white-hat-scanner 1.0.1

package/src/notifier.ts

@@ -0,0 +1,58 @@
+import { getRedis, log } from './redis'
+import type { ScoredFinding } from './scorer'
+
+const NOTIFY_CHANNEL = 'cca:notify:money-brain'
+const ALERT_DEDUP_TTL_MS = 24 * 60 * 60 * 1000 // 24 hours
+
+/** Returns true if we have already sent an alert for this protocol within the dedup window. */
+async function isRecentlyAlerted(protocolName: string): Promise<boolean> {
+  const redis = getRedis()
+  const raw = await redis.lrange('whiteh:alerts', 0, 99)
+  const cutoff = Date.now() - ALERT_DEDUP_TTL_MS
+  for (const entry of raw) {
+    try {
+      const rec = JSON.parse(entry) as { ts: number; protocol: string }
+      if (rec.protocol === protocolName && rec.ts >= cutoff) return true
+    } catch {}
+  }
+  return false
+}
+
+export async function sendAlert(finding: ScoredFinding): Promise<void> {
+  const redis = getRedis()
+
+  if (await isRecentlyAlerted(finding.protocolName)) {
+    await log(`Alert deduped for ${finding.protocolName} (${finding.riskLevel}) — already alerted within 24h`)
+    return
+  }
+
+  const bountyStr =
+    finding.estimatedBounty > 0
+      ? `$${(finding.estimatedBounty / 1000).toFixed(0)}k`
+      : 'unknown'
+
+  const emoji = finding.riskLevel === 'CRITICAL' ? '🚨' : '⚠️'
+  const message =
+    `${emoji} ${finding.riskLevel} VULN: ${finding.protocolName}\n` +
+    `Estimated bounty: ${bountyStr}\n` +
+    `Slither findings: ${finding.slitherCount}\n` +
+    `Summary: ${finding.disclosureSummary.slice(0, 300)}`
+
+  const payload = JSON.stringify({ text: message })
+
+  await redis.lpush(NOTIFY_CHANNEL, payload)
+
+  // Also track in internal alerts list for health-check queries
+  const alertRecord = JSON.stringify({
+    ts: Date.now(),
+    protocol: finding.protocolName,
+    riskLevel: finding.riskLevel,
+    bounty: finding.estimatedBounty,
+    slitherCount: finding.slitherCount,
+    sourceAvailable: finding.sourceAvailable,
+  })
+  await redis.lpush('whiteh:alerts', alertRecord)
+  await redis.ltrim('whiteh:alerts', 0, 199)
+
+  await log(`Alert sent for ${finding.protocolName} (${finding.riskLevel})`)
+}

package/src/redis.ts

@@ -0,0 +1,31 @@
+import Redis from 'ioredis'
+
+let _redis: Redis | null = null
+
+export function getRedis(): Redis {
+  if (!_redis) {
+    _redis = new Redis(process.env.REDIS_URL || 'redis://localhost:6379', {
+      retryStrategy: (times) => Math.min(times * 500, 5000),
+      maxRetriesPerRequest: null,
+      enableReadyCheck: false,
+    })
+    _redis.on('error', (e) => console.error('[redis]', e.message))
+    _redis.on('connect', () => console.log('[redis] connected'))
+  }
+  return _redis
+}
+
+export async function log(message: string): Promise<void> {
+  const redis = getRedis()
+  const entry = JSON.stringify({ ts: Date.now(), message })
+  await redis.lpush('whiteh:log', entry)
+  await redis.ltrim('whiteh:log', 0, 999)
+  console.log(`[whiteh] ${message}`)
+}
+
+export async function closeRedis(): Promise<void> {
+  if (_redis) {
+    await _redis.quit()
+    _redis = null
+  }
+}

package/src/scorer.ts

@@ -0,0 +1,46 @@
+import type { AnalysisResult } from './analyzer'
+
+export interface ScoredFinding {
+  protocolName: string
+  riskLevel: AnalysisResult['riskLevel']
+  severity: number
+  estimatedBounty: number
+  disclosureSummary: string
+  slitherCount: number
+  needsAlert: boolean
+  sourceAvailable: boolean
+}
+
+const RISK_SCORES: Record<string, number> = {
+  CRITICAL: 10,
+  HIGH: 7,
+  MEDIUM: 4,
+  LOW: 1,
+  UNKNOWN: 0,
+}
+
+export function scoreFindings(result: AnalysisResult): ScoredFinding {
+  const severity = RISK_SCORES[result.riskLevel] ?? 0
+  const slitherBonus = Math.min(result.slitherFindings.length * 0.5, 3)
+  const finalScore = severity + slitherBonus
+
+  // Alert rules:
+  // - Source code must have been reviewed (no speculative architecture assessments)
+  // - CRITICAL requires at least 1 Slither finding to confirm — Claude-only CRITICAL is too noisy
+  // - HIGH without Slither is acceptable (Claude can catch logic issues Slither misses)
+  const needsAlert =
+    result.sourceAvailable &&
+    (result.riskLevel === 'HIGH' ||
+      (result.riskLevel === 'CRITICAL' && result.slitherFindings.length > 0))
+
+  return {
+    protocolName: result.protocolName,
+    riskLevel: result.riskLevel,
+    severity: finalScore,
+    estimatedBounty: result.estimatedBounty,
+    disclosureSummary: result.disclosureSummary,
+    slitherCount: result.slitherFindings.length,
+    needsAlert,
+    sourceAvailable: result.sourceAvailable,
+  }
+}

package/src/submission.ts

@@ -0,0 +1,124 @@
+import { getRedis, log } from './redis'
+import type { AnalysisResult, SlitherStatus } from './analyzer'
+import type { ScoredFinding } from './scorer'
+
+export interface SubmissionDraft {
+  id: string
+  protocolName: string
+  riskLevel: string
+  bounty: number
+  slitherCount: number
+  report: string
+  createdAt: number
+  status: 'pending_review' | 'submitted' | 'rejected'
+}
+
+const NOTIFY_CHANNEL = 'cca:notify:money-brain'
+
+/** Minimum bounty to bother generating an Immunefi submission draft */
+const MIN_BOUNTY_USD = 10_000
+
+/**
+ * Format an Immunefi-style bug report from the Claude analysis summary.
+ * This is a draft for human review — never auto-submitted.
+ */
+function slitherStatusNote(scored: ScoredFinding, status: SlitherStatus): string {
+  if (scored.slitherCount > 0) {
+    return `Slither static analysis confirmed ${scored.slitherCount} HIGH/CRITICAL finding(s).`
+  }
+  switch (status) {
+    case 'compilation_error':
+      return 'Note: Slither could not compile the contracts (likely missing compiler version or unresolved imports). Static analysis results are unavailable; the above is Claude-only analysis. A PoC is required before submission.'
+    case 'unavailable':
+      return 'Note: Slither was not available in this scan environment. Static analysis results are unavailable; the above is Claude-only analysis.'
+    case 'not_applicable':
+      return 'Note: Slither static analysis was not applicable (non-EVM chain or no source code available). The above is Claude-only analysis based on protocol architecture.'
+    case 'success':
+    default:
+      return 'Note: Slither ran successfully but found no HIGH/CRITICAL findings. The above is Claude\'s manual review.'
+  }
+}
+
+export function formatImmunefireport(result: AnalysisResult, scored: ScoredFinding): string {
+  const severity = scored.riskLevel === 'CRITICAL' ? 'Critical' : 'High'
+  const slitherNote = slitherStatusNote(scored, result.slitherStatus ?? 'not_applicable')
+
+  return `# Immunefi Bug Report Draft — ${result.protocolName}
+<!-- AUTO-GENERATED DRAFT — requires human review before submission -->
+<!-- Immunefi portal: https://immunefi.com/bug-bounty/${result.protocolName.toLowerCase().replace(/\s+/g, '-')}/information/ -->
+
+## Severity
+${severity}
+
+## Affected Protocol
+- Name: ${result.protocolName}
+- Chain: ${result.chain ?? 'Ethereum'}
+- TVL at time of report: ${result.tvl != null ? `$${(result.tvl / 1e6).toFixed(1)}M` : 'unknown'}
+
+## Vulnerability Description
+${result.disclosureSummary}
+
+## Static Analysis
+${slitherNote}
+
+## Impact
+A successful exploit could result in loss of funds or protocol compromise. Estimated maximum bounty: $${scored.estimatedBounty.toLocaleString()}.
+
+## Proof of Concept
+<!-- TODO: Add PoC exploit code / transaction trace here before submitting -->
+<!-- Without a PoC, most Immunefi programs will reject the report -->
+
+## Recommended Mitigation
+<!-- TODO: Add specific remediation steps here -->
+
+## References
+- Analysis timestamp: ${new Date(result.scannedAt).toISOString()}
+- Internal disclosure ID: ${result.protocolId}
+`
+}
+
+/**
+ * Generate and store an Immunefi submission draft for a qualifying finding.
+ * Only called for HIGH/CRITICAL findings with real source code and bounty > MIN_BOUNTY_USD.
+ * The draft is stored in Redis for human review — never auto-submitted.
+ */
+export async function generateSubmissionDraft(
+  result: AnalysisResult,
+  scored: ScoredFinding
+): Promise<void> {
+  if (!scored.sourceAvailable) return
+  if (scored.riskLevel !== 'HIGH' && scored.riskLevel !== 'CRITICAL') return
+  if (scored.estimatedBounty < MIN_BOUNTY_USD) return
+
+  const redis = getRedis()
+
+  const report = formatImmunefireport(result, scored)
+
+  const draft: SubmissionDraft = {
+    id: `${result.protocolId}-${Date.now()}`,
+    protocolName: result.protocolName,
+    riskLevel: scored.riskLevel,
+    bounty: scored.estimatedBounty,
+    slitherCount: scored.slitherCount,
+    report,
+    createdAt: Date.now(),
+    status: 'pending_review',
+  }
+
+  await redis.lpush('whiteh:submissions', JSON.stringify(draft))
+  await redis.ltrim('whiteh:submissions', 0, 99)
+
+  // Notify for human review — include the first 400 chars of the report so the reviewer
+  // can decide whether it's worth submitting without opening Redis manually.
+  const preview = report.slice(0, 400).replace(/\n/g, ' ')
+  const notification = JSON.stringify({
+    text:
+      `📋 IMMUNEFI DRAFT READY — ${scored.riskLevel}: ${result.protocolName}\n` +
+      `Bounty: $${(scored.estimatedBounty / 1000).toFixed(0)}k | Slither: ${scored.slitherCount} findings\n` +
+      `Preview: ${preview}\n` +
+      `Full draft: redis-cli LINDEX whiteh:submissions 0`,
+  })
+  await redis.rpush(NOTIFY_CHANNEL, notification)
+
+  await log(`Immunefi submission draft created for ${result.protocolName} (${scored.riskLevel}, bounty: $${scored.estimatedBounty})`)
+}