Skip to content

Commit 1bc4de5

Browse files
author
Maxwell Voss
committed
feat: transform to Web3 monetized SaaS GitHub Action
1 parent edde9b2 commit 1bc4de5

6 files changed

Lines changed: 185 additions & 34 deletions

File tree

Dockerfile

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
FROM python:3.11-slim
2+
3+
# Install solc and system dependencies
4+
RUN apt-get update && apt-get install -y \
5+
software-properties-common \
6+
git \
7+
curl \
8+
jq \
9+
&& rm -rf /var/lib/apt/lists/*
10+
11+
# Install python dependencies
12+
COPY requirements.txt /app/requirements.txt
13+
RUN pip install --no-cache-dir -r /app/requirements.txt
14+
RUN pip install --no-cache-dir web3 slither-analyzer
15+
16+
# Copy the scanner code
17+
COPY . /app
18+
WORKDIR /app
19+
20+
# The entrypoint script
21+
COPY entrypoint.sh /entrypoint.sh
22+
RUN chmod +x /entrypoint.sh
23+
24+
ENTRYPOINT ["/entrypoint.sh"]

README.md

Lines changed: 41 additions & 34 deletions
Original file line numberDiff line numberDiff line change
@@ -1,48 +1,55 @@
1-
# 🛡️ Solidity Security Scanner (AST-Powered)
1+
# 🛡️ Solidity Security Scanner PRO (GitHub Action)
22

33
[![Security Scanner CI](https://github.com/mvmax-dev/solidity-security-scanner/actions/workflows/python-app.yml/badge.svg)](https://github.com/mvmax-dev/solidity-security-scanner/actions/workflows/python-app.yml)
4-
[![Python 3.10+](https://img.shields.io/badge/python-3.10+-blue.svg)](https://www.python.org/downloads/release/python-3100/)
5-
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
6-
[![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg)](http://makeapullrequest.com)
4+
[![Marketplace](https://img.shields.io/badge/GitHub-Marketplace-blue)](https://github.com/marketplace)
5+
[![Web3 Paywall](https://img.shields.io/badge/Payment-Crypto_USDC-green)](#pro-version--web3-paywall)
76

8-
An advanced, open-source static analysis and vulnerability detection engine for Ethereum and Base smart contracts. Built for Web3 security researchers, auditors, and protocol developers to proactively identify and remediate critical attack vectors.
7+
**Automated Smart Contract Audit**, **DeFi Security**, **Web3 GitHub Action**, **Solidity Auditor**, **Smart Contract Security Bot**.
98

10-
## 🌟 Key Features
11-
- **AST-Based Analysis**: Deep structural inspection of Solidity code rather than simple regex matching.
12-
- **False-Positive Suppression**: Advanced validation pipelines to filter out noise and focus on real threats.
13-
- **Automated Bounty Integration**: Seamlessly hooks into Immunefi, CodeHawks, and Sherlock for threat intel.
14-
- **Multi-Vector Detection**: Reentrancy, Oracle Manipulation, Flash Loan vectors, and Unprotected Self-Destructs.
9+
An advanced, open-source static analysis and AI vulnerability detection engine for Ethereum and Base smart contracts. Built for Web3 security researchers, auditors, and protocol developers.
1510

16-
## 🚀 Quick Start
11+
Now available as a seamless **GitHub Action** to automatically secure your Pull Requests!
1712

18-
### Prerequisites
19-
- Python 3.10+
20-
- Etherscan/Basescan API Keys (for live contract fetching)
13+
## 🚀 Quick Start (GitHub Action)
2114

22-
### Installation
23-
```bash
24-
git clone https://github.com/mvmax-dev/solidity-security-scanner.git
25-
cd solidity-security-scanner
26-
pip install -r requirements.txt
27-
```
15+
Add the following workflow to your repository to automatically scan your smart contracts on every Pull Request:
16+
17+
```yaml
18+
name: "Web3 Security Audit"
19+
on: [pull_request]
2820

29-
### Usage
30-
Run the scanner against a live contract on Base:
31-
```bash
32-
python security_scanner.py --address 0xYourContractAddress --chain base
21+
jobs:
22+
audit:
23+
runs-on: ubuntu-latest
24+
steps:
25+
- uses: actions/checkout@v3
26+
- name: Run Solidity Security Scanner PRO
27+
uses: mvmax-dev/solidity-security-scanner@main
28+
with:
29+
# Optional: Specify your wallet address to unlock AI Validation PRO features
30+
wallet_address: "0xYourWalletAddress"
3331
```
3432
33+
## 💎 PRO Version & Web3 Paywall
34+
35+
The basic `Slither` structural analysis is 100% free.
36+
However, **AI Vulnerability Validation** (which suppresses false positives and detects deep logical flaws) is secured behind a decentralized Web3 Paywall.
37+
38+
**To Unlock PRO:**
39+
1. Send **50 USDC** on the **Base Network** to `0x0000000000000000000000000000000000000000` (Replace with your actual payment address).
40+
2. Add your wallet address to the `wallet_address` input in your GitHub workflow.
41+
3. The Action will query the blockchain via RPC. Once payment is verified, the AI Validator automatically unlocks!
42+
3543
## 🏗️ Architecture
36-
The system operates in a 3-phase pipeline:
37-
1. **Ingestion**: `codebase_analyzer.py` fetches and indexes verified smart contract code.
38-
2. **Detection**: `security_scanner.py` applies high-fidelity detection rules.
39-
3. **Validation**: `vulnerability_validator.py` cross-references findings to suppress false positives.
4044

41-
## 🤝 Contributing
42-
We welcome contributions from the Web3 security community! Please see our [Contributing Guidelines](CONTRIBUTING.md) for details on how to submit Pull Requests.
45+
1. **Ingestion**: Fetches and indexes verified smart contract code.
46+
2. **Detection**: Applies high-fidelity detection rules (Reentrancy, MEV vectors, Flash Loans).
47+
3. **Web3 Paywall**: Verifies your subscription via Base RPC.
48+
4. **AI Validation**: PRO feature that cross-references findings to suppress false positives.
4349

44-
## 📜 License
45-
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
50+
## 🤝 Contributing & Security
4651

47-
---
48-
*Developed by Maxwell Voss | Sovereign Security Intelligence*
52+
Please see our [Contributing Guidelines](CONTRIBUTING.md) and [Security Policy](SECURITY.md).
53+
54+
## 📜 License
55+
MIT License - see the [LICENSE](LICENSE) file for details.

action.yml

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,28 @@
1+
name: 'Automated Smart Contract Auditor Pro'
2+
description: 'AI-powered smart contract scanner with Web3 validation logic to secure DeFi/Web3 PRs.'
3+
author: 'Maxwell VOSS'
4+
branding:
5+
icon: 'shield'
6+
color: 'blue'
7+
8+
inputs:
9+
contract_address:
10+
description: 'The smart contract address or file to scan (optional, if omitted it scans the whole repo)'
11+
required: false
12+
default: ''
13+
wallet_address:
14+
description: 'Your Web3 wallet address to unlock AI Validation Pro features via crypto payment'
15+
required: false
16+
default: ''
17+
rpc_url:
18+
description: 'RPC URL for Base or Polygon to verify the subscription on-chain'
19+
required: false
20+
default: 'https://mainnet.base.org'
21+
22+
runs:
23+
using: 'docker'
24+
image: 'Dockerfile'
25+
args:
26+
- ${{ inputs.contract_address }}
27+
- ${{ inputs.wallet_address }}
28+
- ${{ inputs.rpc_url }}

entrypoint.sh

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
#!/bin/bash
2+
set -e
3+
4+
CONTRACT_ADDRESS=$1
5+
WALLET_ADDRESS=$2
6+
RPC_URL=$3
7+
8+
echo "=========================================================="
9+
echo "🛡️ Starting Automated Smart Contract Auditor Pro"
10+
echo "=========================================================="
11+
12+
export WALLET_ADDRESS
13+
export RPC_URL
14+
15+
if [ -z "$CONTRACT_ADDRESS" ]; then
16+
echo "Scanning entire repository workspace..."
17+
python /app/security_scanner.py --workspace ${GITHUB_WORKSPACE}
18+
else
19+
echo "Scanning specific contract: $CONTRACT_ADDRESS"
20+
python /app/security_scanner.py --address $CONTRACT_ADDRESS
21+
fi

paywall/verify_subscription.py

Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,48 @@
1+
import os
2+
import sys
3+
import json
4+
from web3 import Web3
5+
6+
# Define the expected payment contract (e.g., an ERC20 token or an NFT subscription contract on Base)
7+
PAYMENT_CONTRACT_ADDRESS = "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913" # USDC on Base (example)
8+
REQUIRED_BALANCE = 50 * 10**6 # 50 USDC (6 decimals)
9+
MY_WALLET = "0x0000000000000000000000000000000000000000" # Replace with real dev wallet
10+
11+
# Minimal ERC20 ABI for balance check
12+
ERC20_ABI = json.loads('[{"constant":true,"inputs":[{"name":"_owner","type":"address"}],"name":"balanceOf","outputs":[{"name":"balance","type":"uint256"}],"type":"function"}]')
13+
14+
def verify_subscription(user_wallet: str, rpc_url: str) -> bool:
15+
if not user_wallet or not rpc_url:
16+
print("[PAYWALL] No wallet or RPC provided. Access to AI Validation PRO denied.")
17+
return False
18+
19+
try:
20+
w3 = Web3(Web3.HTTPProvider(rpc_url))
21+
if not w3.is_connected():
22+
print(f"[PAYWALL] Failed to connect to RPC: {rpc_url}")
23+
return False
24+
25+
user_wallet = w3.to_checksum_address(user_wallet)
26+
contract = w3.eth.contract(address=w3.to_checksum_address(PAYMENT_CONTRACT_ADDRESS), abi=ERC20_ABI)
27+
28+
balance = contract.functions.balanceOf(user_wallet).call()
29+
30+
if balance >= REQUIRED_BALANCE:
31+
print(f"[PAYWALL] Subscription verified for {user_wallet}. AI Validation PRO unlocked!")
32+
return True
33+
else:
34+
print(f"[PAYWALL] Wallet {user_wallet} does not have the required Pro subscription balance.")
35+
print(f"[PAYWALL] Required: {REQUIRED_BALANCE / 10**6} USDC. Found: {balance / 10**6} USDC.")
36+
return False
37+
except Exception as e:
38+
print(f"[PAYWALL] Verification error: {e}")
39+
return False
40+
41+
if __name__ == "__main__":
42+
wallet = os.environ.get("WALLET_ADDRESS", "")
43+
rpc = os.environ.get("RPC_URL", "https://mainnet.base.org")
44+
45+
if verify_subscription(wallet, rpc):
46+
sys.exit(0) # Success
47+
else:
48+
sys.exit(1) # Paywall blocked

security_scanner.py

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -755,6 +755,29 @@ def scan_contract(contract_address: str) -> None:
755755
"slither_findings": slither_findings_for_packager,
756756
"scan_timestamp": datetime.now(timezone.utc).isoformat(),
757757
}
758+
759+
# --- WEB3 SAAS PAYWALL LOGIC ---
760+
try:
761+
from paywall.verify_subscription import verify_subscription
762+
wallet = os.environ.get("WALLET_ADDRESS", "")
763+
rpc = os.environ.get("RPC_URL", "https://mainnet.base.org")
764+
has_pro = verify_subscription(wallet, rpc)
765+
except Exception:
766+
has_pro = False
767+
768+
if has_pro:
769+
output["ai_validation"] = "✅ PRO feature unlocked! Running AI Validation..."
770+
try:
771+
from vulnerability_validator import VulnerabilityValidator
772+
validator = VulnerabilityValidator(workspace)
773+
val_res = validator.validate_contract(contract_address)
774+
output["ai_validation_results"] = val_res
775+
except Exception as e:
776+
output["ai_validation_error"] = str(e)
777+
else:
778+
output["ai_validation"] = "🔒 AI Validation is locked. Pay 50 USDC on Base Network to unlock Deep AI Audits."
779+
output["payment_link"] = "https://pay.mvmax-dev.org"
780+
output["wallet_required"] = "Set WALLET_ADDRESS in Action inputs to verify your subscription."
758781
sys.stdout.write(json.dumps(output) + "\n")
759782
sys.stdout.flush()
760783

0 commit comments

Comments
 (0)