Skip to content

neyedhayo/vAIcontract

BranchesTags

Repository files navigation

vAIcontract

Smart Contract AI Vulnerability Detector with On-Chain Reporting

Overview

vAIcontract is an advanced tool designed to analyze Ethereum smart contracts for vulnerabilities using a combination of AI and static analysis. It streamlines the process of detecting, reporting, and storing security issues in smart contracts, with the added capability of on-chain report storage for transparency and auditability.

The project is built in Go, Python, and JavaScript, and leverages a modular architecture, and integrates with blockchain networks for secure vulnerability reporting.

Features (*still in development)

  • AI-Powered Analysis: Uses machine learning and static analysis to detect vulnerabilities in Solidity smart contracts.
  • Modular CLI Tool: Analyze contracts, select detection models, specify output formats, and more via a flexible command-line interface.
  • On-Chain Reporting: Optionally store vulnerability reports directly on the blockchain for immutable record-keeping.
  • Customizable & Extensible: Easily add new detection models or integrate with other blockchain networks.
  • Modern DevOps Ready: Includes scripts for local blockchain setup and is designed for containerized deployment.

Getting Started

Prerequisites

  • Go (v1.18+ recommended)
  • Python (for AI model integration)
  • Node.js (for Hardhat network)
  • npm
  • Docker (optional, for containerized workflows)

Clone the Repository

git clone https://github.com/username/vAIcontract.git
cd vAIcontract

Install Go Dependencies

go mod download

Set Up Local Blockchain Network

To launch a local Ethereum network using Hardhat:

bash scripts/start-network.sh

This will:

  • Check/install Node.js and Hardhat
  • Install Hardhat Toolbox dependencies
  • Launch a local node on localhost:8545 (chainId 1337)

Analyze a Smart Contract

go run ./cmd/analyzer analyze path/to/VulnerabilityRegistry.sol

Example with On-Chain Storage

go run ./cmd/analyzer analyze path/to/VulnerabilityRegistry.sol \
  --store-onchain \
  --network Sepolia \
  --contract-addr 0xYourContractAddress \
  --report-uri ipfs://yourReportUri \
  --signature "yoursignature"

CLI Options

  • --output, -o: Output format (text, json)
  • --model, -m: AI model to use (codebert, custom)
  • --detectors, -d: Specific detectors to use
  • --store-onchain: Store report on blockchain
  • --network: Blockchain network (e.g., goerli)
  • --contract-addr: VulnerabilityRegistry contract address
  • --report-uri: URI for report storage (e.g., IPFS)
  • --signature: Signature for report validation

Project Structure

cmd/analyzer/         # CLI entrypoint
core/analyzer/        # Analysis engine and pipeline
core/blockchain/      # Blockchain integration (client, storage)
core/model/           # Report and vulnerability models
solidity/             # Smart contracts and tests
scripts/              # Helper scripts (network, etc.)

Contributing

Contributions are welcome! To get started:

  1. Fork the repository
  2. Create a new branch (git checkout -b feature/YourFeature)
  3. Make your changes and commit them
  4. Push to your fork and open a Pull Request

Please see CONTRIBUTING.md for more details (*coming soon).

Roadmap

  • AI-powered vulnerability detection
  • On-chain report storage
  • CLI tool with flexible options
  • Dockerization and deployment pipelines
  • Comprehensive test suite
  • Extended blockchain and ML integrations

License

This project is licensed under the MIT License. See LICENSE for details.

Contact

For questions, issues, or feature requests, please open an issue or contact the maintainer at [email protected]].

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages