Skip to content

A static analyzer and linter for the Circom zero-knowledge DSL

License

Notifications You must be signed in to change notification settings

trailofbits/circomspect

Repository files navigation

Circomspect 🔎

Crates.io badge GitHub badge

Circomspect is a static analyzer and linter for the Circom programming language. The codebase borrows heavily from the Rust Circom compiler built by iden3.

Circomspect currently implements a number of analysis passes which can identify potential issues in Circom circuits. It is our goal to continue to add new analysis passes to be able to detect more issues in the future.

Circomspect example image

Installing Circomspect

Circomspect is available on crates.io and can be installed by invoking

  cargo install circomspect

To build Circomspect from source, simply clone the repository and build the project by running cargo build in the project root. To install from source, use

  cargo install --path cli

Running Circomspect

To run Circomspect on a file or directory, simply run

  circomspect path/to/circuit

By default, Circomspect outputs warnings and errors to stdout. To see informational results as well you can set the output level using the --level option. To ignore certain types of results, you can use the --allow option together with the corresponding result ID. (The result ID can be obtained by passing the --verbose flag to Circomspect.)

To output the results to a Sarif file (which can be read by the VSCode Sarif Viewer), use the option --sarif-file.

VSCode example image

Circomspect supports the same curves that Circom does: BN254, BLS12-381, and Goldilocks. If you are using a different curve than the default (BN254) you can set the curve using the command line option --curve.

Analysis Passes

Circomspect implements analysis passes for a number of different types of issues. A complete list, together with a high-level description of each issue, can be found here.