SolidityScan
SolidityScan is a cloud-based tool that scans smart contract code to find vulnerabilities and generate audit reports post-mitigation. It scans smart contract code to detect security vulnerabilities and anti-patterns. The tool integrates into development pipelines to analyze code and flag vulnerabilities. It produces audit reports highlighting potential security risks in the code. [1]
Overview
SolidityScan provides a comprehensive suite of features aimed at bolstering smart contract security: [1]
-
Quickscan for Deployed Contracts: Users can swiftly scan contracts deployed on supported explorers.
-
Project Scanning: The platform supports scanning of both public and private repositories hosted on GitHub.
-
On-Chain Contract Scanning: It enables users to initiate scans for contracts deployed across Ethereum, Binance Smart Chain, Polygon, Avalanche, and Fantom networks.
-
File Upload and Scan: Users can upload and scan .sol files directly on the platform.
-
Report Generation and Publication: The tool facilitates the generation of detailed vulnerability reports, which can be shared via public links once issues are addressed.
-
Integrations: SolidityScan integrates seamlessly with GitHub repositories, allowing for automated scanning of private repositories.
-
SolidityScan SDK and Visual Studio Code Extension: Additional functionalities are available through the SDK and Visual Studio Code extension, enhancing development workflows.
Quickscan
Quickscan allows users to quickly assess deployed smart contracts by checking their code on supported explorers for various blockchain networks. Supported networks include Ethereum (etherscan.io), Binance Smart Chain (bscscan.com), Polygon (polygonscan.com), Fantom (ftmscan.com), Avalanche (snowtrace.io), Cronos (cronoscan.com), Arbitrum (arbiscan.io), Celo (celoscan.io), Aurora (explorer.aurora.dev), ReefScan (reefscan.com), Optimism (optimism.io), Buildbear (buildbear.io), XDC (xdc.blocksscan.io), Blockscout (blockscout.com), and Routescan (routescan.io). [2]
This feature simplifies the process of identifying vulnerabilities in deployed contracts, ensuring efficient security assessments across multiple blockchain ecosystems. [2]
Scanning a Online Git Repository
SolidityScan provides a straightforward process for scanning projects. Users begin by creating an account on SolidityScan's website. Once logged in, they can initiate scanning for their solidity projects. [3]
To start, users enter project details like the project name and its Git repository link. They should ensure the link leads to a repository containing Solidity (.sol) files, supported on platforms like Gitlab, GitHub, and Bitbucket. For private repositories, users integrate their GitHub/Gitlab/Bitbucket accounts from the Integrations tab and specify if the repository is public or private. [3]
Next, users select the branch containing the project to scan, defaulting to the primary branch on GitHub. They can also choose specific .sol files and folders for scanning; other file types are excluded. [3]
SolidityScan offers the option to set up webhooks for Git Actions, triggering scans automatically when new commits are pushed to the branch. This feature supports GitHub, Bitbucket, and Gitlab repositories owned by the user. [3]
After configuring settings, users start the scan by clicking Start Scan. They monitor progress and review detailed results upon completion. [3]
Post-scan, users access comprehensive results, including an overview of security status and specifics on identified issues and vulnerabilities. Detailed results provide insights into individual issues, with options to expand descriptions and manage code view visibility. [3]
SolidityScan allows users to filter and update bug statuses based on severity, confidence in vulnerability detection, and bug status (e.g., Won't Fix or False Positive). Users can provide comments to improve scanner performance. [3]
A scan history feature lets users review past and re-scans, while settings allow updates to files and directories for future scans. Webhook settings manage ongoing security monitoring via GitHub Actions. [3]
Scanning Deployed Contracts
SolidityScan offers a feature to scan specific deployed contracts whose code is accessible on supported explorers across various blockchain networks. These networks include Ethereum (etherscan.io), Binance Smart Chain (bscscan.com), Polygon (polygonscan.com), Fantom (ftmscan.com), Avalanche (snowtrace.io), Cronos (cronoscan.com), Arbitrum (arbiscan.io), Celo (celoscan.io), Aurora (explorer.aurora.dev), ReefScan (reefscan.com), Optimism (optimism.io), Buildbear (buildbear.io), XDC (xdc.blockscan.io), Blockscout (blockscout.com), and Routescan (routescan.io). [4]
This functionality allows users to assess the security and integrity of deployed smart contracts by leveraging the respective explorer platforms. It enables verification of code vulnerabilities and ensures transparency in blockchain-based application security assessments. [4]
Organizations
SolidityScan allows Pro and Custom plan users to create and manage organizations. This feature enables users to add members to their organization and assign specific roles based on resource access needs. Importantly, members added to the organization do not require an active plan themselves, facilitating seamless collaboration and resource management within the platform. [5]
Buddy Program
SolidityScan's Buddy Program offers several partnership opportunities across different verticals: [6]
- Strategic Partners or Affiliates focus on promoting SolidityScan within their networks without rebranding. They earn 15% of the sale value post taxes.
- Innovation Partners or Security Layer Partners integrate SolidityScan into their web3 projects, providing users with dedicated promo codes for trial scans. They benefit from unlimited API calls per month and participate in joint marketing activities.
- Audit Partners, specifically for Credshields, follow a commission structure similar to Innovation Partners.