Smart contract security scanner — Slither + ML exploitability prediction
Project description
ChainAudit
Smart contract security scanner powered by Slither + ML exploitability prediction.
Requires Python 3.11 or 3.12. Python 3.13 not yet supported on Windows.
Install
pip install chainaudit
Prerequisites:
pip install slither-analyzer
pip install solc-select && solc-select install 0.8.24 && solc-select use 0.8.24
Usage
# Single file
chainaudit scan contract.sol
# Directory
chainaudit scan ./contracts --recursive
# Zip archive
chainaudit scan contracts.zip
# JSON output
chainaudit scan contract.sol --json
# Skip exploit simulation
chainaudit scan contract.sol --ml-only
Exit code 1 if CRITICAL vulnerabilities found — use in CI to block deployments:
chainaudit scan contracts/ --recursive || echo "Vulnerabilities found, blocking deploy"
GitHub Action
- uses: aizen299/smart-contract-auditor@v1
with:
target: contracts/
fail-on-critical: true
What It Detects
EVM (Ethereum, Polygon, BNB Chain...)
| Severity | Examples |
|---|---|
| CRITICAL | Reentrancy, Controlled Delegatecall |
| HIGH | Unchecked Token Transfer, Weak Randomness, tx.origin Auth |
| MEDIUM | Timestamp Dependence, Unchecked Send |
| LOW | Missing Zero Check, Missing Events |
L2 / Arbitrum / Optimism — auto-detected
| Severity | Examples |
|---|---|
| CRITICAL | Cross-Chain Replay Attack, Bridge Reentrancy |
| HIGH | L2 Block Number Assumption, Sequencer Dependence, Address Aliasing |
| MEDIUM | Force-Include Griefing, Gas Price Assumption |
L2 rules activate automatically when the scanner detects Arbitrum/Optimism identifiers (ArbSys, xDomainMessageSender etc.) in the contract source.
ML Predictions
Each finding includes an ML-predicted exploitability score trained on the SmartBugs dataset (143 contracts, 88% accuracy).
{
"title": "Reentrancy",
"severity": "CRITICAL",
"ml_exploitability": "CRITICAL",
"ml_confidence": 0.96
}
Links
- GitHub: aizen299/smart-contract-auditor
- Web app: chainaudit.vercel.app
- Issues: GitHub Issues
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file chainaudit-1.0.4.tar.gz.
File metadata
- Download URL: chainaudit-1.0.4.tar.gz
- Upload date:
- Size: 23.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.15
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0bb62ee61954831ed98d9d2e021a0c37e105daf62030d0004db1ea5b03e2dd2e
|
|
| MD5 |
80a795f695934ea486f6d2b1805bc406
|
|
| BLAKE2b-256 |
6e3056ae3b046acb6280a32cc46f48463d4c5b45f6f9aa85917e3531d6f81b31
|
File details
Details for the file chainaudit-1.0.4-py3-none-any.whl.
File metadata
- Download URL: chainaudit-1.0.4-py3-none-any.whl
- Upload date:
- Size: 17.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.15
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
462b8cd510b9d77937529cd3fd6fca1248362b69815910cc98a2bf2f722eb8c6
|
|
| MD5 |
678cc6ddc00c4390e12e9a84c36fc0de
|
|
| BLAKE2b-256 |
851d092302fbd6175b26f0ca5633c42c6e308855e821c83581ef84e05e7e44b6
|
