Skip to main content

Smart contract security scanner: static analysis + runtime behavioral monitoring + economic impact quantification

Project description

ChainEDR

PyPI License: AGPL-3.0 Python 3.10+

Smart contract security scanner — static analysis + live behavioral monitoring + economic impact quantification.

pip install chainedr
chainedr audit ./contracts/src

Install

pip install chainedr

# Optional: Slither + web3 for live monitoring
pip install -e ".[full]"

Requires Python 3.10+.

Commands

Command What it does
chainedr audit <files|dir> Static audit — ranked findings, call graph, economic impact
chainedr blitz <files|dir> BloodHound mode — all scanners → attack graph → guided fuzz
chainedr scan <address> On-chain scan via RPC
chainedr monitor <address> Live behavioral monitoring (block-by-block)
chainedr profile <address> Build behavioral baseline from on-chain history
chainedr hunt <address> Deep zero-day hunting (on-chain)
chainedr xcheck <files|dir> Cross-chain, compiler-bug, gas-griefing, Cairo checks
chainedr taint <dir> Multi-file taint analysis
chainedr bytecode --address <addr> Source-free bytecode analysis
chainedr init Generate .chainedr.toml config in current directory

Quick Start

# Audit a local project
chainedr audit ./contracts/src

# Full attack-surface scan with economic impact
chainedr blitz ./contracts/src

# Audit with minimum severity filter + SARIF output (for GitHub Code Scanning)
chainedr audit ./contracts/src --min-severity HIGH --format sarif -o results.sarif

# Live monitor a deployed contract
chainedr monitor 0xYourContract --rpc-url wss://mainnet.infura.io/ws/v3/KEY

# Build behavioral profile from 500 historical blocks
chainedr profile 0xYourContract --from-rpc http://localhost:8545 --history-size 500

What It Detects

Static Analysis (50+ detectors)

DeFi-specific

  • Stale Chainlink oracle (updatedAt not validated)
  • L2 sequencer uptime not checked before oracle read
  • ERC-4626 share inflation (first-depositor attack)
  • Flash loan callback without reentrancy guard
  • Zero-slippage swaps / Uniswap slot0 price usage
  • Rounding direction in vault withdraw/redeem
  • Permit front-run and missing deadline

Access control & reentrancy

  • Read-only reentrancy (Curve-style)
  • Cross-function reentrancy
  • Unauthorized state-change via delegatecall
  • Missing onlyOwner / role check on critical functions

Core vulnerabilities

  • Integer overflow/underflow (pre-0.8 and unchecked blocks)
  • Silent truncation (uint256 → uint96 without SafeCast)
  • Unchecked low-level .call() return
  • tx.origin authentication
  • Insecure randomness (block.timestamp, blockhash)
  • ABI collision (abi.encodePacked with dynamic types)
  • Signature replay (missing nonce / chainId)
  • Unbounded loops / gas DoS

10 Protocol Invariant Laws (auto-checked)

# Law Catches
1 Lending Borrow without collateral check → bad debt
2 AMM Swap without k-invariant → pool drain
3 Vault Deposit without minShares → inflation attack
4 Bridge Mint without lock proof → unbacked tokens
5 Governance Execute without timelock → flash-loan vote
6 Staking Claim without rewardPerToken update → over-pay
7 Oracle updatedAt not validated → stale price
8 Fee No fee cap → owner can set 100%
9 Liquidation Bonus uncapped → over-liquidation
10 Withdrawal No balance check → over-withdrawal

Economic Impact Estimation

Every HIGH/CRITICAL finding gets an economic impact line:

Economic Impact: Flash loan ~$3,000,000 | gross profit ~$750,000 | gas ~$72 | net ~$749,928 [MEDIUM confidence]

Heuristics per vulnerability type (REENTRANCY, ORACLE, FLASH_LOAN, ACCESS_CONTROL, GOVERNANCE, INTEGER_OVERFLOW). Optional RPC-based live TVL lookup.

Live Behavioral Monitoring

  • Builds a statistical baseline per function (value, gas, external calls, caller age)
  • Flags anomalies in real-time as new blocks arrive
  • WebSocket subscription for zero-latency alerts: --ws-url
  • Classifies alerts: FLASH_LOAN, REENTRANCY, ORACLE, ACCESS_CONTROL

Output Formats

# Markdown report (default)
chainedr audit ./src -o report.md

# JSON (machine-readable, CI pipelines)
chainedr audit ./src --format json -o findings.json

# SARIF (GitHub Code Scanning / VS Code)
chainedr audit ./src --format sarif -o results.sarif

Configuration

chainedr init   # creates .chainedr.toml
[audit]
min_severity = "HIGH"
ignore = ["solc-version", "constable-states"]
mythril = false

[live]
rpc_url = "http://localhost:8545"
default_tvl_usd = 1_000_000

[output]
format = "markdown"
report_path = "audit_report.md"

Architecture

chainedr/
├── hunter.py              # 50+ static detectors
├── static_analyzer.py     # Slither bridge + AST parser
├── protocol_invariants.py # 10 DeFi protocol laws
├── economic_quantifier.py # Economic impact estimates
├── brain.py               # On-chain analysis engine
├── profiler.py            # Behavioral baseline + anomaly detection
├── classifier.py          # Alert classification
├── monitor.py             # Live block subscriber
├── attack_graph.py        # Attack path graph builder
├── guided_fuzzer.py       # Attack-path-guided fuzzer
└── reporter.py            # Multi-format report generator

Optional Integrations

Tool Feature Install
Slither Deep static analysis pip install slither-analyzer
Mythril Symbolic execution pip install mythril
Echidna Property fuzzing crytic/echidna
Halmos Formal verification pip install halmos
Foundry Fork tests + PoC getfoundry.sh

License

AGPL-3.0 — see LICENSE.

SaaS use requires open-sourcing your entire stack under AGPL-3.0 or a commercial license.

Author

Zorayr Saroyan — Smart contract security researcher

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

chainedr-2.0.3.tar.gz (635.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

chainedr-2.0.3-py3-none-any.whl (605.7 kB view details)

Uploaded Python 3

File details

Details for the file chainedr-2.0.3.tar.gz.

File metadata

  • Download URL: chainedr-2.0.3.tar.gz
  • Upload date:
  • Size: 635.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.10

File hashes

Hashes for chainedr-2.0.3.tar.gz
Algorithm Hash digest
SHA256 41afd59a0d16e811c6aa992c632de80a4b7f4255c97e5c7668b6e08ee04aa07e
MD5 f7b9977f691ad6cd2e8e6029be9dc2a5
BLAKE2b-256 1440554c4198cbf724337668478263be9afe2be290a5c120f38a84b92fa3acae

See more details on using hashes here.

File details

Details for the file chainedr-2.0.3-py3-none-any.whl.

File metadata

  • Download URL: chainedr-2.0.3-py3-none-any.whl
  • Upload date:
  • Size: 605.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.10

File hashes

Hashes for chainedr-2.0.3-py3-none-any.whl
Algorithm Hash digest
SHA256 9fce3acd2e07dc43c5c7d79f8440c6aee110ec14d54d2799cd3449b8d2cb13ac
MD5 0112319fb92227faf64e3080874580de
BLAKE2b-256 9686cb27e7e4d2c0faf746e52e7409e6162bfd139bd29114ee333318aefcf67e

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page