Skip to main content
Table of contents
Bilal

SOLP: A Stand-alone Solidity Analysis Library

Zellic is proud to announce SOLP, a library for analyzing and transforming Solidity source code
Article heading

Zellic is proud to announce that we’re releasing one of our own internal Solidity tools, code-named SOLP, to the Ethereum community today! It’s a Python library for analyzing and transforming Solidity source code, aimed at both developers and auditors alike.

The project has grown over time to help answer the varied and complex questions our auditors and customers have about their codebases; however, the underlying principle has stayed the same. We need a lightweight, flexible, and easy-to-use source code processor and analyzer.

What Can It Do?

SOLP Overview

SOLP, unlike other solutions to Solidity source-code tooling, doesn’t depend on any external dependencies, including solc. It provides a complete analysis front-end that takes source code and transforms it into an easy-to-use and easy-to-modify AST representation.

The library takes care of the differences between Solidity versions and codebase setup and lets the user focus on implementing their own heuristics, analyses, and code transformers.

We’ve already used SOLP to

  • Power a language server and add IDE IntelliSense support
  • Create reports based on heuristics for cross-contract data flow, directly inferred from source code
  • Highlight and warn auditors about potentially dangerous cross-contract calls
  • Generate full-project outlines for multi-auditor workflows
  • Write scripts for extracting function names and other features from Solidity codebases

And we know it’s possible to build so much more! We’re excited to interact with the community on this one, get feedback, and help progress the project to the next level with input from real developers and auditors.

Get Started!

SOLP comes with installation guides, quickstart examples, documentation containing an API reference, and tutorials on how SOLP’s components work. You can access it here.

The code is now available for free on GitHub, and it couldn’t be easier to get involved and start using it.

We’re excited to see what people will build with SOLP. Internally, it’s an essential component of our Solidity tooling and has proven itself in our security protocols. We hope that by open-sourcing SOLP, we can give back to an ecosystem we believe in and increase the transparency and safety of Solidity smart contracts.

About Us

Zellic specializes in securing emerging technologies. Our security researchers have uncovered vulnerabilities in the most valuable targets, from Fortune 500s to DeFi giants.

Developers, founders, and investors trust our security assessments to ship quickly, confidently, and without critical vulnerabilities. With our background in real-world offensive security research, we find what others miss.

Contact us for an audit that’s better than the rest. Real audits, not rubber stamps.