Skip to main content

Smart contract security scanner: static analysis + runtime behavioral monitoring + economic impact quantification

Project description

ChainEDR

Smart contract security scanner — static analysis + live behavioral monitoring + economic impact quantification.

pip install -e .
chainedr audit ./contracts/src

Install

git clone https://github.com/zorayrsaroyan/chainedr.git
cd chainedr
pip install -e .

# Optional: Slither + web3 for live monitoring
pip install -e ".[full]"

Requires Python 3.10+.

Commands

Command What it does
chainedr audit <files|dir> Static audit — ranked findings, call graph, economic impact
chainedr blitz <files|dir> BloodHound mode — all scanners → attack graph → guided fuzz
chainedr scan <address> On-chain scan via RPC
chainedr monitor <address> Live behavioral monitoring (block-by-block)
chainedr profile <address> Build behavioral baseline from on-chain history
chainedr hunt <address> Deep zero-day hunting (on-chain)
chainedr xcheck <files|dir> Cross-chain, compiler-bug, gas-griefing, Cairo checks
chainedr taint <dir> Multi-file taint analysis
chainedr bytecode --address <addr> Source-free bytecode analysis
chainedr init Generate .chainedr.toml config in current directory

Quick Start

# Audit a local project
chainedr audit ./contracts/src

# Full attack-surface scan with economic impact
chainedr blitz ./contracts/src

# Audit with minimum severity filter + SARIF output (for GitHub Code Scanning)
chainedr audit ./contracts/src --min-severity HIGH --format sarif -o results.sarif

# Live monitor a deployed contract
chainedr monitor 0xYourContract --rpc-url wss://mainnet.infura.io/ws/v3/KEY

# Build behavioral profile from 500 historical blocks
chainedr profile 0xYourContract --from-rpc http://localhost:8545 --history-size 500

What It Detects

Static Analysis (50+ detectors)

DeFi-specific

  • Stale Chainlink oracle (updatedAt not validated)
  • L2 sequencer uptime not checked before oracle read
  • ERC-4626 share inflation (first-depositor attack)
  • Flash loan callback without reentrancy guard
  • Zero-slippage swaps / Uniswap slot0 price usage
  • Rounding direction in vault withdraw/redeem
  • Permit front-run and missing deadline

Access control & reentrancy

  • Read-only reentrancy (Curve-style)
  • Cross-function reentrancy
  • Unauthorized state-change via delegatecall
  • Missing onlyOwner / role check on critical functions

Core vulnerabilities

  • Integer overflow/underflow (pre-0.8 and unchecked blocks)
  • Silent truncation (uint256 → uint96 without SafeCast)
  • Unchecked low-level .call() return
  • tx.origin authentication
  • Insecure randomness (block.timestamp, blockhash)
  • ABI collision (abi.encodePacked with dynamic types)
  • Signature replay (missing nonce / chainId)
  • Unbounded loops / gas DoS

10 Protocol Invariant Laws (auto-checked)

# Law Catches
1 Lending Borrow without collateral check → bad debt
2 AMM Swap without k-invariant → pool drain
3 Vault Deposit without minShares → inflation attack
4 Bridge Mint without lock proof → unbacked tokens
5 Governance Execute without timelock → flash-loan vote
6 Staking Claim without rewardPerToken update → over-pay
7 Oracle updatedAt not validated → stale price
8 Fee No fee cap → owner can set 100%
9 Liquidation Bonus uncapped → over-liquidation
10 Withdrawal No balance check → over-withdrawal

Economic Impact Estimation

Every HIGH/CRITICAL finding gets an economic impact line:

Economic Impact: Flash loan ~$3,000,000 | gross profit ~$750,000 | gas ~$72 | net ~$749,928 [MEDIUM confidence]

Heuristics per vulnerability type (REENTRANCY, ORACLE, FLASH_LOAN, ACCESS_CONTROL, GOVERNANCE, INTEGER_OVERFLOW). Optional RPC-based live TVL lookup.

Live Behavioral Monitoring

  • Builds a statistical baseline per function (value, gas, external calls, caller age)
  • Flags anomalies in real-time as new blocks arrive
  • WebSocket subscription for zero-latency alerts: --ws-url
  • Classifies alerts: FLASH_LOAN, REENTRANCY, ORACLE, ACCESS_CONTROL

Output Formats

# Markdown report (default)
chainedr audit ./src -o report.md

# JSON (machine-readable, CI pipelines)
chainedr audit ./src --format json -o findings.json

# SARIF (GitHub Code Scanning / VS Code)
chainedr audit ./src --format sarif -o results.sarif

Configuration

chainedr init   # creates .chainedr.toml
[audit]
min_severity = "HIGH"
ignore = ["solc-version", "constable-states"]
mythril = false

[live]
rpc_url = "http://localhost:8545"
default_tvl_usd = 1_000_000

[output]
format = "markdown"
report_path = "audit_report.md"

Architecture

chainedr/
├── hunter.py              # 50+ static detectors
├── static_analyzer.py     # Slither bridge + AST parser
├── protocol_invariants.py # 10 DeFi protocol laws
├── economic_quantifier.py # Economic impact estimates
├── brain.py               # On-chain analysis engine
├── profiler.py            # Behavioral baseline + anomaly detection
├── classifier.py          # Alert classification
├── monitor.py             # Live block subscriber
├── attack_graph.py        # Attack path graph builder
├── guided_fuzzer.py       # Attack-path-guided fuzzer
└── reporter.py            # Multi-format report generator

Optional Integrations

Tool Feature Install
Slither Deep static analysis pip install slither-analyzer
Mythril Symbolic execution pip install mythril
Echidna Property fuzzing crytic/echidna
Halmos Formal verification pip install halmos
Foundry Fork tests + PoC getfoundry.sh

License

AGPL-3.0 — see LICENSE.

SaaS use requires open-sourcing your entire stack under AGPL-3.0 or a commercial license.

Author

Zorayr Saroyan — Smart contract security researcher

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

chainedr-2.0.0.tar.gz (102.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

chainedr-2.0.0-py3-none-any.whl (28.8 kB view details)

Uploaded Python 3

File details

Details for the file chainedr-2.0.0.tar.gz.

File metadata

  • Download URL: chainedr-2.0.0.tar.gz
  • Upload date:
  • Size: 102.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.10

File hashes

Hashes for chainedr-2.0.0.tar.gz
Algorithm Hash digest
SHA256 72fcde05fb7e0de5fba351675e28ad20117839fab23e1e88b69d757992befe64
MD5 aaf9bfeb2dab2d37ea81daf87b392cbc
BLAKE2b-256 b7d724e9a6f0dc745b4402c25fa9957c9e7a007327f8150695f7ff5cdcc7b9a6

See more details on using hashes here.

File details

Details for the file chainedr-2.0.0-py3-none-any.whl.

File metadata

  • Download URL: chainedr-2.0.0-py3-none-any.whl
  • Upload date:
  • Size: 28.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.10

File hashes

Hashes for chainedr-2.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 d4dbe5e5a1a84a83152d1f6b5ddd4de264e087c9c1ead2d92573ec63d31d9180
MD5 6bb6309e853cbeda7316e58283e73e49
BLAKE2b-256 d16142e4afbab5babe04d63169e405605d17b4ebe47ed3387c22b9fd47e6f093

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page