Tag
#static-analysis
92 repositories
Repos
A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑
Wake is a Python-based Solidity development and fuzz testing framework with built-in vulnerability detectors for building secure Ethereum dApps.
An ethereum evm bytecode disassembler and static/dynamic analysis tool
Amarna is a static-analyzer and linter for the Cairo programming language.
A static analysis tool for rust, anchor, stylus, and solidity smart contracts.
AI-driven Static Analyzer. Supports Rust and Smart contracts: Solana based on Rust, Ethereum based on Solidity.
MCP server for Slither static analysis of Solidity smart contracts
Code intelligence CLI — function-level dependency graph across 11 languages, 30-tool MCP server for AI agents, complexity metrics, architecture boundary enforcement, CI quality gates, git diff impact with co-change analysis, hybrid semantic search. Fully local, zero API keys required.
SARIF Explorer: A VSCode extension that helps you visualize and triage static analysis results
An EVM-compatible Solidity Smart Contract Storage/Slot Analyzer and Data Extractor.
Scout is an extensible open-source tool intended to assist smart contract developers and auditors detect common security issues and deviations from best practices. Scout audit is the core development on which we extend scout for specific blockchains.
Scout is an extensible open-source tool intended to assist Stellar Soroban smart contract developers and auditors detect common security issues and deviations from best practices.
eBurger is a static analysis tool that provides a way to quickly query and analyze solidity smart contracts.
EVMLiSA: an abstract interpretation-based static analyzer for EVM bytecode
Visual Studio Code integration for Slither, a Solidity static analysis framework
Call graph-based analysis tools for Solidity smart contracts. Visualize contract interactions, generate Foundry tests, analyze storage patterns, and trace execution paths.
We would like to request that all contributors please clone a *fresh copy* of this repository since the September 21st maintenance.
A control-flow graph builder for Solidity smart contracts.
Solidity static analyzer you can talk to. MCP integration for Claude Code, Cursor, and Windsurf.
A complete Web3 security toolkit combining AI-powered token auditing, ML-based deployer reputation scoring, and live Etherscan V2 data. Includes static analysis for rugpull detection, RandomForest reputation modeling, contract-fetching automation, and Solidity on-chain registries for transparent, reproducible security insights.
A lightweight static analysis engine for Solidity smart contracts. Extracts code features, detects dangerous patterns (delegatecall, tx.origin, call.value), computes heuristic risk scores, and classifies contracts into Low/Medium/High risk levels. Includes multiple example vulnerabilities and a clean CLI for rapid security assessment.
🛡️ CLI toolkit for auditing Solana smart contracts. Includes static analysis, IDL-based fuzzing, plugin system, and multi-format reports.
A deep technical article exploring how AI, feature engineering, and static smart-contract analysis uncover rugpull risks before humans detect them. Covers Solidity pattern mining, mint abuse detection, blacklist/fee manipulation signals, ML-inspired scoring models, and how to quantify ERC-20 token scam probability.
A hybrid Solidity + Python security toolkit that analyzes ERC-20 token contracts using static pattern extraction and ML-inspired scoring. Detects mint backdoors, blacklist controls, fee manipulation, trading locks, and rugpull mechanics. Outputs interpretable risk scores, labels, and structured features for deeper analysis.
A practical, research-friendly toolkit demonstrating how Python can read, parse, and analyze Solidity smart contracts using feature-engineering techniques. Extracts structural and security-relevant signals from Solidity code, detects risky patterns, builds interpretable features, and forms the basis for heuristic or ML-driven security analysis.
AI-powered real-time smart contract scanner that connects Machine Learning with Etherscan V2 to analyze newly deployed contracts instantly. Fetches verified Solidity code, performs static risk analysis, computes ML-driven deployer trust scores, and generates full security intelligence pipelines for Web3 threat detection.
The gas-analyzer is a tool for Ethereum developers seeking to enhance the efficiency and gas optimization of their Solidity code by Leveraging pattern matching and AST analysis, it discovers potential optimizations to boost efficiency
AI-powered whitebox penetration testing plugin for Claude Code. 9 languages, 22 skills, 7 autonomous agents. STRIDE threat modeling, OWASP 2025 coverage, polyglot monorepo support.
WALA-based Solidity static analysis. Currently it includes RoundAbout, a tool for inferring rounding direction across functions, expressions, and calls.
A deep technical exploration of how malicious smart-contract developers weaponize fee logic in ERC-20 tokens. Covers dynamic tax flipping, hidden sell traps, fee obfuscation, whitelist-based bypasses, liquidity-drain funnels, attack timelines, forensic analysis, mathematical modeling, and ML-powered detection strategies for tax abuse.
A research-grade tool that analyzes Solidity smart contracts for economic vulnerabilities such as unbounded minting, toxic fee mechanisms, liquidity traps, oracle manipulation, centralized control, and broken financial invariants. Focused on economic correctness, incentive risks, and DeFi system stability.
Bytecode Truth, Not Source is a deep technical exploration of why smart-contract source code cannot be trusted as the ground truth for security. This repository shows how compiler optimizations, hidden assembly, proxies, and unreachable logic make verified Solidity misleading, and why only EVM bytecode reveals actual on-chain behavior.
A research-grade framework for extracting, classifying, and analyzing the “genetic” behavior of smart contract tokens. Identifies economic traits, supply mutations, fee patterns, permission risks, upgradeability vectors, and scam species using a structured gene taxonomy with risk scoring, HTML reports, and token comparison tools.
Qryon — Find security vulnerabilities in seconds. 647+ rules, 28 languages, 10x faster than Semgrep. Free & open source CLI.
GitHub Action for radar - a static analysis tool for rust, anchor, stylus, and solidity smart contracts.
A tool for design pattern recognition on blockchain through static code analysis
Static analysis for Solidity smart contract with properties as symbolic automata.
Service that ranks dependencies per their graph centrality in a given codebase
Static analyzer and formal verifier for Stratis smart contracts
A Solidity Static Analyzer made in Ruby designed to assess smart contracts for code quality, security, and gas optimization issues
SolAnalyzer is a static analyzer for the Solidity programming language, with a focus on finding security bugs.
An advanced Solidity Static Analyser tool designed to identify vulnerabilities in Ethereum smart contracts. Developed during a summer internship at Brunel University.
Automated smart contract security scanner for Web3 · 7 detectors · 4 chains · MVP Ready
🐍 Solidity static analysis and vulnerability testing, written in TypeScript
AI agent skill for Solidity smart contract security auditing
Security analysis platform for Aiken smart contracts on Cardano: 75 detectors, SMT verification, transaction simulation
Local-first repo behavior map generator | read-only mirror of https://codeberg.org/iterabloom/hypergumbo
Solidera is a smart contract security toolkit that analyzes Solidity code for security vulnerabilities, gas optimization, and style compliance.
Scout is an extensible open-source tool intended to assist Substrate developers and auditors detect common security issues and deviations from best practices.
Solidity scanner for Abstract (ZKsync L2). Catches EVM incompatibilities before deployment.
A 10-level hands-on guide to building custom Slither detectors for smart contract auditing. From basic metadata filtering to advanced data-flow and taint analysis.
Production-ready smart contract security platform - 21 integrated analyzers, configurable rules, and professional audit reports.
LLM agent harness for auditing Solidity smart contracts with static analysis, fuzzing, formal verification, and on-chain research
exploring the basics of static code analysis for fun
🏆 Zama Bounty S2 winner. AI coding-agent skill for Zama fhEVM — Claude Code, Cursor, Windsurf. 20 anti-patterns + 12-rule linter; cut agent fhEVM mistakes 15→0 in A/B tests. MIT. · 🏆 Zama 赏金赛道 S2 获奖。Zama fhEVM 的 AI agent skill — Claude Code、Cursor、Windsurf,20 条 anti-pattern + 12 规则 linter,A/B 实测错误 15→0。MIT。
A modular, extensible, and pythonic static analyzer for Solidity smart contracts. Designed for creativity, efficiency, and beauty.
ThreadGuard is a static analysis tool built to detect and stratify concurrency bugs in C++ codebases. Originally developed to analyze Monero code, it generalizes to support broader detection of threading issues in multithreaded applications.
A powerful static analysis tool for Solana smart contracts written in Rust. Detect vulnerabilities, security issues, and code quality problems in your Solana/Anchor projects.
Foundry-native Solidity Language Features for VS Code and Cursor
Pattern-based Solidity vulnerability scanner - detects reentrancy, tx.origin, unchecked calls, and more without solc compilation. TRC20: TEwbbfoUtQTTfQFFD6fbLcnSD7tdrdpRx6
Reaper: dead code detection engine for Bitcoin witness scripts. Static analysis of transaction witnesses to identify inscription envelopes, unreachable code, fake pubkeys, and excess data.
An EVM-compatible Solidity Smart Contract Storage/Slot Analyzer and Data Extractor.
Ethereum smart contract security scanner using AST analysis and advanced risk scoring to detect rug-pull and control risks.
AI-powered Solidity audit workbench integrating static analysis with OpenAI, Gemini, and Claude. Identify, verify, and remediate smart contract vulnerabilities in a modern web interface.
Approval workflow for upgradeable smart contract changes.
Static analysis tool for EIP-7702 delegate contract security vulnerabilities.
Assignment 2 for Penetration Testing — Advanced Blockchain Security assessment of the UnstoppableVault smart contract (Damn Vulnerable DeFi v4) using Slither, Foundry, Mythril, Manticore, and Echidna. 48 vulnerabilities identified including 2 HIGH severity findings (arbitrary transferFrom & controlled delegatecall).
CLI and HTTP application for running static analysis of rust-based smart contracts