Hybrid Solidity auditing

Chainvet

Security tools often force auditors to choose between slow execution and overwhelming noise. Chainvet removes this friction. By combining precise static detectors with symbolic path reasoning and runtime fuzzing, it produces a unified set of verified vulnerabilities in minutes.

View repository Explore report output

Ultra fast execution speed High precision scanning and filters Auditor ready reports in seconds

Static analysiscompiler-aware detection

Symbolic executionpath reasoning & constraints

Fuzzingruntime evidence & PoC

Pipeline

Hybrid analysis is the advantage.

Our engine runs multiple verification layers in a single pass. When compiler configurations fail, a robust AI fallback parser continues scanning automatically to prevent workflow interruptions.

01 / Detector layer

Compiler-aware structure first.

Chainvet starts with Solidity structure, compiler metadata, and fallback parsing so later checks have a consistent view of contracts and functions.

frontend: Solidity structure
fallback: parser hints
output: normalized contracts

Generated reports

AI-powered, auditor-ready reports in seconds.

Export audit logs with complete finding context, detailed exploit explanations, Solidity proof of concept runs, and step by step remediation details to prepare protocols for production.

Generated Chainvet PDF Open full PDF

If the embedded viewer is unavailable, open the generated report PDF.

chainvet.dev/dashboard/contracts

Security Posture

3 contracts · hybrid · 4s

2High

3Medium

5Low

1Info

Recent Findings

Reentrancy in withdraw() Vault.sol:42

Unprotected Ether Withdrawal Vault.sol:58

Unchecked Low-Level Call Reentrancy.sol:20

Tx.origin Authentication Token.sol:31

Timestamp Dependency Vault.sol:7

Vulnerability Log

High Reentrancy in withdraw() Vault.sol · Line 42

High Unprotected Ether Withdrawal Vault.sol · Line 58

Medium Unchecked Low-Level Call Reentrancy.sol · Line 20

Medium Tx.origin Authentication Token.sol · Line 31

Low Timestamp Dependency Vault.sol · Line 7

Low Shadowing State Variable Token.sol · Line 12

Analysis Settings

Hybrid Fuzzing Engine Run dynamic fuzzing tests to construct proof-of-concept evidence.

AI Review Assistant Deduplicate and filter low-signal findings automatically using LLMs.

Symbolic Execution Path Limit Maximum execution depth to trace path constraints.

10,000 steps

Target Directory Root folder to observe for changes and run security diagnostics.

./contracts

Web UI

A centralized environment for complex audits.

Visualize repository layouts, view evidence files for reentrancy bugs, and track contract health indicators on a centralized dashboard built for auditor productivity.

Navigate complex workspace structures visually.
Surface critical threats with severity breakdown and evidence chains.
Export PDF and Markdown reports directly from the dashboard.

Reentrancy.sol | Chainvet

CHAINVET ···

Analysis complete 3 findings

Target · Reentrancy.sol

Engine · hybrid

Elapsed 4s

Severity breakdown

High 1

Medium 1

Low 1

1pragma solidity ^0.4.24;

3contract Vault {

4 mapping(address => uint256) public balances;

6 function deposit() external payable {

7 lastBlock = block.timestamp;

8 balances[msg.sender] += msg.value;

9 }

11 function withdraw() external {

12 (bool ok,) = msg.sender.call.value(balances[msg.sender])();

13 require(ok);

14 balances[msg.sender] = 0;

15 }

16}

18contract Receiver {

19 function trigger(address target) external {

20 target.call(bytes4(keccak256("withdraw()")));

21 }

22}

▶ Chainvet: Analyze Current File
$ chainvet --hybrid Reentrancy.sol --json
  frontend   Solidity structure loaded
  pipeline   detector + path + runtime evidence
  surface    deduplicate & suppress low-signal
✓ 3 findings surfaced (1 high · 1 medium · 1 low)
✓ diagnostics updated

ChainvetSolidityUTF-8Ln 12, Col 5

VS Code extension

Run the workflow where Solidity is already open.

The extension surfaces diagnostics, finding details, target selection, and report generation directly in the sidebar.

Analyze the active file, workspace, or a selected folder.
Jump from a finding to its source location.
Generate cached PDF or Markdown reports after analysis.

CI/CD Integration

Every commit meets the highest security standards.

Add security audits directly to your push and pull request pipelines. Automated scans run on every check in, stopping vulnerability leaks before deployment.

Zero-config GitHub Action and GitLab CI template.
Fails the build on high-severity findings.
Auto-uploads PDF report as pipeline artifact.

Security Audit · main ✓ passed

Security Audit on push to main · completed in 54s

✓Checkout repository2s

✓Setup environment12s

✓chainvet --hybrid ./contracts4s

✓Generate PDF report1s

✓Upload artifacts3s

# .github/workflows/audit.yml
name: Security Audit
on: [push, pull_request]

jobs:
  chainvet:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: chainvet/action@v1
        with:
          mode: hybrid
          report: pdf
          fail-on: high

Evaluation

Maximizing precision and recall.

Evaluated across leading smart contract datasets, our engine balances high threat coverage with signal accuracy to minimize time spent filtering false warnings.

01Not-so-smart

Manual review against classic vulnerable Solidity patterns.

02SweetD Suite

Complex decentralized finance (DeFi) logic anomalies.

03SmartBugs Curated

Official vulnerability datasets with family-level scoring and overlaps.

04SolidiFI Benchmark

Synthetic vulnerability insertion and systematically injected tests.

05BNB Chain Dataset

Expert-verified ground truth across 2,941 real BNB projects.

06AI & OpenZeppelin

Adversarial testing with complicated AI-generated files and frameworks.

Hybrid audit workflow

Install Chainvet and generate your first report.

Open