Skip to main content

Smart contract security scanner: static analysis + runtime behavioral monitoring + economic impact quantification

Project description

ChainEDR

PyPI License: AGPL-3.0 Python 3.10+

Smart contract security scanner — static analysis + live behavioral monitoring + economic impact quantification.

pip install chainedr
chainedr audit ./contracts/src

Install

pip install chainedr

# Optional: Slither + web3 for live monitoring
pip install -e ".[full]"

Requires Python 3.10+.

Commands

Command What it does
chainedr audit <files|dir> Static audit — ranked findings, call graph, economic impact
chainedr blitz <files|dir> BloodHound mode — all scanners → attack graph → guided fuzz
chainedr scan <address> On-chain scan via RPC
chainedr monitor <address> Live behavioral monitoring (block-by-block)
chainedr profile <address> Build behavioral baseline from on-chain history
chainedr hunt <address> Deep zero-day hunting (on-chain)
chainedr xcheck <files|dir> Cross-chain, compiler-bug, gas-griefing, Cairo checks
chainedr taint <dir> Multi-file taint analysis
chainedr bytecode --address <addr> Source-free bytecode analysis
chainedr init Generate .chainedr.toml config in current directory

Quick Start

# Audit a local project
chainedr audit ./contracts/src

# Full attack-surface scan with economic impact
chainedr blitz ./contracts/src

# Audit with minimum severity filter + SARIF output (for GitHub Code Scanning)
chainedr audit ./contracts/src --min-severity HIGH --format sarif -o results.sarif

# Live monitor a deployed contract
chainedr monitor 0xYourContract --rpc-url wss://mainnet.infura.io/ws/v3/KEY

# Build behavioral profile from 500 historical blocks
chainedr profile 0xYourContract --from-rpc http://localhost:8545 --history-size 500

What It Detects

Static Analysis (50+ detectors)

DeFi-specific

  • Stale Chainlink oracle (updatedAt not validated)
  • L2 sequencer uptime not checked before oracle read
  • ERC-4626 share inflation (first-depositor attack)
  • Flash loan callback without reentrancy guard
  • Zero-slippage swaps / Uniswap slot0 price usage
  • Rounding direction in vault withdraw/redeem
  • Permit front-run and missing deadline

Access control & reentrancy

  • Read-only reentrancy (Curve-style)
  • Cross-function reentrancy
  • Unauthorized state-change via delegatecall
  • Missing onlyOwner / role check on critical functions

Core vulnerabilities

  • Integer overflow/underflow (pre-0.8 and unchecked blocks)
  • Silent truncation (uint256 → uint96 without SafeCast)
  • Unchecked low-level .call() return
  • tx.origin authentication
  • Insecure randomness (block.timestamp, blockhash)
  • ABI collision (abi.encodePacked with dynamic types)
  • Signature replay (missing nonce / chainId)
  • Unbounded loops / gas DoS

10 Protocol Invariant Laws (auto-checked)

# Law Catches
1 Lending Borrow without collateral check → bad debt
2 AMM Swap without k-invariant → pool drain
3 Vault Deposit without minShares → inflation attack
4 Bridge Mint without lock proof → unbacked tokens
5 Governance Execute without timelock → flash-loan vote
6 Staking Claim without rewardPerToken update → over-pay
7 Oracle updatedAt not validated → stale price
8 Fee No fee cap → owner can set 100%
9 Liquidation Bonus uncapped → over-liquidation
10 Withdrawal No balance check → over-withdrawal

Economic Impact Estimation

Every HIGH/CRITICAL finding gets an economic impact line:

Economic Impact: Flash loan ~$3,000,000 | gross profit ~$750,000 | gas ~$72 | net ~$749,928 [MEDIUM confidence]

Heuristics per vulnerability type (REENTRANCY, ORACLE, FLASH_LOAN, ACCESS_CONTROL, GOVERNANCE, INTEGER_OVERFLOW). Optional RPC-based live TVL lookup.

Live Behavioral Monitoring

  • Builds a statistical baseline per function (value, gas, external calls, caller age)
  • Flags anomalies in real-time as new blocks arrive
  • WebSocket subscription for zero-latency alerts: --ws-url
  • Classifies alerts: FLASH_LOAN, REENTRANCY, ORACLE, ACCESS_CONTROL

Output Formats

# Markdown report (default)
chainedr audit ./src -o report.md

# JSON (machine-readable, CI pipelines)
chainedr audit ./src --format json -o findings.json

# SARIF (GitHub Code Scanning / VS Code)
chainedr audit ./src --format sarif -o results.sarif

Configuration

chainedr init   # creates .chainedr.toml
[audit]
min_severity = "HIGH"
ignore = ["solc-version", "constable-states"]
mythril = false

[live]
rpc_url = "http://localhost:8545"
default_tvl_usd = 1_000_000

[output]
format = "markdown"
report_path = "audit_report.md"

Architecture

chainedr/
├── hunter.py              # 50+ static detectors
├── static_analyzer.py     # Slither bridge + AST parser
├── protocol_invariants.py # 10 DeFi protocol laws
├── economic_quantifier.py # Economic impact estimates
├── brain.py               # On-chain analysis engine
├── profiler.py            # Behavioral baseline + anomaly detection
├── classifier.py          # Alert classification
├── monitor.py             # Live block subscriber
├── attack_graph.py        # Attack path graph builder
├── guided_fuzzer.py       # Attack-path-guided fuzzer
└── reporter.py            # Multi-format report generator

Optional Integrations

Tool Feature Install
Slither Deep static analysis pip install slither-analyzer
Mythril Symbolic execution pip install mythril
Echidna Property fuzzing crytic/echidna
Halmos Formal verification pip install halmos
Foundry Fork tests + PoC getfoundry.sh

License

AGPL-3.0 — see LICENSE.

SaaS use requires open-sourcing your entire stack under AGPL-3.0 or a commercial license.

Author

Zorayr Saroyan — Smart contract security researcher

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

chainedr-2.0.2.tar.gz (635.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

chainedr-2.0.2-py3-none-any.whl (605.6 kB view details)

Uploaded Python 3

File details

Details for the file chainedr-2.0.2.tar.gz.

File metadata

  • Download URL: chainedr-2.0.2.tar.gz
  • Upload date:
  • Size: 635.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.10

File hashes

Hashes for chainedr-2.0.2.tar.gz
Algorithm Hash digest
SHA256 300e3463794093cd5db10ccbff0aa98ac5ce18b892de47cf145b310402d061d3
MD5 d3246ce1f51d6670f491e3c6699e8705
BLAKE2b-256 661a77abc03a4143436687ded4e0b710ced9acbf5248f90891d2a616e1da9eb0

See more details on using hashes here.

File details

Details for the file chainedr-2.0.2-py3-none-any.whl.

File metadata

  • Download URL: chainedr-2.0.2-py3-none-any.whl
  • Upload date:
  • Size: 605.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.10

File hashes

Hashes for chainedr-2.0.2-py3-none-any.whl
Algorithm Hash digest
SHA256 bee4f7bc7f9949127caa66d0fcdfa1d178ef2d9887be8ba73b7edf6b4ece6fc4
MD5 4e3a169bc104e590c342cb06ad02c553
BLAKE2b-256 d760c8226d6b2fdcfeeaa5126d8461b84c766b5476b4bb7f08e66e47e28c7dc9

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page