Smart contract security scanner — Slither + ML exploitability prediction
Project description
ChainAudit
Production-grade smart contract security scanner. Upload a Solidity file or zip, get a real-time audit report with risk scores, ML exploitability predictions, and L2/Arbitrum/Optimism-aware findings.
Stack
| Frontend | Next.js 14, TypeScript, Tailwind CSS |
| Backend | FastAPI, Python 3.11 |
| Analysis | Slither, solc-select, CVSS-inspired scoring |
| ML | Random Forest — 88% accuracy (SmartBugs dataset) |
| Auth | Supabase — email, GitHub, Google OAuth |
| Deploy | Vercel + Render |
| CI/CD | GitHub Actions + GitHub Marketplace Action |
GitHub Action
Use ChainAudit in any CI pipeline:
- uses: aizen299/smart-contract-auditor@v1
with:
target: contracts/
fail-on-critical: true
Outputs: risk-score, total-findings, critical-count, high-count, report-path
CLI
cd backend && pip install -e .
chainaudit scan contract.sol # single file
chainaudit scan ./contracts --recursive # directory
chainaudit scan contracts.zip # zip archive
chainaudit scan contract.sol --json # JSON output
chainaudit scan contract.sol --ml-only # skip simulation
Exit code 1 on CRITICAL findings — blocks deployments in CI.
Local Development
# Backend
cd backend
python -m venv .venv && source .venv/bin/activate
pip install -r requirements.txt
uvicorn api:app --reload
# Frontend
cd frontend
npm install && npm run dev
frontend/.env.local
NEXT_PUBLIC_SUPABASE_URL=your_supabase_url
NEXT_PUBLIC_SUPABASE_ANON_KEY=your_supabase_anon_key
NEXT_PUBLIC_API_URL=http://localhost:8000
Docker
cp docker-compose.example.yml docker-compose.yml
docker compose up --build
API
POST /scan — single .sol file
POST /scan/zip — multiple contracts (max 20 files, 5MB)
{
"risk_score": 86,
"total_findings": 6,
"findings": [
{
"title": "Reentrancy",
"severity": "CRITICAL",
"ml_exploitability": "CRITICAL",
"ml_confidence": 0.96,
"occurrences": 7,
"chain": "arbitrum",
"l2_detected": true
}
]
}
Vulnerability Coverage
EVM (all chains) — 16 rules
| Severity | Rules |
|---|---|
| CRITICAL | Reentrancy, Reentrancy with Unlimited Gas, Controlled Delegatecall |
| HIGH | Unchecked Token Transfer, Arbitrary ETH Send, Weak Randomness, tx.origin Auth, Selfdestruct Risk, Access Control, Unchecked Low-level Call |
| MEDIUM | Timestamp Dependence, Unchecked Send, Deprecated Standards |
| LOW | Missing Zero Check, Incorrect Equality, Missing Events, Naming Convention |
L2 / Arbitrum / Optimism — 12 rules
| Severity | Rules |
|---|---|
| CRITICAL | Cross-Chain Replay Attack, Bridge Reentrancy, Proxy Storage Collision, msg.value Misuse |
| HIGH | L2 Block Number Assumption, L2 Timestamp Assumption, Sequencer Dependence, Address Aliasing, Unvalidated Bridge Sender |
| MEDIUM | Force-Include Griefing, Gas Price Assumption, Optimism Deposit Griefing |
L2 rules are auto-detected — the scanner reads contract source for Arbitrum/Optimism identifiers (ArbSys, xDomainMessageSender, IL2Bridge etc.) and injects chain-specific findings automatically.
ML Pipeline
Trained on SmartBugs dataset (143 contracts, 10 vulnerability classes). Random Forest classifier predicts exploitability per finding with a confidence score. 88% accuracy overall — 95% precision on HIGH, 93% on CRITICAL.
Deployment
| Platform | URL | |
|---|---|---|
| Frontend | Vercel | chainaudit.vercel.app |
| Backend | Render | smart-contract-auditor-812q.onrender.com |
| Uptime | UptimeRobot | /health pinged every 5 min |
Roadmap
- 16 EVM vulnerability rules + CVSS scoring
- 12 L2/Arbitrum/Optimism rules with auto-detection
- ML exploitability prediction
- Multi-contract zip scanning
- Supabase auth + scan history
- CLI tool —
chainaudit scan - GitHub Marketplace Action
- Docker, Vercel + Render, CI/CD
- Solana / Rust support
- PyPI —
pip install chainaudit - Monetize — free/pro tiers, Stripe billing
- API keys for enterprise
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file chainaudit-1.0.1.tar.gz.
File metadata
- Download URL: chainaudit-1.0.1.tar.gz
- Upload date:
- Size: 24.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.15
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
728163e1eddc90d9e3c3407c51b8ea4fdfbacb7d166fa629feba84e36a193126
|
|
| MD5 |
12896c0445f9701419cbacaf20129f98
|
|
| BLAKE2b-256 |
f309a5abc4b16ef163494aae63000d54912a0b935df314105bcadd3158f8706d
|
File details
Details for the file chainaudit-1.0.1-py3-none-any.whl.
File metadata
- Download URL: chainaudit-1.0.1-py3-none-any.whl
- Upload date:
- Size: 18.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.15
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
81d741cc409c2fb72c920414ab2a2ecd7884454abc9921f0d91b00f7425121c6
|
|
| MD5 |
fee81a677ef1a3c2828c1064396eb8cf
|
|
| BLAKE2b-256 |
c8b7900b290b99a176d260d41f5b8d38d8ba73b9e3b6c437c9187299639dc452
|
