<<<<<<< HEAD
ChainSec是一个集成多种安全审计工具的智能合约安全分析平台,能够自动检测智能合约中的安全漏洞,并提供详细的分析报告与修复建议。
- 多工具集成: 整合Slither、Mythril、Confuzzius等主流智能合约审计工具
- LLM验证: 使用大语言模型(如GPT)验证漏洞并减少误报
- 智能修复建议: 自动生成针对性的漏洞修复方案
- 统一报告: 汇总多工具的检测结果,提供标准化的报告
- Python 3.8+
- Docker和Docker Compose
- OpenAI API密钥(用于GPT分析)
- 克隆仓库:
git clone https://github.com/YourUsername/ChainSec.git
cd ChainSec- 安装Python依赖:
pip install -r requirements.txt- 配置环境变量:
cp .env.example .env
# 编辑.env文件,填入你的OpenAI API密钥和其他配置- 构建并启动Docker容器:
docker-compose up -d-
将要分析的智能合约放入
contract/audit_folder/目录下 -
运行审计:
python run_audit.py -contract_name YourContract.sol -folder your_folder- 查看结果:
审计结果将生成在
contract/tool_result/results/目录下
- 环境配置与版本处理模块: 记录运行环境信息并设置日志跟踪机制
- 多工具并行审计模块: 利用Docker容器技术实现工具隔离与环境一致性保障
- 条件触发的模糊测试模块: 基于初步结果的智能分析流程
- 结果处理与综合分析模块: 将各工具输出标准化处理,并进行综合判断
MIT
欢迎提交Issue和Pull Request,一起改进这个项目!
- Isolated Execution: Utilizes Docker containers to create isolated environments for each tool, preventing conflicts and ensuring reproducible results.
- Comprehensive Analysis: Combines static analysis, dynamic analysis, and heuristic analysis with advanced AI to offer thorough smart contract audits.
- Automated Workflows: Facilitates automated workflows from code scanning to result aggregation, significantly reducing manual overhead.
- Result Standardization: Transforms raw output data from various formats into a standardized JSON format, making it easier to interpret and analyze.
- AI-Powered Reporting: Leverages a customized GPT model to parse audit findings and generate comprehensive reports that prioritize readability and actionability.
- False Positive Reduction: Applies predefined accuracy ratings of each tool to identify and reduce false positives, focusing on genuine threats.
- Customizable Execution: Offers flexibility in audit execution, allowing for selective runs of individual tools or full-suite scans based on needs.
- Integrative Summaries: Aggregates and correlates findings from different tools to present an integrative view of potential vulnerabilities.
- Cross-Tool Validation: Employs cross-validation methods among different auditing tools to enhance the reliability of the identified issues.
/contract_audit-main: Houses core audit scripts and associated tools./contract_audit/contract: Contains scripts for each auditing tool and result processing scripts./contract_audit/function: Dedicated to scripts for specific contract functions./contract_audit/token_audit: Specialized audit scripts for token-related contracts./contract_audit/result_select: Scripts that process results to highlight significant findings.
Interfaces with the OpenAI API, directing a GPT model to scrutinize smart contract code and produce an organized JSON audit report.
Transforms the raw JSON outputs from security tools like Slither and Mythril into a clear and structured JSON format for further analysis.
Adapts the Confuzzius tool's output into a unified format that integrates seamlessly with results from other tools.
Synthesizes results from all utilized tools, applying predefined rules to confirm the presence of vulnerabilities and generate a comprehensive summary.
Enhances the clarity and precision of audit summaries using a GPT model, culminating in a definitive report that articulates the findings effectively.
- Ensure Docker is properly installed and configured for your system.
- Scripts may require path adjustments to reflect your project's directory structure accurately.
Run the full audit pipeline using the allsystem.sh
- For example:
- export solselect=0.8.3 contractname=test0 folder=. myth_time=40
- ./allsystem_start.sh
- cat /home/sun/ChainSec/contract_audit/contract/tool_result/results/${contractname}.json
Refer to the script files within the repository for more comprehensive usage instructions.
Contributions are encouraged. If you find an issue or have a suggestion, please open an issue or make a pull request.
The detailed licensing information can be found in the LICENSE file within the repository.
For inquiries or support, open an issue in the repository, and a maintainer will provide assistance.
Note: Deployment in actual environments requires Docker setup and may necessitate path modifications in the scripts to match your specific configuration.
=======
智能合约安全审计工具
c63fd103fada4e0d958c5b644d22c78aa191e7d8