fix readme for 50-solidity-security

ben02060848 · Aug 18, 2021 · f3065ea · f3065ea
1 parent 0a0ddb7
commit f3065ea
Show file tree

Hide file tree

Showing 2 changed files with 44 additions and 1 deletion.
diff --git a/basic/50-solidity-security/GraphContract.sol b/basic/50-solidity-security/GraphContract.sol
@@ -0,0 +1,19 @@
+contract GraphContract {
+  uint balance;
+
+  function GraphContract() {
+    Mint(1000000);
+  }
+
+  function Mint(uint amount) internal {
+    balance = amount;
+  }
+
+  function Withdraw() {
+    msg.sender.send(balance);
+  }
+
+  function GetBalance() constant returns(uint) {
+    return balance;
+  }
+}
diff --git a/basic/50-solidity-security/README.md b/basic/50-solidity-security/README.md
@@ -14,7 +14,7 @@ docker pull mythril/myth
 
 - 进行检查 
 ```shell
-docker run -v ${PWD}:/contract mythril/myth analyze  /contract/bec.sol --solv 0.4.25
+docker run -v ${PWD}:/contract mythril/myth analyze  /contract/Overflow_Add.sol --solv 0.4.25
 ```
 
 之后可以得到如下输出
@@ -94,6 +94,30 @@ mythX 是一个付费工具, 支持命令行, vscode 插件等形式进行分析
 总的来说, 毕竟是付费的, 体验还是很不错的 ^_^
 ![安全分析模型](./images/scanResult.png)  
 
+## Solgraph 
+合约中会存在很多的方法, 特别是一些大型商业合约, 方法相互嵌套, 很容易令人迷惑. [SolGraph](https://github.com/raineorshine/solgraph) 就是用于展示合约方法之间相互关系的一个工具, 使用这个这个工具, 可以清晰的展示合约方法之间的调用关系.  
+
+- 安装 solgraph
+```
+yarn global add solgraph
+```
+
+- 安装 graphviz ( 以 macos 为例 )
+```
+brew install graphviz
+```
+
+- 进行分析  
+```
+solgraph GraphContract.sol > GraphContract.dot 
+```
+
+- 转换分析结果为图片  
+```
+dot -Tpng GraphContract.dot -o GraphContract.png
+```
+
+
 ## 参考链接 
 https://learnblockchain.cn/eth/dev/%E5%AE%89%E5%85%A8%E5%88%86%E6%9E%90.html  
 https://zhuanlan.zhihu.com/p/164693789