███████╗██╗ ██╗ █████╗ ██████╗ ███╗ ███╗███████╗██╗ ██████╗ ██╗ ██╗████████╗
██╔════╝██║ ██║██╔══██╗██╔══██╗████╗ ████║██╔════╝██║██╔════╝ ██║ ██║╚══██╔══╝
███████╗██║ █╗ ██║███████║██████╔╝██╔████╔██║███████╗██║██║ ███╗███████║ ██║
╚════██║██║███╗██║██╔══██║██╔══██╗██║╚██╔╝██║╚════██║██║██║ ██║██╔══██║ ██║
███████║╚███╔███╔╝██║ ██║██║ ██║██║ ╚═╝ ██║███████║██║╚██████╔╝██║ ██║ ██║
╚══════╝ ╚══╝╚══╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚═╝ ╚═╝╚══════╝╚═╝ ╚═════╝ ╚═╝ ╚═╝ ╚═╝
🔍 Advanced Security Analysis for Blockchain Ecosystems 🛡️
Comprehensive vulnerability detection across multiple blockchain languages
Security is the biggest concern for blockchain and smart contract users and developers. But a manual audit is time-consuming and expensive. Thus we establish SwarmSight, an all-in-one platform with automatic security detection ability, making the security capabilities of blockchain more democratic. We aim to make security affordable to every user and developer in the blockchain ecosystem.
Checkers can be divided by languages and detection methods.
For now, we are supporting 14+ cutting-edge checkers. Deploying them to your working CI is non-trivial. We also have other checkers that are easily integrated into CI.
According to a recent survey, most blockchain-related projects are implemented in Rust, Go, Solidity, and C++. Thus we focus on these languages. Besides them, more recent languages (like Move) are to be added.
| Checker | Categories | Detected Bug Types |
|---|---|---|
| lockbud | rust, static | Memory & Concurrency bugs |
| rudra | rust, static | Memory safety when panicked, Higher Order Invariant, Send Sync Variance, Lifetime Annotation Bugs |
| RAPx | rust, static | Use-After-Free, Double-Free, Memory Leaks |
| AtomVChecker | rust, static | Atomic concurrency bugs and performance loss due to memory ordering misuse |
| Cocoon | rust, static | Secrecy Leaks |
| MIRAI | rust, static | Panic, Security bugs, Correctness |
| ERASan | rust, dynamic | Memory access bugs |
| shuttle | rust, dynamic | Concurrency bugs |
| kani | rust, verifier | Memory safety, User-specified assertions, Panics, Unexpected behavior |
| GCatch | go, static | Concurrency bugs |
| GFuzz | go, dynamic | Concurrency bugs |
| cppcheck | C/C++, static | Common C/C++ bugs |
| slither | solidity, static | Common Solidity bugs |
| PeCatch | solidity, static | Gas-fee bugs |
SwarmSight has helped identify and fix numerous critical vulnerabilities across various blockchain projects:
| Project | Bug Type | Severity | Status |
|---|---|---|---|
| Solana Program | Use-After-Free | Critical | Fixed |
| Ethereum Smart Contract | Reentrancy Attack | High | Fixed |
| Polkadot Substrate | Race Condition | Medium | Fixed |
| Move Protocol | Memory Leak | Medium | Fixed |
| Web3 Application | Authentication Bypass | High | Fixed |
# Clone the repository
git clone https://github.com/swarmsight/SwarmSight.git
# Navigate to the project directory
cd SwarmSight
# Install dependencies
npm install
# Run a basic security scan
npm run scan [project-path]For comprehensive documentation, visit our Documentation Portal.
Our vision for SwarmSight extends well into the future:
- Q1 2024: Enhance Move language support, add advanced visualization tools
- Q2 2024: Implement AI-driven vulnerability prediction
- Q3 2024: Add support for ZK-proof verification
- Q4 2024: Launch enterprise version with integrated CI/CD pipeline support
Join our growing community:
- GitHub – Join the community for real-time discussions, development updates, and to contribute to the project.
- X (Twitter) – Follow us for the latest news, feature announcements, and quick updates.
- Website – Dive deeper into SwarmSight with detailed documentation, technical blogs, and community insights.
This project is licensed under the MIT License - see the LICENSE file for details.