Integrating static analysis in smart-contract development tools

Nomadic Labs is looking for an Integrating static analysis in smart-contract development tools intern. Tutors: Alexandre Doussot, Guillaume Bau, Mehdi Bouaziz A smart contract is a distributed a

Nomadic Labs is looking for an Integrating static analysis in smart-contract development tools intern.

Tutors: Alexandre Doussot, Guillaume Bau, Mehdi Bouaziz

A smart contract is a distributed application that is deployed on a blockchain to ad-minister rules and automate tasks. Thus: smart contracts are how blockchains are made programmable.
Unfortunately, a smart contract may be impossible – or at least very inconvenient – to change once it is deployed. Errors in smart contracts have led to the theft or blockage of the tokens they administer, often representing large amounts of value (e.g. as money or important certificates).
As such, the correctness and security of smart contracts is critical, both to the users of specific smart contracts (“Do I trust this smart contract with my money?”), and to the viability and value of blockchain platforms overall (“Do smart contracts on this blockchain have a good reputation?”).
Several projects focuses on helping dApps developers improve the code quality and security of their smart-contracts written in Michelson, Tezos’ smart-contract language, by means of static analysis: – CIAOPP – Tezla – Mopsa – Helmholtz
On the other hand, dApps developers often use higher-level, more developer-friendly languages, such as Ligo, Smartpy, Morley, Archetype, that are compiled to Michelson.

Goals

This internship aims to make state-of-the-art static analysis tools for Michelson more accessible to Tezos dApps developers by integrating them into the Tezos development environment, both for programming directly in Michelson and also for users of higher-level languages.
Specifically the intern will:
  • define a generic interface to have results of static analysis shown in Michelson development tools, probably based on LSP or SARIF;
  • extend this interface to translate results on Michelson to results on higher-level languages, in collaboration with developers of these languages; and
  • pick a static analysis tool and a development tool, implement this integration, and collect feedback on how to improve it.
A stretch goal will be to set up a static-analysis-as-a-service server to allow developers to benefit from these tools online and without a local install.

Requirements

Interest in helping developers build secure software, knowledge in OCaml and Javascript are required.

Internship Context

You will work at the Nomadic Labs’ offices in Paris.
Participating in a large scale open-source project you will have to rapidly learn to use collaborative tools (Git, merge request, issues, gitlab, continuous integration, documentation) and to communicate about your work. The final results might be presented at an international conference or workshop.
You will have a designated advisor at Nomadic Labs and will have to work independently and to propose thoroughly-considered solutions to the different problems you will have to solve. You will be encouraged to seek advice from members of the team.

Intellectual Property

All material produced (essays, documentation, code, etc.) will be released under an open source license (e.g. MIT or CC).

➡️ If you don’t meet all the criteria above, but think you can still be an asset to us, please consider applying.