A transparent account of how ContractScan detects vulnerabilities — what each engine does, where it falls short, and what the pipeline cannot catch.
No single analysis technique covers the full threat surface of a Solidity contract. Static analyzers like Slither traverse the control-flow graph and detect well-known anti-patterns quickly, but they reason only about source-code structure — they cannot follow all execution paths through a live EVM. Symbolic execution engines like Mythril reason over bytecode and can uncover paths no linter sees, but they are slow and may time out on complex contracts. Pattern-matching tools like Semgrep excel at named vulnerability classes with low false-positive rates, but they cannot reason about data flow or state transitions. LLM-based engines understand business logic — flash-loan choreography, oracle manipulation, governance edge cases — but are probabilistic and produce more false positives than deterministic tools. By running all engines in parallel and correlating their outputs, ContractScan produces a finding set that is both broader in coverage and higher in signal quality than any single tool alone.
What it does: Static analysis of Solidity source. Slither builds an intermediate representation (SlithIR), performs taint analysis and data-flow tracking, and runs ~92 detectors covering reentrancy, access control, arithmetic issues, storage layout bugs, and ERC compliance. It is fast (seconds) and produces high-confidence findings for well-defined vulnerability classes.
Strengths: Best-in-class coverage of reentrancy variants (including ERC777 and cross-function reentrancy). Strong access-control analysis. Reliable arithmetic checks pre-Solidity 0.8. Low false-positive rate on its highest-confidence detectors.
Known false-positive patterns: Low-impact detectors (naming conventions, unused variables) fire frequently on production code. Reentrancy detectors occasionally flag guarded patterns using non-standard mutexes. Import resolution failures on multi-file projects can cause detectors to silently skip contracts.
What it does: Symbolic execution over EVM bytecode using the Z3 SMT solver. Mythril explores all reachable execution paths and checks whether constraint sets satisfying a vulnerability condition (e.g., "attacker controls ether withdrawal") can be constructed. It maps findings to SWC registry categories, covering 37 vulnerability classes including integer overflow, assert violation, unprotected self-destruct, and delegatecall misuse.
Strengths: Finds execution-path vulnerabilities that source-level tools miss entirely. Integer overflows in complex arithmetic chains. Subtle access-control holes where multiple conditions must align. Unprotected state changes reachable only from specific call sequences.
Known false-positive patterns: Complex DeFi contracts often trigger solver timeouts, producing incomplete results. Symbolic execution cannot model real-world economic constraints — it may flag "theoretically reachable" paths that are economically infeasible. Loop-heavy contracts and contracts with large storage structures hit depth limits.
What it does: AST-aware pattern matching using ~201 ContractScan-written rules. Semgrep rules declaratively describe code patterns — e.g., "unchecked ERC20 transfer return value", "tx.origin used as authorization", "AMM spot price used as oracle" — and match them against the parsed AST with metavariable binding. Rules are tuned for precision over recall to minimise noise.
Strengths: Fastest engine. Easily auditable rules (human-readable YAML). Excellent precision on named vulnerability classes. Catches DeFi-specific patterns (spot-price oracle, single-transaction flash-loan surfaces) that static analyzers underserve.
Known false-positive patterns: Pattern rules cannot track data flow — a rule matching balanceOf(address(this)) as a spot-price oracle will fire even when the value is used only for display. Macros or unusual formatting may confuse the AST parser on very old Solidity versions.
What it does: Rust-based Solidity AST analyzer from the Cyfrin team. Aderyn parses contracts into a typed AST and runs detector modules targeting centralization risks (single-owner patterns with no timelock), unsafe type casts, unused return values, unchecked send/transfer results, and storage-layout issues. Rules are actively maintained by Cyfrin Updraft's smart-contract security curriculum team.
Strengths: Specifically tuned for modern Solidity (≥0.8.x) patterns. Strong centralization risk detection. Fast Rust runtime. Complements Slither by targeting a different detector set with lower overlap.
Known false-positive patterns: Centralization detectors may fire on governance contracts that are intentionally owner-controlled with off-chain checks. Unsafe-cast detectors fire on explicit downcasts that are bounds-checked in the surrounding logic.
What it does: Gas optimisation and code-quality analyzer modeled after the automated findings section of Code4rena audit contests. Runs ~100 checks covering: storage reads in loops, packed structs, unchecked arithmetic in loops, missing event emissions, floating pragma, and deprecated Solidity features.
Strengths: Catches gas inefficiencies that reviewers reliably flag in competitive audits. Useful for contracts that will be gas-sensitive (DEX routers, frequently-called vaults). Findings are actionable and low-ambiguity.
Known false-positive patterns: Gas findings are informational — they indicate suboptimal patterns, not exploitable vulnerabilities. Unchecked-arithmetic suggestions do not apply when the surrounding code has explicit overflow guards or uses SafeMath.
What it does: The AI engine sends contract source code to an LLM with a structured audit prompt enriched by real-world exploit context from the threat intelligence database. It reasons about business logic, token flow, access-control sequences, and cross-function state transitions that deterministic tools cannot model. Findings are categorised by type and assigned a confidence label.
Strengths: Only engine that can reason about economic attack surfaces (flash-loan choreography, sandwich MEV, governance vote manipulation), cross-contract trust assumptions, and off-specification ERC deviations. Provides natural-language explanations and fix guidance that static tools cannot.
Known false-positive patterns: LLMs hallucinate. AI-only findings are labelled potential and should be treated as starting points for manual review, not confirmed vulnerabilities. The model may flag oracle patterns as risky even when the contract uses a robust TWAP. Context-window limits mean very large contracts receive less thorough analysis.
ContractScan enriches engine prompts and scoring with 1482+ real-world exploit records collected from the following sources via weekly automated pipelines. Tier 1 sources are authoritative platforms; Tier 2 reputable community sources; Tier 3 auxiliary narrow-scope references.
| Source | Tier | Description | Coverage |
|---|---|---|---|
| Solodit Audit Reports | Tier 1 — Authoritative | Curated audit findings aggregator by Cyfrin — 16+ top security firms | 795 items · 4d ago |
| DeFiHackLabs | Tier 1 — Authoritative | On-chain exploit PoC replays (SunWeb3Sec); primary real-world incident database ($2B+ documented) | 687 items · 4d ago |
| Rekt.news | Tier 2 — Reputable | DeFi hack post-mortems and investigative analysis via RSS; narrative context for major incidents | 587 items · 4d ago |
| Code4rena | Tier 1 — Authoritative | Public audit competition platform; high-signal findings from top independent wardens | 28 items · 4d ago |
| Sherlock | Tier 1 — Authoritative | Audit + insurance protocol; competitive review reports with economic skin-in-the-game | 28 items · 4d ago |
| SCV-List | Tier 2 — Reputable | Smart Contract Vulnerability List — curated CVE-style SCV-tagged entries (sirhashalot) | 50 items · 4d ago |
| SWC Registry | Tier 1 — Authoritative | Smart Contract Weakness Classification registry; authoritative taxonomy of 37 weakness categories | 37 items · 1800d ago |
Last updated: 2026-04-26
ContractScan is a pre-audit screening tool. The following vulnerability classes are outside its detection capability, regardless of plan tier.
Flash-loan attacks that require analysing AMM liquidity depth, token price impact curves, and multi-protocol capital flows across blocks cannot be modelled from source code alone. Price manipulation profitability depends on real market conditions.
Governance attacks depend on token distribution, voter apathy, and delegation structures — none of which are visible in contract source. A governance contract may be architecturally sound but vulnerable due to off-chain social conditions.
Private key management, multisig key hygiene, admin operational security, and deployment-process vulnerabilities are entirely outside the scope of static contract analysis. The contract itself may be correct while the key controlling it is compromised.
Whether a TWAP oracle is manipulation-resistant depends on its observation window, the liquidity depth of the underlying pool, and whether an attacker can profitably move the market. These are quantitative finance questions, not code questions.
Exploits that depend on the specific implementation of external contracts (e.g., a custom ERC777 hook, a non-standard DEX router, a malicious token) cannot be detected when only one contract is uploaded.
Vulnerability classes that have not yet been documented in the SWC registry, DeFiHackLabs, or public audit findings will not be detected. The tool is reactive to documented attack patterns, not proactive against future ones.
Each finding in the report carries two fields that indicate reliability: ai_confidence and detected_by.
| Label | Meaning | Action |
|---|---|---|
| verified | Two engines using different methodologies (e.g., static + symbolic) both flagged the same issue at the same location. | Investigate immediately. |
| high_confidence | Three or more engines agree, or a single high-precision detector with a strong historical true-positive rate fired. | High priority for manual review. |
| confirmed | Two engines of any type both flagged this issue. | Review; likely genuine. |
| likely | One deterministic static-analysis engine flagged it. May be a false positive depending on context. | Review with context. |
| potential | AI-only finding. The LLM identified a plausible risk that no static tool confirmed. | Treat as hypothesis; verify manually. |
Deduplication: Findings from multiple engines targeting the same source location and vulnerability class are merged into a single entry. The detected_by field lists all contributing engines (e.g., ["slither", "semgrep"]), and the ai_confidence is upgraded based on the cross-engine agreement level described above. This prevents the same bug from appearing multiple times in the report.
ContractScan is built on open-source tools. Full license texts are available at /licenses. Legal notices for all third-party components are at /legal/notices.
| Component | License | Source |
|---|---|---|
| Slither | AGPL-3.0 | github.com/crytic/slither |
| Aderyn | GPL-3.0 | github.com/Cyfrin/aderyn |
| Mythril | MIT | github.com/ConsenSys/mythril |
| Semgrep OSS | LGPL-2.1 | github.com/semgrep/semgrep |
| 4naly3er | MIT | github.com/Picodes/4naly3er |
| ContractScan Semgrep rules | MIT | Custom-written by ContractScan |