🛡️ Smart Contract Vulnerability Scanner

🚀 Live Demo

Check out the project in action here:

A comprehensive smart contract security analysis tool combining static analysis and symbolic execution capabilities for thorough security assessment of Ethereum smart contracts.

📸 Live Preview:

SC.Vulnerability.Scanner.Demo.video.mp4

✨ Key Features

• Static Analysis: Slither-like capabilities including control/data flow analysis and pattern matching.
• Symbolic Execution: Mythril-like path exploration and constraint solving to detect complex attack vectors.
• Interactive Web Interface: Upload contracts, view vulnerability reports, and get security recommendations.
• Detects: Reentrancy, Arithmetic Overflows/Underflows, Access Control Issues, and Gas Inefficiencies.

🛠️ Tech Stack

• Frontend: React, TypeScript
• Backend: Python, Flask/FastAPI
• Target: Solidity Smart Contracts

---

🏗️ System Architecture

A comprehensive smart contract security analysis tool combining static analysis and symbolic execution capabilities for thorough security assessment of Ethereum smart contracts.

System Architecture

+------------------+      +------------------+      +------------------+
|     Frontend     |      |     Backend      |      | Smart Contracts |
|     (React)      |<---->|    (Python)      |<---->|   (Solidity)    |
+------------------+      +------------------+      +------------------+
| • Contract Form  |      | • Static Analysis|      | • AST Analysis  |
| • Results View   |      | • Symbolic Exec  |      | • Vulnerability |
| • Vulnerability  |      | • Detectors      |      |   Patterns      |
|   Dashboard      |      | • API Endpoints  |      | • Test Cases    |
+--------+---------+      +--------+---------+      +--------+--------+
         |                         |                         |
         v                         v                         v
+------------------+      +------------------+      +------------------+
|    External      |      |    Database      |      |   Blockchain    |
|    Services      |      |    (Results)     |      |   Networks      |
+------------------+      +------------------+      +------------------+
| • Code Repos     |      | • Scan History  |      | • Mainnet       |
| • Documentation  |      | • Vulnerabilities|      | • Testnet       |
| • Updates        |      | • Analytics      |      | • Local Node    |
+------------------+      +------------------+      +------------------+

Analysis Flow

Backend Flow

flowchart TB
    A[Contract Input] --> B[Static Analyzer]
    A --> C[Symbolic Executor]
    B --> D[Detectors]
    C --> D
    D --> E[Access Control]
    D --> F[Arithmetic]
    D --> G[Gas]
    D --> H[Reentrancy]
    E & F & G & H --> I[Analysis Results]
    I --> J[API Response]

Loading

Frontend Flow

flowchart TB
    A[Contract Form] --> B[Contract Analysis Page]
    B --> C[Analysis Results]
    C --> D[Vulnerability Report]
    D --> E[Issue Details]
    D --> F[Stats Summary]
    D --> G[Vulnerability Chart]
    E & F & G --> H[Dashboard]
    H --> I[Recent Scans]

style A fill:#f9f,stroke:#333
style H fill:#bbf,stroke:#333

Loading

Features

• Static Analysis (Slither-like capabilities)

  • Control flow analysis
  • Data flow analysis
  • Pattern matching for known vulnerabilities
  • State variable analysis

• Symbolic Execution (Mythril-like capabilities)

  • Path exploration
  • Constraint solving
  • Transaction sequence analysis
  • Attack vector detection

• Web Interface

  • Interactive vulnerability reports
  • Code visualization
  • Audit trail
  • Security recommendations

Project Structure

.
├── backend/                    # Python backend
│   ├── analyzers/             # Analysis engines
│   │   ├── ast_parser.py      # Solidity AST parsing
│   │   ├── static_analyzer.py # Static analysis
│   │   └── symbolic_executor.py # Symbolic execution
│   ├── detectors/             # Vulnerability detectors
│   │   ├── access_control_detector.py
│   │   ├── arithmetic_detector.py
│   │   ├── gas_detector.py
│   │   └── reentrancy_detector.py
│   ├── tests/                 # Test suite
│   │   └── contracts/         # Test contracts
│   ├── app.py                 # Main application
│   └── requirements.txt       # Python dependencies
├── frontend/                  # React frontend
│   ├── src/                  
│   │   ├── components/        # Reusable components
│   │   ├── pages/            # Main application pages
│   │   ├── theme/            # UI theme configuration
│   │   └── utils/            # Helper utilities
│   ├── package.json          # NPM dependencies
│   └── tsconfig.json         # TypeScript config
└── scripts/                  # Utility scripts

Setup

1. Backend Setup

cd backend
python -m venv venv
source venv/bin/activate  # On Windows: venv\Scripts\activate
pip install -r requirements.txt

2. Frontend Setup

cd frontend
npm install

Running the Application

1. Start the Backend

cd backend
python app.py

2. Start the Frontend

cd frontend
npm start

Running Security Scans

1. Using the Web Interface:

   • Navigate to the web UI (default: http://localhost:3000)
   • Upload your smart contract file
   • Click "Analyze Contract"
   • View detailed vulnerability report

2. Using Command Line:

# Start the backend server
cd backend
python app.py

# In another terminal, analyze a contract
curl -X POST -F "file=@path/to/contract.sol" http://localhost:5000/analyze

Supported Vulnerability Types

• Access Control Issues
• Arithmetic Vulnerabilities (Overflow/Underflow)
• Gas Optimization Issues
• Reentrancy Vulnerabilities
• And more...

Development

Running Tests

1. Backend Tests:

cd backend
python -m pytest tests/

2. Frontend Tests:

cd frontend
npm test

Contributing

1. Fork the repository
2. Create a feature branch
3. Make your changes
4. Run the test suite
5. Submit a pull request

License

MIT License

Copyright (c) 2025 Smart Contract Vulnerability Scanner

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files.