Smart contract security scanner: static analysis + runtime behavioral monitoring + economic impact quantification
Project description
ChainEDR
Smart contract security scanner — static analysis + live behavioral monitoring + economic impact quantification.
pip install chainedr
chainedr audit ./contracts/src
Install
pip install chainedr
# Optional: Slither + web3 for live monitoring
pip install -e ".[full]"
Requires Python 3.10+.
Commands
| Command | What it does |
|---|---|
chainedr audit <files|dir> |
Static audit — ranked findings, call graph, economic impact |
chainedr blitz <files|dir> |
BloodHound mode — all scanners → attack graph → guided fuzz |
chainedr scan <address> |
On-chain scan via RPC |
chainedr monitor <address> |
Live behavioral monitoring (block-by-block) |
chainedr profile <address> |
Build behavioral baseline from on-chain history |
chainedr hunt <address> |
Deep zero-day hunting (on-chain) |
chainedr xcheck <files|dir> |
Cross-chain, compiler-bug, gas-griefing, Cairo checks |
chainedr taint <dir> |
Multi-file taint analysis |
chainedr bytecode --address <addr> |
Source-free bytecode analysis |
chainedr init |
Generate .chainedr.toml config in current directory |
Quick Start
# Audit a local project
chainedr audit ./contracts/src
# Full attack-surface scan with economic impact
chainedr blitz ./contracts/src
# Audit with minimum severity filter + SARIF output (for GitHub Code Scanning)
chainedr audit ./contracts/src --min-severity HIGH --format sarif -o results.sarif
# Live monitor a deployed contract
chainedr monitor 0xYourContract --rpc-url wss://mainnet.infura.io/ws/v3/KEY
# Build behavioral profile from 500 historical blocks
chainedr profile 0xYourContract --from-rpc http://localhost:8545 --history-size 500
What It Detects
Static Analysis (50+ detectors)
DeFi-specific
- Stale Chainlink oracle (
updatedAtnot validated) - L2 sequencer uptime not checked before oracle read
- ERC-4626 share inflation (first-depositor attack)
- Flash loan callback without reentrancy guard
- Zero-slippage swaps / Uniswap
slot0price usage - Rounding direction in vault
withdraw/redeem - Permit front-run and missing deadline
Access control & reentrancy
- Read-only reentrancy (Curve-style)
- Cross-function reentrancy
- Unauthorized state-change via delegatecall
- Missing
onlyOwner/ role check on critical functions
Core vulnerabilities
- Integer overflow/underflow (pre-0.8 and unchecked blocks)
- Silent truncation (
uint256 → uint96without SafeCast) - Unchecked low-level
.call()return tx.originauthentication- Insecure randomness (
block.timestamp,blockhash) - ABI collision (
abi.encodePackedwith dynamic types) - Signature replay (missing nonce / chainId)
- Unbounded loops / gas DoS
10 Protocol Invariant Laws (auto-checked)
| # | Law | Catches |
|---|---|---|
| 1 | Lending | Borrow without collateral check → bad debt |
| 2 | AMM | Swap without k-invariant → pool drain |
| 3 | Vault | Deposit without minShares → inflation attack |
| 4 | Bridge | Mint without lock proof → unbacked tokens |
| 5 | Governance | Execute without timelock → flash-loan vote |
| 6 | Staking | Claim without rewardPerToken update → over-pay |
| 7 | Oracle | updatedAt not validated → stale price |
| 8 | Fee | No fee cap → owner can set 100% |
| 9 | Liquidation | Bonus uncapped → over-liquidation |
| 10 | Withdrawal | No balance check → over-withdrawal |
Economic Impact Estimation
Every HIGH/CRITICAL finding gets an economic impact line:
Economic Impact: Flash loan ~$3,000,000 | gross profit ~$750,000 | gas ~$72 | net ~$749,928 [MEDIUM confidence]
Heuristics per vulnerability type (REENTRANCY, ORACLE, FLASH_LOAN, ACCESS_CONTROL, GOVERNANCE, INTEGER_OVERFLOW). Optional RPC-based live TVL lookup.
Live Behavioral Monitoring
- Builds a statistical baseline per function (value, gas, external calls, caller age)
- Flags anomalies in real-time as new blocks arrive
- WebSocket subscription for zero-latency alerts:
--ws-url - Classifies alerts: FLASH_LOAN, REENTRANCY, ORACLE, ACCESS_CONTROL
Output Formats
# Markdown report (default)
chainedr audit ./src -o report.md
# JSON (machine-readable, CI pipelines)
chainedr audit ./src --format json -o findings.json
# SARIF (GitHub Code Scanning / VS Code)
chainedr audit ./src --format sarif -o results.sarif
Configuration
chainedr init # creates .chainedr.toml
[audit]
min_severity = "HIGH"
ignore = ["solc-version", "constable-states"]
mythril = false
[live]
rpc_url = "http://localhost:8545"
default_tvl_usd = 1_000_000
[output]
format = "markdown"
report_path = "audit_report.md"
Architecture
chainedr/
├── hunter.py # 50+ static detectors
├── static_analyzer.py # Slither bridge + AST parser
├── protocol_invariants.py # 10 DeFi protocol laws
├── economic_quantifier.py # Economic impact estimates
├── brain.py # On-chain analysis engine
├── profiler.py # Behavioral baseline + anomaly detection
├── classifier.py # Alert classification
├── monitor.py # Live block subscriber
├── attack_graph.py # Attack path graph builder
├── guided_fuzzer.py # Attack-path-guided fuzzer
└── reporter.py # Multi-format report generator
Optional Integrations
| Tool | Feature | Install |
|---|---|---|
| Slither | Deep static analysis | pip install slither-analyzer |
| Mythril | Symbolic execution | pip install mythril |
| Echidna | Property fuzzing | crytic/echidna |
| Halmos | Formal verification | pip install halmos |
| Foundry | Fork tests + PoC | getfoundry.sh |
License
AGPL-3.0 — see LICENSE.
SaaS use requires open-sourcing your entire stack under AGPL-3.0 or a commercial license.
Author
Zorayr Saroyan — Smart contract security researcher
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file chainedr-2.0.4.tar.gz.
File metadata
- Download URL: chainedr-2.0.4.tar.gz
- Upload date:
- Size: 635.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8c33fa856f5d6d951b868ff5104c14f68b730e01125c644fd6c058ab3bf89f8b
|
|
| MD5 |
7f3ff8aa885c1a96160583a1779adfb3
|
|
| BLAKE2b-256 |
3f085d2ef4b9f7806f6b1f2e4ba0fb1df6cce254e3ccb764c3fd273bcd6ea78c
|
File details
Details for the file chainedr-2.0.4-py3-none-any.whl.
File metadata
- Download URL: chainedr-2.0.4-py3-none-any.whl
- Upload date:
- Size: 605.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ecbc6111acbfa1fcf659a13b600c4fa148cf2ec3691db6e58b1266cb9a67f2cd
|
|
| MD5 |
6678050e56d0e99a4fdffd1ec19f70fc
|
|
| BLAKE2b-256 |
6f42dbe0baeba2393fe77282db03f53680d3e475415210a9ffd3317f42fd0036
|