Skip to main content

Smart contract security scanner: static analysis + runtime monitoring + Wake/Semgrep/Slither orchestration

Project description

ChainEDR

PyPI CI License: AGPL-3.0 Python 3.10+

Smart contract security scanner — static analysis + live behavioral monitoring + economic impact quantification.

pip install chainedr
chainedr audit ./contracts/src

Install

pip install chainedr

# Optional: Slither + web3 for live monitoring
pip install -e ".[full]"

Requires Python 3.10+.

Commands

Command What it does
chainedr audit <files|dir> Static audit — ranked findings, call graph, economic impact
chainedr blitz <files|dir> BloodHound mode — all scanners → attack graph → guided fuzz
chainedr scan <address> On-chain scan via RPC
chainedr monitor <address> Live behavioral monitoring (block-by-block)
chainedr profile <address> Build behavioral baseline from on-chain history
chainedr hunt <address> Deep zero-day hunting (on-chain)
chainedr xcheck <files|dir> Cross-chain, compiler-bug, gas-griefing, Cairo checks
chainedr taint <dir> Multi-file taint analysis
chainedr bytecode --address <addr> Source-free bytecode analysis
chainedr init Generate .chainedr.toml config in current directory

Demo

$ chainedr audit VulnerableLending.sol

   _____ _           _       ______ _____  ____
  / ____| |         (_)     |  ____|  __ \|  _ \
 | |    | |__   __ _ _ _ __ | |__  | |  | | |_) |
 | |    | '_ \ / _` | | '_ \|  __| | |  | |  _ <
 | |____| | | | (_| | | | | | |____| |__| | |_) |
  \_____|_| |_|\__,_|_|_| |_|______|_____/|____/
                                                  v2.0.0

============================================================
 Source Code Audit
============================================================
  [OK]  Loaded VulnerableLending.sol
  [OK]  Slither detected — primary analyzer active
  [OK]  solc detected — AST bridge active (zero-FP novel detectors)
  [*]   [VulnerableLending.sol] Slither:0 novel:5 → 3 real, 2 FP
  [*]   Running Hunter deep checks (19 source-level detectors)...

============================================================
 Findings
============================================================

  [MEDIUM] #1: Missing zero-address check for `token` in constructor()
    Location: constructor():L10  |  Category: ZERO_ADDRESS  |  CWE-20
    Parameter `token` (type `address`) is written to state without a
    zero-address guard. Passing address(0) permanently bricks the contract.
    Fix: require(token != address(0), "Zero address");

  [LOW]    #2: Hardcoded 18-decimal assumption in getShares()
    Location: getShares():L27   |  Category: PRECISION     |  CWE-682
    Uses 1e18 scaling with an ERC20 that may not have 18 decimals
    (USDC=6, WBTC=8). 10^12 pricing error possible.
    Fix: query token.decimals() and normalize.

============================================================
 Audit Summary
============================================================
  Contracts analyzed:  1
  Findings:            2 unique (2 FPs filtered)
  MEDIUM: 1  |  LOW: 1
  [OK]  Report saved to audit_report.md (SARIF: audit_report.sarif)

Quick Start

# Audit a local project
chainedr audit ./contracts/src

# Full attack-surface scan with economic impact
chainedr blitz ./contracts/src

# Audit with minimum severity filter + SARIF output (for GitHub Code Scanning)
chainedr audit ./contracts/src --min-severity HIGH --format sarif -o results.sarif

# Live monitor a deployed contract
chainedr monitor 0xYourContract --rpc-url wss://mainnet.infura.io/ws/v3/KEY

# Build behavioral profile from 500 historical blocks
chainedr profile 0xYourContract --from-rpc http://localhost:8545 --history-size 500

What It Detects

Static Analysis (50+ detectors)

DeFi-specific

  • Stale Chainlink oracle (updatedAt not validated)
  • L2 sequencer uptime not checked before oracle read
  • ERC-4626 share inflation (first-depositor attack)
  • Flash loan callback without reentrancy guard
  • Zero-slippage swaps / Uniswap slot0 price usage
  • Rounding direction in vault withdraw/redeem
  • Permit front-run and missing deadline

Access control & reentrancy

  • Read-only reentrancy (Curve-style)
  • Cross-function reentrancy
  • Unauthorized state-change via delegatecall
  • Missing onlyOwner / role check on critical functions

Core vulnerabilities

  • Integer overflow/underflow (pre-0.8 and unchecked blocks)
  • Silent truncation (uint256 → uint96 without SafeCast)
  • Unchecked low-level .call() return
  • tx.origin authentication
  • Insecure randomness (block.timestamp, blockhash)
  • ABI collision (abi.encodePacked with dynamic types)
  • Signature replay (missing nonce / chainId)
  • Unbounded loops / gas DoS

10 Protocol Invariant Laws (auto-checked)

# Law Catches
1 Lending Borrow without collateral check → bad debt
2 AMM Swap without k-invariant → pool drain
3 Vault Deposit without minShares → inflation attack
4 Bridge Mint without lock proof → unbacked tokens
5 Governance Execute without timelock → flash-loan vote
6 Staking Claim without rewardPerToken update → over-pay
7 Oracle updatedAt not validated → stale price
8 Fee No fee cap → owner can set 100%
9 Liquidation Bonus uncapped → over-liquidation
10 Withdrawal No balance check → over-withdrawal

Economic Impact Estimation

Every HIGH/CRITICAL finding gets an economic impact line:

Economic Impact: Flash loan ~$3,000,000 | gross profit ~$750,000 | gas ~$72 | net ~$749,928 [MEDIUM confidence]

Heuristics per vulnerability type (REENTRANCY, ORACLE, FLASH_LOAN, ACCESS_CONTROL, GOVERNANCE, INTEGER_OVERFLOW). Optional RPC-based live TVL lookup.

Live Behavioral Monitoring

  • Builds a statistical baseline per function (value, gas, external calls, caller age)
  • Flags anomalies in real-time as new blocks arrive
  • WebSocket subscription for zero-latency alerts: --ws-url
  • Classifies alerts: FLASH_LOAN, REENTRANCY, ORACLE, ACCESS_CONTROL

Output Formats

# Markdown report (default)
chainedr audit ./src -o report.md

# JSON (machine-readable, CI pipelines)
chainedr audit ./src --format json -o findings.json

# SARIF (GitHub Code Scanning / VS Code)
chainedr audit ./src --format sarif -o results.sarif

Configuration

chainedr init   # creates .chainedr.toml
[audit]
min_severity = "HIGH"
ignore = ["solc-version", "constable-states"]
mythril = false

[live]
rpc_url = "http://localhost:8545"
default_tvl_usd = 1_000_000

[output]
format = "markdown"
report_path = "audit_report.md"

Architecture

chainedr/
├── hunter.py              # 50+ static detectors
├── static_analyzer.py     # Slither bridge + AST parser
├── protocol_invariants.py # 10 DeFi protocol laws
├── economic_quantifier.py # Economic impact estimates
├── brain.py               # On-chain analysis engine
├── profiler.py            # Behavioral baseline + anomaly detection
├── classifier.py          # Alert classification
├── monitor.py             # Live block subscriber
├── attack_graph.py        # Attack path graph builder
├── guided_fuzzer.py       # Attack-path-guided fuzzer
└── reporter.py            # Multi-format report generator

Optional Integrations

Tool Feature Install
Slither Deep static analysis pip install slither-analyzer
Mythril Symbolic execution pip install mythril
Echidna Property fuzzing crytic/echidna
Halmos Formal verification pip install halmos
Foundry Fork tests + PoC getfoundry.sh

License

AGPL-3.0 — see LICENSE.

SaaS use requires open-sourcing your entire stack under AGPL-3.0 or a commercial license.

Author

Zorayr Saroyan — Smart contract security researcher

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

chainedr-2.1.0-py3-none-any.whl (587.7 kB view details)

Uploaded Python 3

File details

Details for the file chainedr-2.1.0-py3-none-any.whl.

File metadata

  • Download URL: chainedr-2.1.0-py3-none-any.whl
  • Upload date:
  • Size: 587.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.10

File hashes

Hashes for chainedr-2.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 11d0fea3aa1084e8cc4b1cad42c794f0ced502ffa126b8a172b5e652d1fa1290
MD5 40714403f3a71ebb97f7240b398b8853
BLAKE2b-256 850f61594d28b52e4d744c0f88e277bef88b53bf86ad83c9fbc5cfee2dd3489f

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page