A smart contract is fundamentally made up of just two components: state variables, which represent the contract's state, and functions, which manipulate the state from one form to another. Sometimes referred to as a "finite state machine" or "state transitions". Essentially, it boils down to having a state and using functions to move that state from one point to another. - MiloTruck

The goal of this feature is to provide an easy way to access all storage variables and public/external state-changing functions, so that an auditor can quickly and easily identify them. Thanks to the generation of the markdown report, they will always be kept in mind and within easy reach during the audit.

Add 2 new commands to Aderyn:

• aderyn UnstoppableVault --auditor-report

  • Print all storage variables of the contract (including inherited ones)
    • Based on forge inspect UnstoppableVault storage --pretty + Visibility column added + removed Contract column
    • Bold variable names for improved readability
  • Print all external/public state-changing functions (including inherited ones) and their modifier (if they have one)
    • Based on forge inspect UnstoppableVault abi --pretty + formatted as table + Modifier column added + removed “function” keyword from the function name + removed all view/pure functions
    • Bold function names for improved readability
  • Generates a Markdown file (auditor-report-UnstoppableVault.md)

• aderyn . --auditor-report

  • All of the above, but for all contracts in one command
  • Generates a Markdown file (auditor-report.md)

Example output: aderyn UnstoppableVault --auditor-report

File: auditor-report-UnstoppableVault.md

# Aderyn Auditor Report

## UnstoppableVault

### Storage Variables

| Name         | Type                                            | Visibility | Slot | Offset | Bytes |
|--------------|-------------------------------------------------|------------|------|--------|-------|
| **owner**        | address                                         | public     | 0    | 0      | 20    |
| **name**         | string                                          | internal   | 1    | 0      | 32    |
| **symbol**       | string                                          | private    | 2    | 0      | 32    |
| **totalSupply**  | uint256                                         | public     | 3    | 0      | 32    |
| **balanceOf**    | mapping(address => uint256)                     | internal   | 4    | 0      | 32    |
| **allowance**    | mapping(address => mapping(address => uint256)) | public     | 5    | 0      | 32    |
| **nonces**       | mapping(address => uint256)                     | private    | 6    | 0      | 32    |
| **_paused**      | bool                                            | internal   | 7    | 0      | 1     |
| **feeRecipient** | address                                         | public     | 7    | 1      | 20    |

### Public/External State-Changing Functions

****| Function                                                                                 | Visibility |  Returns       | Modifier  |
|------------------------------------------------------------------------------------------|------------|----------------|-----------|
| **approve**(address spender, uint256 amount)                                                 | external   | bool           |           |
| **deposit**(uint256 assets, address receiver)                                                | external   | uint256 shares |           |
| **execute**(address target, bytes memory data)                                               | public     |                |           |
| **flashLoan**(address receiver, address _token, uint256 amount, bytes memory data)           | external   | bool           |           |
| **mint**(uint256 shares, address receiver)                                                   | external   | uint256 assets |           |
| **permit**(address owner, address spender, uint256 value, uint256 deadline, uint8 v...       | public     |                |           |
| **redeem**(uint256 shares, address receiver, address owner)                                  | external   | uint256 assets |           |
| **setFeeRecipient**(address _feeRecipient)                                                   | external   |                | onlyOwner |
| **setPause**(bool flag)                                                                      | external   |                | onlyOwner |
| **transfer**(address to, uint256 amount)                                                     | external   | bool           |           |
| **transferFrom**(address from, address to, uint256 amount)                                   | external   | bool           |           |
| **transferOwnership**(address newOwner)                                                      | external   |                | onlyOwner |
| **withdraw**(uint256 assets, address receiver, address owner)                                | external   | uint256 shares |           |

Problems it solves:

• Current feature of Solidity Visual Developer VSCode extension only shows functions of the current contract opened tab (not the inherited functions, and can’t show all entry-points of all contracts in-scope in a single view)

  

• forge inspect UnstoppableVault abi --pretty isn’t easily readable, adds unwanted information, lacks modifiers info and prints view/pure functions

  

• forge inspect UnstoppableVault storage --pretty lacks storage variables visibility and adds a useless Contract column

  

• 2 commands are needed, but even with 2 commands the output isn’t great to have a one-click summary of the entire contract storage variables + public/external state changing functions