Our Analysis Methodology
A transparent look at how ContractScan detects smart contract vulnerabilities.
Static Analysis Layer
ContractScan uses Slither, an industry-leading open-source static analysis framework for Solidity, as its foundation.
Slither is developed by Trail of Bits and is trusted by major DeFi protocols.
AI Enhancement Layer
Analysis results are enriched by large language models that provide:
- Natural-language explanations of each vulnerability
- Context-aware remediation suggestions
- Severity assessment based on exploit patterns
- References to real-world incidents where similar vulnerabilities were exploited
Vulnerability Coverage (23+ patterns)
| Category |
Examples |
SWC Reference |
| Reentrancy | State changes after external calls | SWC-107 |
| Access Control | Unprotected functions, tx.origin misuse | SWC-105, SWC-115 |
| Arithmetic | Overflow/underflow, division before multiply | SWC-101 |
| Denial of Service | Failed call loops, msg.value in loops | SWC-113 |
| Randomness | Predictable PRNG sources | SWC-120 |
| Upgrade Safety | Unprotected upgrade functions | SWC-118 |
| Low-level Calls | Unchecked return values, dangerous delegatecall | SWC-104, SWC-112 |
| State Management | Uninitialized storage, variable shadowing | SWC-109, SWC-119 |
| Self-destruct | Unprotected selfdestruct calls | SWC-106 |
What We Reference
- SWC Registry — Smart Contract Weakness Classification
- DeFiHackLabs — Real-world exploit database
- Trail of Bits security research
- OpenZeppelin security best practices
Scope & Limitations
✓ ContractScan CAN detect:
- Known static vulnerability patterns listed above
- Common Solidity anti-patterns
- Basic access control issues
- Standard reentrancy patterns
✗ ContractScan CANNOT detect:
- Business logic errors specific to your protocol
- Flash loan attack vectors
- Price oracle manipulation
- Governance attack scenarios
- Cross-contract interaction exploits not visible in a single file
- Economic/game-theoretic vulnerabilities
- Zero-day vulnerabilities not yet catalogued