README.md
April 22, 2025 · View on GitHub
Sierra Analyzer
Sierra Analyzer is a security toolkit designed for analyzing Sierra files. It includes: a decompiler, a call graph
generator, a control-flow graph generator, and various security detectors.
Important
This repository is no longer maintained. If you have any questions or need further assistance, please contact FuzzingLabs.
- Project structure
- Decompile a Sierra file
- Analyze a remote contract
- Print the contract's Control-Flow Graph
- Print the contract's Callgraph
- Run the detectors
- Use the symbolic execution to generate unit tests
- Improve the decompiler output using LLMs
- Use it as a library
- Use with a Scarb project
Project structure
.
├── doc # Documentation files
├── examples # Sierra & Contrat class samples files
├── lib # sierra-analyzer library
├── bin # Binaries directory containing Sierra decompiler tool (based on sierra-analyzer library) & Tests generator
└── README.md
Decompile a Sierra file
cargo run -- -f <sierra file>
Decompiler output

For a colourless output :
cargo run -- -f <sierra file> --no-color
It it also possible to get a verbose output with more informations :
cargo run -- -f <sierra file> --verbose
Analyze a remote contract
Contracts can be fetched directly from Starknet (Mainnet & Sepolia) by specifying the contract class to analyze :
# Fetch & decompile a contract from starknet mainnet
cargo run -- --remote 0x035ae0fe6ca00fcc8020a6c64503f38bfaf3481ae9a6c8b7daec2f899df735fa
# Fetch & decompile a contract from Sepolia network
cargo run -- --remote 0x01437be408319cdb7524b3e3c52c0e9d80070d8cb85f363d42a7c3c2df5b66b2 --network sepolia -d
Print the contract's Control-Flow Graph
cargo run -- -f ./examples/sierra/fib_array.sierra --cfg
# Output the Control-Flow Graph to a custom folder (default is ./output_cfg)
cargo run -- -f ./examples/sierra/fib_array.sierra --cfg --cfg-output ./test
Print the contract's Callgraph
cargo run -- -f ./examples/sierra/fib_array.sierra --callgraph
# Output the Callgraph to a custom folder (default is ./output_callgraph)
cargo run -- -f ./examples/sierra/fib_array.sierra --callgraph --callgraph-output ./test
# Get the Callgraph of a specific function
cargo run -- -f ./examples/sierra/fib_unary.sierra --callgraph --function 'examples::fib_unary::fib'
Run the detectors
cargo run -- -f ./examples/sierra/fib_array.sierra -d
// Print all available detectors with their description
cargo run -- --detector-help
The documentation for creating a new detector is here
Use the symbolic execution to generate unit tests
1) Using the Tests generator detector
Symbolic execution can be used to generate unit tests for the functions that take felt252 arguments as input.
For example the file symbolic_execution_test.sierra contains a main function that takes four felt252 arguments v0, v1, v2 and v3. The function includes four conditions that check if v0 == 102, v1 == 117, v2 == 122 and v3 == 122 which correspond to the ASCII values for the letters f, u, z, and z, respectively.
When running the detectors we can generate test cases for each path in the function with the Tests generator detector:
cargo run -- -f ./examples/sierra/symbolic_execution_test.sierra -d --detector-names tests
[Testing] Tests generator
- symbolic::symbolic::symbolic_execution_test :
- v0: 102, v1: 0, v2: 0, v3: 0
- v0: 103, v1: 0, v2: 0, v3: 0
- v0: 102, v1: 117, v2: 0, v3: 0
- v0: 0, v1: 118, v2: 0, v3: 0
- v0: 102, v1: 117, v2: 122, v3: 0
- v0: 0, v1: 0, v2: 123, v3: 0
- v0: 102, v1: 117, v2: 122, v3: 122
- v0: 0, v1: 0, v2: 0, v3: 123
2) Using the library
The tests generator can also be used with the library.
Improve the decompiler output using LLMs
Here is a tutorial on how to improve the decompiler output using LLMs.
Use it as a library
It is also possible to use the sierra-analyzer-lib library to decompile serialised or unserialised Sierra files.
Use it with a Scarb project
Tip
There are examples of repositories that uses Scarb in examples/scarb.
First you need to build the project using Scarb :
scarb build
After that, you will need to select the contract you want to work on using the contract flag. If you need to list the available contracts, you can use the --list-contracts option :
sierra-decompiler --scarb --list-contracts
Now, let's say you want to work on one of the contracts whose name is unimpaired_cairo_Overflow, then you can analyse it :
// Run the decompiler
sierra-decompiler --scarb --contract unimpaired_cairo_Overflow
// Generate the control-flow graph
sierra-decompiler --scarb --contract unimpaired_cairo_Overflow --cfg
// Generate the callgraph
sierra-decompiler --scarb --contract unimpaired_cairo_Overflow --callgraph
// Run the detectors
sierra-decompiler --scarb --contract unimpaired_cairo_Overflow -d
Features
- Decompiler
- Control-Flow Graph
- Call Graph
- Informational & Security detectors
- Fetching contracts from Starknet
- Symbolic execution
- Scarb projects support