chainaudit 1.0.1__tar.gz

chainaudit-1.0.1/PKG-INFO

@@ -0,0 +1,194 @@
+Metadata-Version: 2.4
+Name: chainaudit
+Version: 1.0.1
+Summary: Smart contract security scanner — Slither + ML exploitability prediction
+Home-page: https://github.com/aizen299/smart-contract-auditor
+Author: Aditya Raina
+Author-email: rainaaditya58@gmail.com
+License: MIT
+Project-URL: Live, https://chainaudit.vercel.app
+Project-URL: Source, https://github.com/aizen299/smart-contract-auditor
+Keywords: solidity smart-contract security audit slither ethereum arbitrum optimism
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Operating System :: OS Independent
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Quality Assurance
+Requires-Python: >=3.11
+Description-Content-Type: text/markdown
+Requires-Dist: rich
+Requires-Dist: scikit-learn==1.4.0
+Requires-Dist: pandas==2.2.0
+Requires-Dist: numpy==1.26.4
+Requires-Dist: joblib==1.3.2
+Dynamic: author
+Dynamic: author-email
+Dynamic: classifier
+Dynamic: description
+Dynamic: description-content-type
+Dynamic: home-page
+Dynamic: keywords
+Dynamic: license
+Dynamic: project-url
+Dynamic: requires-dist
+Dynamic: requires-python
+Dynamic: summary
+
+# ChainAudit
+
+Production-grade smart contract security scanner. Upload a Solidity file or zip, get a real-time audit report with risk scores, ML exploitability predictions, and L2/Arbitrum/Optimism-aware findings.
+
+
+---
+
+## Stack
+
+| | |
+|---|---|
+| Frontend | Next.js 14, TypeScript, Tailwind CSS |
+| Backend | FastAPI, Python 3.11 |
+| Analysis | Slither, solc-select, CVSS-inspired scoring |
+| ML | Random Forest — 88% accuracy (SmartBugs dataset) |
+| Auth | Supabase — email, GitHub, Google OAuth |
+| Deploy | Vercel + Render |
+| CI/CD | GitHub Actions + GitHub Marketplace Action |
+
+---
+
+## GitHub Action
+
+Use ChainAudit in any CI pipeline:
+
+```yaml
+- uses: aizen299/smart-contract-auditor@v1
+  with:
+    target: contracts/
+    fail-on-critical: true
+```
+
+Outputs: `risk-score`, `total-findings`, `critical-count`, `high-count`, `report-path`
+
+---
+
+## CLI
+
+```bash
+cd backend && pip install -e .
+
+chainaudit scan contract.sol               # single file
+chainaudit scan ./contracts --recursive    # directory
+chainaudit scan contracts.zip              # zip archive
+chainaudit scan contract.sol --json        # JSON output
+chainaudit scan contract.sol --ml-only     # skip simulation
+```
+
+Exit code `1` on CRITICAL findings — blocks deployments in CI.
+
+---
+
+## Local Development
+
+```bash
+# Backend
+cd backend
+python -m venv .venv && source .venv/bin/activate
+pip install -r requirements.txt
+uvicorn api:app --reload
+
+# Frontend
+cd frontend
+npm install && npm run dev
+```
+
+**`frontend/.env.local`**
+```
+NEXT_PUBLIC_SUPABASE_URL=your_supabase_url
+NEXT_PUBLIC_SUPABASE_ANON_KEY=your_supabase_anon_key
+NEXT_PUBLIC_API_URL=http://localhost:8000
+```
+
+**Docker**
+```bash
+cp docker-compose.example.yml docker-compose.yml
+docker compose up --build
+```
+
+---
+
+## API
+
+`POST /scan` — single `.sol` file
+`POST /scan/zip` — multiple contracts (max 20 files, 5MB)
+
+```json
+{
+  "risk_score": 86,
+  "total_findings": 6,
+  "findings": [
+    {
+      "title": "Reentrancy",
+      "severity": "CRITICAL",
+      "ml_exploitability": "CRITICAL",
+      "ml_confidence": 0.96,
+      "occurrences": 7,
+      "chain": "arbitrum",
+      "l2_detected": true
+    }
+  ]
+}
+```
+
+---
+
+## Vulnerability Coverage
+
+**EVM (all chains) — 16 rules**
+
+| Severity | Rules |
+|----------|-------|
+| CRITICAL | Reentrancy, Reentrancy with Unlimited Gas, Controlled Delegatecall |
+| HIGH | Unchecked Token Transfer, Arbitrary ETH Send, Weak Randomness, tx.origin Auth, Selfdestruct Risk, Access Control, Unchecked Low-level Call |
+| MEDIUM | Timestamp Dependence, Unchecked Send, Deprecated Standards |
+| LOW | Missing Zero Check, Incorrect Equality, Missing Events, Naming Convention |
+
+**L2 / Arbitrum / Optimism — 12 rules**
+
+| Severity | Rules |
+|----------|-------|
+| CRITICAL | Cross-Chain Replay Attack, Bridge Reentrancy, Proxy Storage Collision, msg.value Misuse |
+| HIGH | L2 Block Number Assumption, L2 Timestamp Assumption, Sequencer Dependence, Address Aliasing, Unvalidated Bridge Sender |
+| MEDIUM | Force-Include Griefing, Gas Price Assumption, Optimism Deposit Griefing |
+
+L2 rules are **auto-detected** — the scanner reads contract source for Arbitrum/Optimism identifiers (`ArbSys`, `xDomainMessageSender`, `IL2Bridge` etc.) and injects chain-specific findings automatically.
+
+---
+
+## ML Pipeline
+
+Trained on SmartBugs dataset (143 contracts, 10 vulnerability classes). Random Forest classifier predicts exploitability per finding with a confidence score. 88% accuracy overall — 95% precision on HIGH, 93% on CRITICAL.
+
+---
+
+## Deployment
+
+| | Platform | URL |
+|--|---------|-----|
+| Frontend | Vercel | chainaudit.vercel.app |
+| Backend | Render | smart-contract-auditor-812q.onrender.com |
+| Uptime | UptimeRobot | `/health` pinged every 5 min |
+
+---
+
+## Roadmap
+
+- [x] 16 EVM vulnerability rules + CVSS scoring
+- [x] 12 L2/Arbitrum/Optimism rules with auto-detection
+- [x] ML exploitability prediction
+- [x] Multi-contract zip scanning
+- [x] Supabase auth + scan history
+- [x] CLI tool — `chainaudit scan`
+- [x] GitHub Marketplace Action
+- [x] Docker, Vercel + Render, CI/CD
+- [ ] Solana / Rust support
+- [ ] PyPI — `pip install chainaudit`
+- [ ] Monetize — free/pro tiers, Stripe billing
+- [ ] API keys for enterprise

chainaudit-1.0.1/README.md

@@ -0,0 +1,159 @@
+# ChainAudit
+
+Production-grade smart contract security scanner. Upload a Solidity file or zip, get a real-time audit report with risk scores, ML exploitability predictions, and L2/Arbitrum/Optimism-aware findings.
+
+
+---
+
+## Stack
+
+| | |
+|---|---|
+| Frontend | Next.js 14, TypeScript, Tailwind CSS |
+| Backend | FastAPI, Python 3.11 |
+| Analysis | Slither, solc-select, CVSS-inspired scoring |
+| ML | Random Forest — 88% accuracy (SmartBugs dataset) |
+| Auth | Supabase — email, GitHub, Google OAuth |
+| Deploy | Vercel + Render |
+| CI/CD | GitHub Actions + GitHub Marketplace Action |
+
+---
+
+## GitHub Action
+
+Use ChainAudit in any CI pipeline:
+
+```yaml
+- uses: aizen299/smart-contract-auditor@v1
+  with:
+    target: contracts/
+    fail-on-critical: true
+```
+
+Outputs: `risk-score`, `total-findings`, `critical-count`, `high-count`, `report-path`
+
+---
+
+## CLI
+
+```bash
+cd backend && pip install -e .
+
+chainaudit scan contract.sol               # single file
+chainaudit scan ./contracts --recursive    # directory
+chainaudit scan contracts.zip              # zip archive
+chainaudit scan contract.sol --json        # JSON output
+chainaudit scan contract.sol --ml-only     # skip simulation
+```
+
+Exit code `1` on CRITICAL findings — blocks deployments in CI.
+
+---
+
+## Local Development
+
+```bash
+# Backend
+cd backend
+python -m venv .venv && source .venv/bin/activate
+pip install -r requirements.txt
+uvicorn api:app --reload
+
+# Frontend
+cd frontend
+npm install && npm run dev
+```
+
+**`frontend/.env.local`**
+```
+NEXT_PUBLIC_SUPABASE_URL=your_supabase_url
+NEXT_PUBLIC_SUPABASE_ANON_KEY=your_supabase_anon_key
+NEXT_PUBLIC_API_URL=http://localhost:8000
+```
+
+**Docker**
+```bash
+cp docker-compose.example.yml docker-compose.yml
+docker compose up --build
+```
+
+---
+
+## API
+
+`POST /scan` — single `.sol` file
+`POST /scan/zip` — multiple contracts (max 20 files, 5MB)
+
+```json
+{
+  "risk_score": 86,
+  "total_findings": 6,
+  "findings": [
+    {
+      "title": "Reentrancy",
+      "severity": "CRITICAL",
+      "ml_exploitability": "CRITICAL",
+      "ml_confidence": 0.96,
+      "occurrences": 7,
+      "chain": "arbitrum",
+      "l2_detected": true
+    }
+  ]
+}
+```
+
+---
+
+## Vulnerability Coverage
+
+**EVM (all chains) — 16 rules**
+
+| Severity | Rules |
+|----------|-------|
+| CRITICAL | Reentrancy, Reentrancy with Unlimited Gas, Controlled Delegatecall |
+| HIGH | Unchecked Token Transfer, Arbitrary ETH Send, Weak Randomness, tx.origin Auth, Selfdestruct Risk, Access Control, Unchecked Low-level Call |
+| MEDIUM | Timestamp Dependence, Unchecked Send, Deprecated Standards |
+| LOW | Missing Zero Check, Incorrect Equality, Missing Events, Naming Convention |
+
+**L2 / Arbitrum / Optimism — 12 rules**
+
+| Severity | Rules |
+|----------|-------|
+| CRITICAL | Cross-Chain Replay Attack, Bridge Reentrancy, Proxy Storage Collision, msg.value Misuse |
+| HIGH | L2 Block Number Assumption, L2 Timestamp Assumption, Sequencer Dependence, Address Aliasing, Unvalidated Bridge Sender |
+| MEDIUM | Force-Include Griefing, Gas Price Assumption, Optimism Deposit Griefing |
+
+L2 rules are **auto-detected** — the scanner reads contract source for Arbitrum/Optimism identifiers (`ArbSys`, `xDomainMessageSender`, `IL2Bridge` etc.) and injects chain-specific findings automatically.
+
+---
+
+## ML Pipeline
+
+Trained on SmartBugs dataset (143 contracts, 10 vulnerability classes). Random Forest classifier predicts exploitability per finding with a confidence score. 88% accuracy overall — 95% precision on HIGH, 93% on CRITICAL.
+
+---
+
+## Deployment
+
+| | Platform | URL |
+|--|---------|-----|
+| Frontend | Vercel | chainaudit.vercel.app |
+| Backend | Render | smart-contract-auditor-812q.onrender.com |
+| Uptime | UptimeRobot | `/health` pinged every 5 min |
+
+---
+
+## Roadmap
+
+- [x] 16 EVM vulnerability rules + CVSS scoring
+- [x] 12 L2/Arbitrum/Optimism rules with auto-detection
+- [x] ML exploitability prediction
+- [x] Multi-contract zip scanning
+- [x] Supabase auth + scan history
+- [x] CLI tool — `chainaudit scan`
+- [x] GitHub Marketplace Action
+- [x] Docker, Vercel + Render, CI/CD
+- [ ] Solana / Rust support
+- [ ] PyPI — `pip install chainaudit`
+- [ ] Monetize — free/pro tiers, Stripe billing
+- [ ] API keys for enterprise

chainaudit-1.0.1/chainaudit.egg-info/PKG-INFO

@@ -0,0 +1,194 @@
+Metadata-Version: 2.4
+Name: chainaudit
+Version: 1.0.1
+Summary: Smart contract security scanner — Slither + ML exploitability prediction
+Home-page: https://github.com/aizen299/smart-contract-auditor
+Author: Aditya Raina
+Author-email: rainaaditya58@gmail.com
+License: MIT
+Project-URL: Live, https://chainaudit.vercel.app
+Project-URL: Source, https://github.com/aizen299/smart-contract-auditor
+Keywords: solidity smart-contract security audit slither ethereum arbitrum optimism
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Operating System :: OS Independent
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Quality Assurance
+Requires-Python: >=3.11
+Description-Content-Type: text/markdown
+Requires-Dist: rich
+Requires-Dist: scikit-learn==1.4.0
+Requires-Dist: pandas==2.2.0
+Requires-Dist: numpy==1.26.4
+Requires-Dist: joblib==1.3.2
+Dynamic: author
+Dynamic: author-email
+Dynamic: classifier
+Dynamic: description
+Dynamic: description-content-type
+Dynamic: home-page
+Dynamic: keywords
+Dynamic: license
+Dynamic: project-url
+Dynamic: requires-dist
+Dynamic: requires-python
+Dynamic: summary
+
+# ChainAudit
+
+Production-grade smart contract security scanner. Upload a Solidity file or zip, get a real-time audit report with risk scores, ML exploitability predictions, and L2/Arbitrum/Optimism-aware findings.
+
+
+---
+
+## Stack
+
+| | |
+|---|---|
+| Frontend | Next.js 14, TypeScript, Tailwind CSS |
+| Backend | FastAPI, Python 3.11 |
+| Analysis | Slither, solc-select, CVSS-inspired scoring |
+| ML | Random Forest — 88% accuracy (SmartBugs dataset) |
+| Auth | Supabase — email, GitHub, Google OAuth |
+| Deploy | Vercel + Render |
+| CI/CD | GitHub Actions + GitHub Marketplace Action |
+
+---
+
+## GitHub Action
+
+Use ChainAudit in any CI pipeline:
+
+```yaml
+- uses: aizen299/smart-contract-auditor@v1
+  with:
+    target: contracts/
+    fail-on-critical: true
+```
+
+Outputs: `risk-score`, `total-findings`, `critical-count`, `high-count`, `report-path`
+
+---
+
+## CLI
+
+```bash
+cd backend && pip install -e .
+
+chainaudit scan contract.sol               # single file
+chainaudit scan ./contracts --recursive    # directory
+chainaudit scan contracts.zip              # zip archive
+chainaudit scan contract.sol --json        # JSON output
+chainaudit scan contract.sol --ml-only     # skip simulation
+```
+
+Exit code `1` on CRITICAL findings — blocks deployments in CI.
+
+---
+
+## Local Development
+
+```bash
+# Backend
+cd backend
+python -m venv .venv && source .venv/bin/activate
+pip install -r requirements.txt
+uvicorn api:app --reload
+
+# Frontend
+cd frontend
+npm install && npm run dev
+```
+
+**`frontend/.env.local`**
+```
+NEXT_PUBLIC_SUPABASE_URL=your_supabase_url
+NEXT_PUBLIC_SUPABASE_ANON_KEY=your_supabase_anon_key
+NEXT_PUBLIC_API_URL=http://localhost:8000
+```
+
+**Docker**
+```bash
+cp docker-compose.example.yml docker-compose.yml
+docker compose up --build
+```
+
+---
+
+## API
+
+`POST /scan` — single `.sol` file
+`POST /scan/zip` — multiple contracts (max 20 files, 5MB)
+
+```json
+{
+  "risk_score": 86,
+  "total_findings": 6,
+  "findings": [
+    {
+      "title": "Reentrancy",
+      "severity": "CRITICAL",
+      "ml_exploitability": "CRITICAL",
+      "ml_confidence": 0.96,
+      "occurrences": 7,
+      "chain": "arbitrum",
+      "l2_detected": true
+    }
+  ]
+}
+```
+
+---
+
+## Vulnerability Coverage
+
+**EVM (all chains) — 16 rules**
+
+| Severity | Rules |
+|----------|-------|
+| CRITICAL | Reentrancy, Reentrancy with Unlimited Gas, Controlled Delegatecall |
+| HIGH | Unchecked Token Transfer, Arbitrary ETH Send, Weak Randomness, tx.origin Auth, Selfdestruct Risk, Access Control, Unchecked Low-level Call |
+| MEDIUM | Timestamp Dependence, Unchecked Send, Deprecated Standards |
+| LOW | Missing Zero Check, Incorrect Equality, Missing Events, Naming Convention |
+
+**L2 / Arbitrum / Optimism — 12 rules**
+
+| Severity | Rules |
+|----------|-------|
+| CRITICAL | Cross-Chain Replay Attack, Bridge Reentrancy, Proxy Storage Collision, msg.value Misuse |
+| HIGH | L2 Block Number Assumption, L2 Timestamp Assumption, Sequencer Dependence, Address Aliasing, Unvalidated Bridge Sender |
+| MEDIUM | Force-Include Griefing, Gas Price Assumption, Optimism Deposit Griefing |
+
+L2 rules are **auto-detected** — the scanner reads contract source for Arbitrum/Optimism identifiers (`ArbSys`, `xDomainMessageSender`, `IL2Bridge` etc.) and injects chain-specific findings automatically.
+
+---
+
+## ML Pipeline
+
+Trained on SmartBugs dataset (143 contracts, 10 vulnerability classes). Random Forest classifier predicts exploitability per finding with a confidence score. 88% accuracy overall — 95% precision on HIGH, 93% on CRITICAL.
+
+---
+
+## Deployment
+
+| | Platform | URL |
+|--|---------|-----|
+| Frontend | Vercel | chainaudit.vercel.app |
+| Backend | Render | smart-contract-auditor-812q.onrender.com |
+| Uptime | UptimeRobot | `/health` pinged every 5 min |
+
+---
+
+## Roadmap
+
+- [x] 16 EVM vulnerability rules + CVSS scoring
+- [x] 12 L2/Arbitrum/Optimism rules with auto-detection
+- [x] ML exploitability prediction
+- [x] Multi-contract zip scanning
+- [x] Supabase auth + scan history
+- [x] CLI tool — `chainaudit scan`
+- [x] GitHub Marketplace Action
+- [x] Docker, Vercel + Render, CI/CD
+- [ ] Solana / Rust support
+- [ ] PyPI — `pip install chainaudit`
+- [ ] Monetize — free/pro tiers, Stripe billing
+- [ ] API keys for enterprise

chainaudit-1.0.1/chainaudit.egg-info/SOURCES.txt

@@ -0,0 +1,20 @@
+README.md
+chainaudit_entry.py
+pyproject.toml
+setup.py
+chainaudit.egg-info/PKG-INFO
+chainaudit.egg-info/SOURCES.txt
+chainaudit.egg-info/dependency_links.txt
+chainaudit.egg-info/entry_points.txt
+chainaudit.egg-info/requires.txt
+chainaudit.egg-info/top_level.txt
+ml/predictor.py
+ml/train.py
+src/__init__.py
+src/cli.py
+src/exploit_simulator.py
+src/main.py
+src/report_gen.py
+src/rules.py
+src/scanner.py
+tests/test_cli.py

chainaudit-1.0.1/chainaudit.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

chainaudit-1.0.1/chainaudit.egg-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+chainaudit = chainaudit_entry:main

chainaudit-1.0.1/chainaudit.egg-info/requires.txt

@@ -0,0 +1,5 @@
+rich
+scikit-learn==1.4.0
+pandas==2.2.0
+numpy==1.26.4
+joblib==1.3.2

chainaudit-1.0.1/chainaudit.egg-info/top_level.txt

@@ -0,0 +1,2 @@
+chainaudit_entry
+src

chainaudit-1.0.1/chainaudit_entry.py

@@ -0,0 +1,11 @@
+import sys
+from pathlib import Path
+
+# Always resolves to the backend/ directory where this file lives
+# Works for any user on any machine
+sys.path.insert(0, str(Path(__file__).resolve().parent))
+
+from src.cli import main
+
+if __name__ == "__main__":
+    main()

chainaudit-1.0.1/ml/predictor.py

@@ -0,0 +1,59 @@
+# backend/ml/predictor.py
+import re
+from pathlib import Path
+import joblib
+import pandas as pd
+import numpy as np
+
+MODEL_PATH = Path(__file__).resolve().parent / "exploitability_model.joblib"
+
+CHECK_TO_INT = {
+    "reentrancy-eth": 0, "reentrancy-no-eth": 1, "reentrancy-benign": 2,
+    "reentrancy-events": 3, "arbitrary-send-eth": 4, "controlled-delegatecall": 5,
+    "suicidal": 6, "tx-origin": 7, "unchecked-transfer": 8, "unchecked-lowlevel": 9,
+    "low-level-calls": 10, "weak-prng": 11, "timestamp": 12, "unchecked-send": 13,
+    "incorrect-equality": 14, "missing-zero-check": 15, "events-access": 16,
+    "events-maths": 17, "access-control": 18, "deprecated-standards": 19,
+    "naming-convention": 20, "reentrancy-unlimited-gas": 21,
+}
+
+IMPACT_TO_INT = {"High": 3, "Medium": 2, "Low": 1, "Informational": 0, "Optimization": 0}
+CONFIDENCE_TO_INT = {"High": 3, "Medium": 2, "Low": 1}
+SEVERITY_TO_INT = {0: "LOW", 1: "MEDIUM", 2: "HIGH", 3: "CRITICAL"}
+
+
+class ExploitabilityPredictor:
+    def __init__(self):
+        self._model = None
+
+    def _load(self):
+        if self._model is None and MODEL_PATH.exists():
+            self._model = joblib.load(MODEL_PATH)
+
+    def predict(self, finding: dict, contract_size: int) -> dict:
+        self._load()
+
+        if self._model is None:
+            return {"exploitability": "unknown", "confidence": 0.0}
+
+        check = (finding.get("check") or "").lower().strip()
+        features = pd.DataFrame([{
+    "check_id": CHECK_TO_INT.get(check, -1),
+    "impact": IMPACT_TO_INT.get(finding.get("impact", "Low"), 0),
+    "confidence": CONFIDENCE_TO_INT.get(finding.get("confidence", "Medium"), 1),
+    "contract_size": contract_size,
+    "num_elements": finding.get("occurrences", 1),
+}])
+
+        pred = self._model.predict(features)[0]
+        proba = self._model.predict_proba(features)[0]
+        confidence = float(np.max(proba))
+
+        return {
+            "exploitability": SEVERITY_TO_INT.get(pred, "LOW"),
+            "confidence": round(confidence, 2),
+        }
+
+
+# Singleton
+predictor = ExploitabilityPredictor()