Skip to content

Updated getting-started.md #48

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Chidwan3578 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Updated getting-started.md #48

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
64 changes: 53 additions & 11 deletions docs/getting-started.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,23 +1,65 @@
# Getting Started with Sanctifier
# Getting Started with Sanctifier 🛡️

Sanctifier provides a suite of tools for securing Stellar Soroban smart contracts through static analysis and formal verification.

## Prerequisites

Before installing Sanctifier, ensure you have the following installed:

1. **Rust**: The industry standard for Soroban development.
* Install via [rustup.rs](https://rustup.rs/).
2. **Soroban CLI**: Required for compiling and interacting with Stellar smart contracts.
* Installation: `cargo install --locked soroban-cli`
3. **Target `wasm32-unknown-unknown`**: Rust target for Wasm.
* Command: `rustup target add wasm32-unknown-unknown`

## Installation

```bash
cargo install --path sanctifier-cli
```
Sanctifier is currently distributed as source code within its monorepo. To install the CLI tool locally:

1. Clone the repository:
```bash
git clone https://github.com/Chidwan3578/Sanctifier.git
cd Sanctifier
```
2. Install the CLI:
```bash
cargo install --path tooling/sanctifier-cli
```

## Running Your First Scan

Navigate to your Soroban contract directory:
Once installed, you can analyze any Soroban project by navigating to its root directory (where `Cargo.toml` is located) and running:

```bash
cd my-soroban-project
sanctifier analyze
```

## Interpreting Results
### Advanced Usage

You can also specify a path to a contract or choose a different output format:

```bash
# Analyze a specific directory
sanctifier analyze ./contracts/my-vulnerable-contract

# Output as JSON for CI/CD integration
sanctifier analyze --format json
```

## Interpreting the Output

When you run a scan, Sanctifier evaluates your code against several security modules:

### 1. Auth Gaps (Authorization) 🔑
Ensures that all state-modifying or privileged functions include the `require_auth()` check. Missing checks can allow unauthorized users to drain funds or corrupt state.

### 2. Storage Collisions 📦
Analyzes storage keys used in `env.storage().instance()`, `persistent()`, and `temporary()`. It flags potential collisions where different data structures might overwrite each other due to identical key derivation.

### 3. Resource Exhaustion (Gas Usage) ⚡
Estimates the instruction count and resource consumption of your functions. This helps prevent "Out of Gas" errors during runtime and ensures your contract is optimized for the network's limits.

---

Sanctifier checks for:
1. **Auth Gaps**: Missing `require_auth` in state-modifying functions.
2. **Storage Collisions**: Identical keys resolving to the same storage slot.
3. **Gas Usage**: Estimates resource consumption.
For more detailed information on specific vulnerabilities, see the documentation in the `docs/` folder.