• open the account on etherscan.io
• show the contract code
• show the VerifiedContract source code
• decompile the byte-code. requires vscode-decompiler

• arguments are assigned different colors in the scope of the function

This feature is provided by Inline Bookmarks.

• @audit - <msg> ... flag lines for security review or start a security review discussion
• @audit-ok - <msg> ... flag that a line was checked for security or a security discussion on that line turned out to be a non-issue

• additional information for various keywords (including security notes)

• asm instruction signatures

• Address hover integration via tintinweb.vscode-ethover
  • Open it in etherscan (or whatever you configure)
  • Show address balance in hover (mainnet) (note: might be rate-limited, configure your API key in settings)
  • Download the bytecode and disassemble it.
    • With hover info on instructions
    • Representation of data as ASCII and resolving 4bytes to funcsigs, Color code reflects the type of instruction: stack, memory, storage, arithm., logic, system, environment, …
  • Download the bytecode and show it.
    • With hover info
    • Click to see instruction boundaries
    • Color coded bytes to reflect type of instruction)
  • Show verified contract source (etherscan.io)
  • Show reconstructed contract source from eveem.org
  • Show reconstructed contract source from evm.js
  • run vscode-decompiler to decompile it manually using panoramix (eveem.org) locally

• highlight contract local stateVars (golden box)

• alert on a shadowed variable (red box)

• highlight const stateVar (green box)

• highlight inherited stateVar (blue box Approval)

• surya - interactive graph

• surya - generate report, show inheritance, show AST

• flatten source file with tintinweb.vscode-solidity-flattener (using truffle-flattener)

• surya - ftrace

• UML - auto-generate UML for source-units or specific contracts

• Function Signature Hashes

• library with function parameters T and declarations

• class and events, functions annotated (stateMutability, visibility)

• class and events, functions annotated (stateMutability, visibility)

• inheritance browser - resolves inheritance, only shows inherited names

• extra information (subjective function complexity; accesses stateVar?)

We've been working on a new cockpit view that allows you to navigate large codebases more efficiently. Check out the new    icon in the activity bar to your left.

So, what can you do with it?

• Explore .sol files with the new workspace explorer
• Generate report/graphs for any files/folders selected in the explorer views
  
• Conveniently flatten selected files (selected folders or all files in the top-level view) (Note: truffle-flattener may require an npm install of the project for flattening to work)
• Search for contracts that are likely to be deployed in the system (complete workspace or selected folders)
  
• Context-sensitive views: click into a contract in the editor to list public state-changing methods
  
• Get quick access to extension settings
  

And there is more to come 🙌 stay tuned!

Note: The cockpit view is fully customizable. You can hide both the sidebar menu or any view in the cockpit that you do not need (right-click → hide).

• suggest top level contracts aka "entrypoint contracts" (most derived)
• flatten current (codelens) or all suggested top level contracts (command)
• list all function signatures (human readable or json format)
  
• open remix in external browser

Please refer to the extension's contribution section to show an up-to-date list of commands.

Simple DAO

Vulnerable Contract

Simple DAO

• solidity-va.mode.active .. Enable/Disable all active components of this extension (emergency master-switch).
• Solidity-va.parser.parseImports ... Whether to recursively parse imports or not
• Solidity-va.hover ... Enable or Disable generic onHover information (asm instruction signatures, security notes)
• Solidity-va.deco.statevars ... decorate statevars in code view (golden, green, blue boxes)
• Solidity-va.deco.arguments ... enable/disable or select the mode for semantic highlighting of function arguments. (default: 'enable' = 'color and arrow')
• Solidity-va.deco.argumentsMode ... select the mode for semantic highlighting of function arguments (may require a reload)
• Solidity-va.deco.argumentsSuffix ... a custom Suffix/Symbol that is appended to the decoration when performing semantic highlighting for function arguments
• Solidity-va.outline.enable ... enable/disable outline and symbolprovider
• Solidity-va.outline.decorations ... decorate functions according to state mutability function visibility
• Solidity-va.outline.inheritance.show ... add inherited functions to outline view
• Solidity-va.outline.extras ... annotate functions with extra information (complexity, statevar access)
• Solidity-va.outline.var.storage_annotations ... Whether to show/hide storage annotations for variables in the outline view
• Solidity-va.outline.pragmas.show ... Whether to show/hide pragmas in the outline view
• Solidity-va.outline.imports.show ... Whether to show/hide imports in the outline view
• Solidity-va.diagnostics.import.cdili-json ... Automatically import diagnostic issues from external scanners using the cdili-issue.json format:

  {
    "onInputFile": "contracts/BountiesMetaTxRelayer.sol",
    "atLineNr": "10",
    "ruleType": "code_smell",
    "severity": "major",
    "linterVersion": "0.1",
    "linterName": "maru",
    "message": "State Variable  Default Visibility - It is best practice to set the visibility of state variables explicitly. The default           visibility for \"bountiesContract\" is internal. Other possible visibility values are public and private.",
    "forRule": "State_Variable_Default_Visibility"
  }

• Solidity-va.codelens.enable ... enable/disable codelens support (inline code actions)
• solidity-va.preview.dot ... open dot output in graphviz rendered form
• solidity-va.preview.markdown ... open markdown output in rendered form
• Solidity-va.tools.surya.input.contracts ... Define whether surya should take cached files or all contracts in the workspace as input

Please refer to the extension's contribution section to show an up-to-date list of settings.