safemyprivacy0-bit/audit-sol

# audit-cli Fast, pattern-based smart contract security scanner for Solidity. Detects reentrancy, access control gaps, oracle issues, unchecked calls, and 15+ vulnerability classes. ## 安装 ``` npx @onebrain/audit-cli ``` Or install globally: ``` npm install -g @onebrain/audit-cli ``` ## 用法 ``` # 扫描本地文件 audit-sol MyContract.sol # 扫描合约目录 audit-sol contracts/ --dir # 从链获取并扫描已验证合约 audit-sol 0x1234...abcd --chain ethereum audit-sol 0x1234...abcd --chain base audit-sol 0x1234...abcd --chain arbitrum audit-sol 0x1234...abcd --chain optimism # 从 GitHub 扫描 audit-sol https://github.com/user/repo/blob/main/src/Contract.sol # 保存报告 audit-sol contracts/ --dir > audit-report.md ``` ## 支持的链 | Chain | Explorer | |-------|----------| | Ethereum | Etherscan | | Base | Basescan | | Arbitrum | Arbiscan | | Optimism | Optimistic Etherscan | Set API keys via environment variables: ``` export ETHERSCAN_API_KEY=your_key export BASESCAN_API_KEY=your_key export ARBISCAN_API_KEY=your_key export OPTIMISM_API_KEY=your_key ``` ## 漏洞类别 | ID | Severity | Name | |----|----------|------| | REENTRANCY-01 | CRITICAL | State change after external call | | REENTRANCY-02 | CRITICAL | Transfer before state update | | DELEGATECALL-01 | CRITICAL | Delegatecall to user-controlled address | | SELFDESTRUCT-01 | CRITICAL | selfdestruct usage | | ARBITRARY-CALL-01 | CRITICAL | Arbitrary low-level call with user input | | ACCESS-01 | HIGH | Missing access control on sensitive function | | ORACLE-01 | HIGH | Chainlink stale price check missing | | FLASH-01 | HIGH | Token balance used for access control | | UNCHECKED-CALL-01 | HIGH | Unchecked low-level call return value | | TX-ORIGIN-01 | HIGH | tx.origin used for authentication | | FRONTRUN-01 | MEDIUM | Missing slippage protection | | CENTRALIZATION-01 | MEDIUM | Single admin can drain/pause | | PRECISION-01 | MEDIUM | Division before multiplication | | TIMESTAMP-01 | MEDIUM | Block timestamp dependency | | APPROVAL-01 | MEDIUM | ERC20 approval race condition | | GAS-01 | LOW | Unbounded loop over array | | FLOATING-01 | LOW | Floating pragma | | SHADOW-01 | LOW | Variable shadowing | ## 输出 Generates a Markdown report with: - Summary table (findings by severity) - Overall risk score - Detailed findings with code context and recommendations ## 限制 This is a static pattern matcher — it catches common vulnerability patterns but: - May produce false positives - Cannot detect complex logic bugs - Does not replace manual expert review or formal verification For thorough audits, combine with fuzzing (Echidna/Foundry), symbolic execution (Halmos), and manual review. ## 许可证 MIT

标签：Arbiscan, Basescan, CMS安全, DeFi 安全, Etherscan, GNU通用公共许可证, JavaScript, Node.js, npm, Optimistic Etherscan, Oracle 漏洞, Solidity 扫描, Streamlit, TypeScript, XML 请求, 云安全监控, 区块链安全, 合约审计, 安全开发, 安全插件, 开源安全工具, 智能合约安全, 未检查调用, 模式匹配, 自动化资产收集, 自定义脚本, 访问控制, 逆向工程平台, 重入漏洞, 链上安全, 静态分析, 默认DNS解析器