This Node.js script is designed for static analysis of Solidity smart contracts. It helps quickly identify potentially dangerous patterns in .sol files that are commonly associated with vulnerabilities.
The script searches for well-known security red flags using regex patterns:
| Pattern | Why Itβs Dangerous |
|---|---|
fallback() / receive() |
Can lead to unintended Ether reception or behavior |
.call() |
Prone to reentrancy attacks if not handled safely |
.delegatecall() |
Executes code in the caller's context β very risky |
selfdestruct() |
Destroys the contract, which can lead to fund loss |
tx.origin |
Vulnerable to phishing-style attacks if used for auth |
block.timestamp / block.number |
Can be manipulated for unsafe randomness or logic |
blockhash() / block.difficulty |
Also misused for randomness β not secure |
- Takes a directory or
.solfile path as input from the command line. - Recursively scans for
.solfiles inside the directory. - Reads each file line by line and accumulates lines into a buffer until
{is found (to detect multi-line patterns). - If any dangerous pattern matches, it adds a
β οΈwarning to the line where the block starts. - It saves the modified file so you can easily spot risk areas in your IDE.
- Fast scanning tool to help during initial audit stages.
- Helps prioritize manual code review by highlighting high-risk areas.
- Can be integrated into a larger automated auditing pipeline (CI/CD).
- Saves time in bounty programs where quick bug spotting is crucial.
Hot to use?
node XXBOT.js File.sol