|
1 | | -# 🛡️ Solidity Security Scanner (AST-Powered) |
| 1 | +# 🛡️ Solidity Security Scanner PRO (GitHub Action) |
2 | 2 |
|
3 | 3 | [](https://github.com/mvmax-dev/solidity-security-scanner/actions/workflows/python-app.yml) |
4 | | -[](https://www.python.org/downloads/release/python-3100/) |
5 | | -[](https://opensource.org/licenses/MIT) |
6 | | -[](http://makeapullrequest.com) |
| 4 | +[](https://github.com/marketplace) |
| 5 | +[](#pro-version--web3-paywall) |
7 | 6 |
|
8 | | -An advanced, open-source static analysis and vulnerability detection engine for Ethereum and Base smart contracts. Built for Web3 security researchers, auditors, and protocol developers to proactively identify and remediate critical attack vectors. |
| 7 | +**Automated Smart Contract Audit**, **DeFi Security**, **Web3 GitHub Action**, **Solidity Auditor**, **Smart Contract Security Bot**. |
9 | 8 |
|
10 | | -## 🌟 Key Features |
11 | | -- **AST-Based Analysis**: Deep structural inspection of Solidity code rather than simple regex matching. |
12 | | -- **False-Positive Suppression**: Advanced validation pipelines to filter out noise and focus on real threats. |
13 | | -- **Automated Bounty Integration**: Seamlessly hooks into Immunefi, CodeHawks, and Sherlock for threat intel. |
14 | | -- **Multi-Vector Detection**: Reentrancy, Oracle Manipulation, Flash Loan vectors, and Unprotected Self-Destructs. |
| 9 | +An advanced, open-source static analysis and AI vulnerability detection engine for Ethereum and Base smart contracts. Built for Web3 security researchers, auditors, and protocol developers. |
15 | 10 |
|
16 | | -## 🚀 Quick Start |
| 11 | +Now available as a seamless **GitHub Action** to automatically secure your Pull Requests! |
17 | 12 |
|
18 | | -### Prerequisites |
19 | | -- Python 3.10+ |
20 | | -- Etherscan/Basescan API Keys (for live contract fetching) |
| 13 | +## 🚀 Quick Start (GitHub Action) |
21 | 14 |
|
22 | | -### Installation |
23 | | -```bash |
24 | | -git clone https://github.com/mvmax-dev/solidity-security-scanner.git |
25 | | -cd solidity-security-scanner |
26 | | -pip install -r requirements.txt |
27 | | -``` |
| 15 | +Add the following workflow to your repository to automatically scan your smart contracts on every Pull Request: |
| 16 | + |
| 17 | +```yaml |
| 18 | +name: "Web3 Security Audit" |
| 19 | +on: [pull_request] |
28 | 20 |
|
29 | | -### Usage |
30 | | -Run the scanner against a live contract on Base: |
31 | | -```bash |
32 | | -python security_scanner.py --address 0xYourContractAddress --chain base |
| 21 | +jobs: |
| 22 | + audit: |
| 23 | + runs-on: ubuntu-latest |
| 24 | + steps: |
| 25 | + - uses: actions/checkout@v3 |
| 26 | + - name: Run Solidity Security Scanner PRO |
| 27 | + uses: mvmax-dev/solidity-security-scanner@main |
| 28 | + with: |
| 29 | + # Optional: Specify your wallet address to unlock AI Validation PRO features |
| 30 | + wallet_address: "0xYourWalletAddress" |
33 | 31 | ``` |
34 | 32 |
|
| 33 | +## 💎 PRO Version & Web3 Paywall |
| 34 | +
|
| 35 | +The basic `Slither` structural analysis is 100% free. |
| 36 | +However, **AI Vulnerability Validation** (which suppresses false positives and detects deep logical flaws) is secured behind a decentralized Web3 Paywall. |
| 37 | + |
| 38 | +**To Unlock PRO:** |
| 39 | +1. Send **50 USDC** on the **Base Network** to `0x0000000000000000000000000000000000000000` (Replace with your actual payment address). |
| 40 | +2. Add your wallet address to the `wallet_address` input in your GitHub workflow. |
| 41 | +3. The Action will query the blockchain via RPC. Once payment is verified, the AI Validator automatically unlocks! |
| 42 | + |
35 | 43 | ## 🏗️ Architecture |
36 | | -The system operates in a 3-phase pipeline: |
37 | | -1. **Ingestion**: `codebase_analyzer.py` fetches and indexes verified smart contract code. |
38 | | -2. **Detection**: `security_scanner.py` applies high-fidelity detection rules. |
39 | | -3. **Validation**: `vulnerability_validator.py` cross-references findings to suppress false positives. |
40 | 44 |
|
41 | | -## 🤝 Contributing |
42 | | -We welcome contributions from the Web3 security community! Please see our [Contributing Guidelines](CONTRIBUTING.md) for details on how to submit Pull Requests. |
| 45 | +1. **Ingestion**: Fetches and indexes verified smart contract code. |
| 46 | +2. **Detection**: Applies high-fidelity detection rules (Reentrancy, MEV vectors, Flash Loans). |
| 47 | +3. **Web3 Paywall**: Verifies your subscription via Base RPC. |
| 48 | +4. **AI Validation**: PRO feature that cross-references findings to suppress false positives. |
43 | 49 |
|
44 | | -## 📜 License |
45 | | -This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details. |
| 50 | +## 🤝 Contributing & Security |
46 | 51 |
|
47 | | ---- |
48 | | -*Developed by Maxwell Voss | Sovereign Security Intelligence* |
| 52 | +Please see our [Contributing Guidelines](CONTRIBUTING.md) and [Security Policy](SECURITY.md). |
| 53 | + |
| 54 | +## 📜 License |
| 55 | +MIT License - see the [LICENSE](LICENSE) file for details. |
0 commit comments