Experimental multi-chain smart contract auditing, monitoring, and automated repair framework with AI-powered detection and GitHub Actions integration.
Status: Prototype β Not Production-Ready
This project is currently a framework/skeleton. The core detection modules are implemented as placeholders and may return no (or only trivial) results. Do not rely on this project for real-world security audits or production decisions until the detection logic is fully implemented and thoroughly tested.
- EVM Chains: Ethereum, BSC, Polygon, Avalanche, Arbitrum, Optimism, Fantom
- Solana: Full Solana program analysis support
- Extensible architecture for adding new chains
- Bytecode pattern analysis
- Source code vulnerability detection
- Known exploit signature matching
- Risk scoring algorithm
Detects:
- Reentrancy attacks
- Integer overflow/underflow
- Unchecked external calls
- tx.origin authentication
- Unsafe delegatecall
- Unprotected selfdestruct
- Public mint functions
- Contract age analysis
- Deployment frequency monitoring
- Airdrop pattern recognition
- Code similarity detection
- Transfer simulation testing
- Fee structure analysis
- Hidden function detection
- Blacklist mechanism identification
- Ownership manipulation checks
- Recursive deposit tracing
- Fund flow visualization
- Deep wallet activity analysis
- Transaction graph generation
- Risk factor identification
- Auditor Bot: Continuous monitoring (runs every 6 hours)
- Auto-Repair: Automatic vulnerability fixing via PR
- PR Security Audit: Automated security checks on pull requests
- Deep Scan: Comprehensive weekly scans
- Email alerts
- Slack integration
- Telegram bot
- Discord webhooks
- Custom webhook support
# Clone the repository
git clone https://github.com/SolanaRemix/SmartContractAudit.git
cd SmartContractAudit
# Install dependencies
npm install
# Copy environment template
cp .env.example .env
# Edit .env with your API keys and RPC endpoints
nano .env# Basic scan
npm run scan -- --address 0x1234567890123456789012345678901234567890 --chain ethereum
# Scan with specific modules
npm run scan -- --address 0x1234... --chain bsc --modules antivirus,honeypot
# Batch scan from file
npm run scan -- --file addresses.txt --chain polygonnode script/scan.js --address 0x1234... --chain bsc --modules honeypotnode script/scan.js --address 0x1234... --chain ethereum --modules tracer --depth 10node script/scan.js --address 0x1234... --chain ethereum --modules antivirus,spam,honeypot,tracer- Architecture - System design and components
- API Reference - Complete API documentation
- User Guide - Detailed usage instructions
- Development Guide - Contributing and extending
- Configuration - Configuration options
- Workflows - GitHub Actions setup
SmartContractAudit/
βββ auditor/ # Core auditing modules
β βββ antivirus/ # Vulnerability scanner
β βββ spam/ # Spam detector
β βββ honeypot/ # Honeypot detector
β βββ tracer/ # Wallet tracer
β βββ scanner/ # Deep scanner orchestrator
β βββ index.js # Main auditor entry point
βββ contracts/ # Example smart contracts
β βββ ethereum/ # EVM contracts
β βββ solana/ # Solana programs
βββ script/ # Automation scripts
β βββ scan.js # Main scanning script
β βββ notify.js # Notification handler
β βββ repair.js # Auto-repair engine
βββ config/ # Configuration files
β βββ chains.json # Chain configurations
β βββ scanner.json # Scanner settings
β βββ notifications.json
β βββ repair.json
βββ .github/workflows/ # GitHub Actions
βββ docs/ # Documentation
βββ reports/ # Scan reports
Add your RPC endpoints and API keys:
{
"ethereum": {
"rpc": "https://mainnet.infura.io/v3/YOUR_KEY",
"apiKey": "YOUR_ETHERSCAN_KEY"
}
}Customize detection thresholds:
{
"antivirus": {
"threshold": 70,
"patterns": ["reentrancy", "overflow", ...]
}
}See Configuration Guide for complete options.
Go to Settings β Secrets β Actions and add:
ETHEREUM_RPC_URL
BSC_RPC_URL
POLYGON_RPC_URL
SOLANA_RPC_URL
ETHERSCAN_API_KEY
BSCSCAN_API_KEY
SLACK_WEBHOOK
NOTIFICATION_WEBHOOK
Workflows are located in .github/workflows/:
auditor-bot.yml- Continuous monitoringauto-repair.yml- Automated fixespr-audit.yml- PR security checksdeep-scan.yml- Weekly comprehensive scans
Create config/monitored-addresses.txt with addresses to monitor (one per line).
All scan results are saved in the reports/ directory:
reports/json/- JSON format reportsreports/latest.json- Most recent scan- Uploaded as GitHub Actions artifacts
- Create module directory:
auditor/mymodule/ - Implement scanner class with
scan()method - Register in
auditor/index.js - Add configuration to
config/scanner.json - Add tests
- Add chain config to
config/chains.json - Create connector if needed
- Update documentation
See Development Guide for details.
# Run all tests
npm test
# Run specific module tests
npm test -- auditor/antivirus
# With coverage
npm run test:coverageThis tool is designed to detect security vulnerabilities, not exploit them. Always use responsibly and ethically.
- Report security issues privately
- Do not use for malicious purposes
- Respect rate limits and terms of service
- Keep API keys and secrets secure
MIT License - see LICENSE file for details.
Contributions are welcome! Please read CONTRIBUTING.md for guidelines.
- Fork the repository
- Create a feature branch
- Commit your changes
- Push to the branch
- Open a Pull Request
- Issues: GitHub Issues
- Discussions: GitHub Discussions
- Documentation: docs/
If you find this project useful, please consider giving it a star! β
- OpenZeppelin for security best practices
- The Ethereum security community
- All contributors and supporters
Made with β€οΈ by the SmartContractAudit Team