Show HN: AuditBase – Solidity Security Scans
auditbase.comI built AuditBase because I was very frustrated with the quality of tools and reports from "reputable" audit firms.
You can scan a solidity file from your computer, verified contract from a block explorer, or integrate with github repos.
Under the hood, it's a python bot that downloads the source and uses Solidity ASTs to generate an analysis of the code & some machine learning for issues that can't purely be caught via static analysis.
There bot checks for over 400 issues in it's current state and more are getting added every week.
Here's an example report that the bot generated: https://app.auditbase.com/share/17229652399
Building the platform has been about a year of trial and error. The hardest part was proving that it's a good tool.
Fortunately, Code4rena launched "bot races" and gave us a proving ground to show that the reports are quality output. It also provides an excellent feedback loop to improve the bot each week.
A few of the top Web3 security researchers have used the tool and provided some amazing feedback:
- https://twitter.com/pashovkrum/status/1707740614270271976 - https://twitter.com/marcobesier/status/1710886639579332652
Current focus is improving the bot and successfully executing the pilot we have going with a few well-known audit firms.
Let me know what you think and if you have any questions. Thank you!
No comments yet.