Thoth

Thoth (pronounced "taut" or "toss") is a security toolkit for Cairo/Starknet. Written in Python 3, it includes analyzers, disassemblers, and decompilers. Thoth is capable of generating call graphs, control-flow graphs (CFG), and data-flow graphs for Sierra files or Cairo/Starknet compilation artifacts. It also features tools like a symbolic execution engine and a symbolic bounded model checker.

Features

  • Remote & Local Analysis: Works with contracts on Mainnet/Goerli and local compilations.

  • Decompiler: Transforms assembly into decompiled code using SSA (Static Single Assignment).

  • Call Flow Analysis: Generates Call Flow Graphs.

  • Static Analysis: Conducts various types of analyses (security/optimization/analytics) on contracts.

  • Symbolic Execution: Finds variable values for specific paths in functions and generates test cases.

  • Data Flow Analysis: Produces Data Flow Graphs (DFG) for each function.

  • Disassembler: Converts bytecode to assembly.

  • Control Flow Analysis: Creates Control Flow Graphs (CFG).

  • Cairo Fuzzer Inputs: Generates inputs for Cairo fuzzer.

  • Sierra Files Analysis: Analyzes Sierra files.

  • Sierra Files Symbolic Execution: Performs symbolic execution on Sierra files.

  • Symbolic Bounded Model Checker: Functions as a symbolic bounded model checker.

    thoth

Installation

Install Thoth using the following commands:

sudo apt install graphviz
git clone https://github.com/FuzzingLabs/thoth && cd thoth
pip install .
thoth -h