Smart contract security scanner for EVM and Solana
Project description
ChainAudit
Smart contract security scanner — Solidity, Solana/Rust, and L2/Arbitrum/Optimism support.
Install
Mac / Linux / Ubuntu
pip install chainaudit
pip install slither-analyzer
pip install solc-select
solc-select install 0.8.24
solc-select use 0.8.24
# Optional — for Solana/Rust scanning
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
cargo install cargo-audit
Windows
Requires Python 3.12. Download from python.org — check "Add Python to PATH" during install. Python 3.13 not yet supported on Windows.
pip install chainaudit
pip install slither-analyzer
pip install solc-select
solc-select install 0.8.24
solc-select use 0.8.24
If on a college/office network, use mobile hotspot for installation.
Usage
chainaudit scan contract.sol # Solidity file
chainaudit scan program.rs # Solana/Rust program
chainaudit scan ./contracts --recursive # directory
chainaudit scan contracts.zip # zip archive
chainaudit scan contract.sol --json # JSON output
chainaudit scan contract.sol --ml-only # skip simulation
chainaudit --version # show version
Exit code 1 if CRITICAL vulnerabilities found — blocks deployments in CI.
GitHub Action
- uses: aizen299/smart-contract-auditor@v1
with:
target: contracts/
fail-on-critical: true
What It Detects
EVM (Ethereum, Polygon, BNB Chain...)
| Severity | Examples |
|---|---|
| CRITICAL | Reentrancy, Controlled Delegatecall |
| HIGH | Unchecked Token Transfer, Weak Randomness, tx.origin Auth |
| MEDIUM | Timestamp Dependence, Unchecked Send |
| LOW | Missing Zero Check, Missing Events |
L2 / Arbitrum / Optimism — auto-detected
| Severity | Examples |
|---|---|
| CRITICAL | Cross-Chain Replay Attack, Bridge Reentrancy |
| HIGH | L2 Block Number Assumption, Sequencer Dependence, Address Aliasing |
| MEDIUM | Force-Include Griefing, Gas Price Assumption |
Solana / Rust
| Severity | Examples |
|---|---|
| CRITICAL | Missing Signer Check, Arbitrary CPI, Missing Owner Check |
| HIGH | Integer Overflow, Unsafe Rust Code, CPI Reentrancy, Insecure Randomness |
| MEDIUM | Missing Rent Exemption, PDA Seeds Not Validated |
| LOW | Missing Freeze Authority, Deprecated Anchor Patterns |
Detected via cargo-audit (CVE scanning) + pattern scanning on .rs source files.
ML Predictions
Each finding includes an ML-predicted exploitability score (SmartBugs dataset, 88% accuracy).
{
"title": "Reentrancy",
"severity": "CRITICAL",
"ml_exploitability": "CRITICAL",
"ml_confidence": 0.96,
"chain": "arbitrum"
}
Links
- GitHub: aizen299/smart-contract-auditor
- Web app: chainaudit.vercel.app
- Issues: GitHub Issues
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file chainaudit-1.2.5.tar.gz.
File metadata
- Download URL: chainaudit-1.2.5.tar.gz
- Upload date:
- Size: 627.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.15
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c2d359609914ac319b929fa331b5e10c1305a5a9fb3d835e79e34532217acc33
|
|
| MD5 |
6c1de559f7ce7a985dd5b36a9851e853
|
|
| BLAKE2b-256 |
41948a012c8eae2ae617a79220cc3892109416edc6c8aa8d0c4fad30adace3aa
|
File details
Details for the file chainaudit-1.2.5-py3-none-any.whl.
File metadata
- Download URL: chainaudit-1.2.5-py3-none-any.whl
- Upload date:
- Size: 642.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.15
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6ba84a925288867789bb8257f4bbe76e00153962676657a1e69df69417db47fe
|
|
| MD5 |
604e33364299ae475ec5e682a0bfc34f
|
|
| BLAKE2b-256 |
e34888ad1bcaa3397bc830772806e88a927d9e4869ba7b2374b77433f71d4d1c
|
