Real-time vulnerability monitoring and auto-remediation for Vyper smart contracts

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for preethamak from gravatar.com preethamak

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: preethamak
  • Tags blockchain , security , smart-contracts , static-analysis , vulnerability-scanner , vyper
  • Requires: Python >=3.10
  • Provides-Extra: all , monitor , remediation , vyper
Classifiers
Report project as malware

Project description

Vyper Guard

Vyper Guard is a lightweight static security analyzer for Vyper smart contracts. It scans .vy files and highlights insecure patterns, logic risks, and best-practice violations before deployment.

The goal is to give developers quick feedback directly from the terminal while writing contracts.

License: MIT Python 3.10+ PyPI

Installation

Install the CLI globally using pip:

pip install vyper-guard

Verify installation:

vyper-guard --help

If installed correctly, the CLI help menu will appear.

Basic Usage

Analyze a single contract:

vyper-guard analyze contract.vy

Example:

vyper-guard analyze vault.vy

Analyze a Folder

Scan all Vyper contracts inside a directory:

vyper-guard analyze contracts/

The tool will recursively scan all .vy files.

Output Formats

# Rich terminal output (default)
vyper-guard analyze contract.vy

# JSON report
vyper-guard analyze contract.vy --format json --output report.json

# Markdown report
vyper-guard analyze contract.vy --format markdown --output report.md

Example Output

========================================
VYPER GUARD SECURITY REPORT
========================================

File: vault.vy

Security Score: 14 / 100
Risk Level: CRITICAL
Recommendation: DO NOT DEPLOY

----------------------------------------
Severity Breakdown
----------------------------------------

CRITICAL : 2
HIGH     : 3
MEDIUM   : 2
LOW      : 1

----------------------------------------
Findings
----------------------------------------

[CRITICAL] Reentrancy vulnerability
Line: 42
Issue:
External call happens before state update.

Fix:
Follow Checks-Effects-Interactions pattern
or use @nonreentrant.

----------------------------------------

[HIGH] Unsafe raw_call usage
Line: 42
Issue:
raw_call used without proper checks.

Fix:
Validate return value or avoid raw_call.

What Vyper Guard Detects

Security Issues

  • Reentrancy risks
  • Unsafe raw_call
  • Delegatecall misuse
  • Unprotected selfdestruct
  • Unprotected state modification
  • Unchecked subtraction / integer overflow

Logic & Best Practices

  • Checks-Effects-Interactions violations
  • Timestamp dependence
  • Value transfers inside loops
  • Missing reentrancy guards
  • Missing event emission
  • Known compiler version bugs

Detectors

# Detector Severity What It Finds
1 missing_nonreentrant CRITICAL External functions with value transfers but no @nonreentrant
2 unsafe_raw_call HIGH raw_call() without return value checks
3 missing_event_emission LOW State-changing functions that emit no event
4 timestamp_dependence LOW block.timestamp used in conditional logic
5 integer_overflow HIGH unsafe_add, unsafe_sub, unsafe_mul, unsafe_div usage
6 unprotected_selfdestruct CRITICAL selfdestruct() without access control
7 dangerous_delegatecall HIGH raw_call() with is_delegate_call=True
8 unprotected_state_change HIGH Writes to sensitive state without msg.sender check
9 send_in_loop HIGH send() / raw_call() inside for loops
10 unchecked_subtraction HIGH self.x -= amount without overflow guard
11 cei_violation HIGH External call before state update
12 compiler_version_check HIGH / INFO Known Vyper compiler CVEs (GHSA-5824, GHSA-vxmm)

Security Score

Each contract receives a 0-100 security score.

Score Grade Meaning
90-100 A+ Production ready
75-89 A Minor fixes needed
60-74 B Review required
45-59 C Risky - major fixes needed
< 45 F Do not deploy

The score decreases based on detected vulnerability severity:

Severity Penalty per finding
CRITICAL -40
HIGH -20
MEDIUM -8
LOW -3
INFO -1

Each severity tier is capped to prevent a single category from dominating the score.

CLI Commands

Command Description
vyper-guard analyze <file> Scan a contract for vulnerabilities
vyper-guard analyze <file> --fix Scan and auto-fix vulnerabilities
vyper-guard stats <file> Show contract structure and complexity
vyper-guard diff <file1> <file2> Compare security posture of two contracts
vyper-guard detectors List all available detectors
vyper-guard init Create a .guardianrc config file
vyper-guard monitor <address> Live-monitor a deployed contract
vyper-guard baseline <address> Build normal-behaviour baseline
vyper-guard version Show version and environment info

What To Do After a Scan

After running Vyper Guard:

  1. Review all CRITICAL issues first.
  2. Fix HIGH severity vulnerabilities before deployment.
  3. Improve MEDIUM and LOW issues to increase security score.
  4. Re-run the scan until the contract reaches a safe score.

Recommended minimum score for production: 80+

Typical Workflow

1. Write Vyper contract
2. Run vyper-guard analyze contract.vy
3. Fix reported vulnerabilities
4. Re-run scan
5. Deploy when score is acceptable

Auto-Remediation

vyper-guard analyze contract.vy --fix

This will:

  1. Run all detectors
  2. Generate fixes (decorators, guards, events, pragmas)
  3. Show a unified diff for each fix
  4. Write patched code to contract.fixed.vy
  5. Prompt before overwriting the original

Live Monitoring

# Monitor a deployed contract
vyper-guard monitor 0xAddr --rpc https://mainnet.infura.io/v3/KEY

# Build a baseline first
vyper-guard baseline 0xAddr --rpc https://rpc.url --duration 300

# Monitor with Slack alerts
vyper-guard monitor 0xAddr --rpc https://rpc.url \
  --alert-webhook https://hooks.slack.com/...

Requires: pip install vyper-guard[monitor]

CI Mode

vyper-guard analyze contract.vy --ci --severity-threshold HIGH

Exit code 1 if any findings match or exceed the threshold - use in GitHub Actions or any CI pipeline.

Pre-commit Hook

Add to .pre-commit-config.yaml:

repos:
  - repo: https://github.com/preethamak/vyper
    rev: v0.3.0
    hooks:
      - id: vyper-guard

Every commit touching .vy files will be scanned automatically.

Example Vulnerability Fix

Bad pattern:

raw_call(msg.sender, b"", value=balance)
self.balances[msg.sender] = 0

Safer pattern:

self.balances[msg.sender] = 0
raw_call(msg.sender, b"", value=balance)

Or use a reentrancy guard:

@nonreentrant("lock")

Limitations

Vyper Guard performs pattern-based static analysis.

This means:

  • It detects known risky patterns
  • It does not compile or execute contracts
  • Some complex vulnerabilities may require manual review

Disclaimer

Vyper Guard helps identify common vulnerabilities but does not guarantee contract security.

Always combine automated scanning with manual audits before deploying smart contracts.

License

MIT

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for preethamak from gravatar.com preethamak

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: preethamak
  • Tags blockchain , security , smart-contracts , static-analysis , vulnerability-scanner , vyper
  • Requires: Python >=3.10
  • Provides-Extra: all , monitor , remediation , vyper
Classifiers

Release history Release notifications | RSS feed

0.3.9

0.3.8

0.3.7

0.3.6

0.3.5

0.3.4

0.3.3

0.3.2

0.3.1

This version

0.3.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

vyper_guard-0.3.0.tar.gz (342.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

vyper_guard-0.3.0-py3-none-any.whl (73.6 kB view details)

Uploaded Python 3

File details

Details for the file vyper_guard-0.3.0.tar.gz.

File metadata

  • Download URL: vyper_guard-0.3.0.tar.gz
  • Upload date:
  • Size: 342.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.9.27 {"installer":{"name":"uv","version":"0.9.27","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Garuda Linux","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}

File hashes

Hashes for vyper_guard-0.3.0.tar.gz
Algorithm Hash digest
SHA256 36b41968c0f6e7032a43f0c9132a12d1b7319086b0c8243cec445c0f3dd4926a
MD5 40168ea5936875d6b27b03b7b69ae48a
BLAKE2b-256 7fe803af890ad08b6162f2b5fe3aed15210e9f34b4ac8be86840631f215d7e19

See more details on using hashes here.

File details

Details for the file vyper_guard-0.3.0-py3-none-any.whl.

File metadata

  • Download URL: vyper_guard-0.3.0-py3-none-any.whl
  • Upload date:
  • Size: 73.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.9.27 {"installer":{"name":"uv","version":"0.9.27","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Garuda Linux","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}

File hashes

Hashes for vyper_guard-0.3.0-py3-none-any.whl
Algorithm Hash digest
SHA256 89dcdf236d8c5341096ec8899fed9d1a8edba159d7885b6eebc3c7d5984361c2
MD5 889cbfdd869c8ecc2807940874b6ecb7
BLAKE2b-256 acf42dc95a7742c0c5504c0750553cf0a10f3a3e63f42feecdb3a12cf8dc0427

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page