available! 8.15.0 -> 8.19.1
npm notice Changelog: https://github.com/npm/cli/releases/tag/v8.19.1
npm notice Run npm install -g npm@8.19.1 to update!
npm notice

Now execute below command to install solidity-coverage in dev mode in your development machine using

npm install --save-dev solidity-coverage
 
PS C:\Ethereum_workspace\siddhuethreuminfuraproject> npm install --save-dev solidity-coverage
npm WARN deprecated debug@3.2.6: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
 
added 155 packages, and audited 738 packages in 2m
 
102 packages are looking for funding
  run `npm fund` for details
 
3 moderate severity vulnerabilities
 
Some issues need review, and may require choosing
a different dependency.
 
Run `npm audit` for details.
PS C:\Ethereum_workspace\siddhuethreuminfuraproject>
 
 
Note:-
 
PS C:\Ethereum_workspace\siddhuethreuminfuraproject> ./node_modules/.bin/solidity-coverage
 
<img draggable="false" role="img" class="emoji" alt="" src="https://s0.wp.com/wp-content/mu-plugins/wpcom-smileys/twemoji/2/svg/26a0.svg">  solidity-coverage >= 0.7.0 is no longer a shell command. <img draggable="false" role="img" class="emoji" alt="" src="https://s0.wp.com/wp-content/mu-plugins/wpcom-smileys/twemoji/2/svg/26a0.svg">
=============================================================
 
Instead, you should use the plugin produced for your development stack
(like Hardhat) or design a custom workflow using the package API
 
> See https://github.com/sc-forks/solidity-coverage for help with configuration.
 
Thanks! - sc-forks

4- Solhint linter for solidity.

https://github.com/protofire/solhint

to use this install this using below command.

npm install -g solhint

PS C:\Ethereum_workspace\siddhuethreuminfuraproject> npm install -g solhint
 
added 140 packages, and audited 141 packages in 1m
 
3 packages are looking for funding
  run `npm fund` for details
 
found 0 vulnerabilities
PS C:\Ethereum_workspace\siddhuethreuminfuraproject>
 
# verify that it was installed correctly
solhint --version
 
 
PS C:\Ethereum_workspace\siddhuethreuminfuraproject> solhint --version
3.3.7

First initialize a configuration file, if you don’t have one:

solhint --init
 
 
PS C:\Ethereum_workspace\siddhuethreuminfuraproject> solhint --init
Configuration file created!

use blow command to run solhint

PS C:\Ethereum_workspace\siddhuethreuminfuraproject> solhint ‘contracts/SendMoney.sol’

PS C:\Ethereum_workspace\siddhuethreuminfuraproject> solhint ‘contracts/*/.sol’

PS C:\Ethereum_workspace\siddhuethreuminfuraproject> solhint --help
Usage: solhint [options] <file> [...other_files]
 
Linter for Solidity programming language
 
Options:
 
  -V, --version                           output the version number
  -f, --formatter [name]                  report formatter name (stylish, table, tap, unix)
  -w, --max-warnings [maxWarningsNumber]  number of allowed warnings
  -c, --config [file_name]                file to use as your .solhint.json
  -q, --quiet                             report errors only - default: false
  --ignore-path [file_name]               file to use as your .solhintignore
  --fix                                   automatically fix problems
  --init                                  create configuration file for solhint
  -h, --help                              output usage information
 
Commands:
 
  stdin [options]                         linting of source code data provided to STDIN
   
  