SolidGuard AI

AI-powered smart-contract auditor with 115 vulnerability detectors across Solidity, Rust, Move, Vyper, and Cairo. Every scan combines static analysis (Slither, Mythril) with an LLM pass that catches context-dependent bugs rules miss.

What SolidGuard does

You paste a contract or POST a file, SolidGuard runs it through a multi-stage pipeline, and returns a JSON report of findings ranked by severity with explanations a human can actually act on. The pipeline is:

Language detection — identifies Solidity / Rust / Move / Vyper / Cairo from file extension and AST signals.
Static analysis — runs the appropriate analyzer: Slither for Solidity, cargo-geiger + custom rules for Rust, Aptos Move Prover for Move, Mythril for deeper EVM symbolic execution.
Pattern matching — cross-references 2,000+ vulnerability patterns from past Code4rena, Sherlock, and Immunefi audits.
AI review — sends the code + static findings to a reasoning model (Claude, GPT, or local Ollama) which catches bugs the rules missed and triages false positives.
Severity scoring — each finding gets Critical / High / Medium / Low / Info with CVSS-style reasoning.

Supported languages

Language	Extensions	Static analyzer	Primary targets
Solidity	`.sol`	Slither + Mythril	Ethereum, L2s, all EVM chains
Rust	`.rs`	cargo-geiger + custom rules	Solana, NEAR, Substrate
Move	`.move`	Move Prover + Zellic patterns	Aptos, Sui
Vyper	`.vy`	Vyper compiler + AST walker	Ethereum (Curve-style protocols)
Cairo	`.cairo`	Cairo analyzer + custom rules	Starknet

Using the web UI

The fastest way to scan a contract: paste the source at threatchain.io/solidguard. No signup required for the free tier.

Paste your source code
Drop a single file or paste the code into the editor. SolidGuard auto-detects language from the first 500 bytes.
Click "Scan"
Scans typically finish in 5–30 seconds. Longer for projects > 500 lines.
Review findings
Findings appear grouped by severity. Click any finding to see the vulnerable line range, the reasoning, and a recommended fix.
Export
Download the report as JSON, Markdown, or PDF. Markdown plugs directly into GitHub issues.

Free tier: 5 scans/day up to 1,000 LOC each. The Pro tier ($29/mo or $29 one-time as a Founding Member) removes both limits.

Scanning via API

For CI pipelines, IDE plugins, or bulk audits, use the REST API directly. The endpoint accepts either a raw source string or a base64-encoded archive.

Single-file scan

POST/scan

curl -X POST "https://threatchain.io/scan" \
  -H "Content-Type: application/json" \
  -d '{
    "code": "pragma solidity ^0.8.0; contract C { ... }",
    "language": "solidity",
    "ai_review": true
  }'

Request fields

Field	Type	Description
`code`	string	Raw source. Max 50 KB for free tier.
`language`	string	Optional — forces language. Otherwise auto-detected.
`ai_review`	bool	Enable LLM pass. Default `true`.
`model`	string	Optional — `claude`, `gpt`, or `ollama`. Default chooses best available.

Response

{
  "scan_id": "sg_01HJKMPQ...",
  "language": "solidity",
  "lines_of_code": 142,
  "findings": [
    {
      "id": "SG-REENTRANCY-001",
      "severity": "high",
      "title": "Reentrancy in withdraw()",
      "line": 42,
      "line_end": 51,
      "cwe": "CWE-841",
      "description": "External call before state update...",
      "recommendation": "Apply checks-effects-interactions or a ReentrancyGuard...",
      "source": "slither+ai"
    }
  ],
  "summary": { "critical": 0, "high": 1, "medium": 2, "low": 3, "info": 1 },
  "duration_ms": 7421
}

Multi-file projects

For Foundry or Hardhat projects: tar the src/ directory, base64-encode, and POST.

# From your project root
tar czf - src/ | base64 > project.b64

curl -X POST "https://threatchain.io/scan" \
  -H "Content-Type: application/json" \
  -H "X-API-Key: tck_live_yourkey" \
  -d @- '{
    "archive_b64": "...",
    "archive_format": "tar.gz",
    "language": "solidity",
    "entry_point": "src/MyToken.sol"
  }'

If your project has external dependencies (e.g. OpenZeppelin), either include them in the tarball or configure remappings in the request. SolidGuard imports @openzeppelin/contracts, @solmate, and common libs automatically.

Reading findings

Every finding has the same shape. Read it top-to-bottom: severity first, then the vulnerable code range, then the reasoning, then the fix. If you only have 30 seconds, read severity + title + recommendation.

Severity scale

Severity	Meaning	SLA
Critical	Direct loss of funds or total system compromise. Attacker can drain any user's balance, mint unlimited tokens, take ownership, or bypass all access control.	Fix before any deployment
High	Conditional loss of funds — requires specific state or privileged action but attacker profits when conditions hit. Includes oracle manipulation, governance bypass, and most DoS that blocks critical paths.	Fix before mainnet launch
Medium	Loss of UX guarantees, griefing, gas inefficiency, or edge-case bugs that don't yield profit but break assumptions.	Fix in next release
Low	Code quality, missing events, small gas wins, hardening opportunities.	Address when touching the code
Info	Style, documentation, naming. Not a bug.	Optional

Detectors list

115 built-in detectors across the five languages. The big categories:

Reentrancy — classic, cross-function, cross-contract, read-only (13 variants)
Access control — missing onlyOwner, broken role assignment, initializer reinit
Arithmetic — overflow, division rounding, truncation in unsafe casts
Oracle & price — single-source oracles, stale timestamps, latestAnswer without updatedAt check, missing L2-sequencer check
Flashloan / MEV — callback reentrancy, sandwich-exploitable paths
Signature / EIP-712 — missing domain separator, replay risk, malleability
Proxy / upgradeability — uninitialized implementation, storage-layout collisions, delegatecall injection
Unchecked calls — call/send/transfer return ignored, low-level call without success check
DoS — unbounded loops, gas bombs, block.timestamp dependency
Rust/Solana — missing account validation, CPI reentrancy, signer checks
Move/Aptos — resource leaks, capability misuse, friend-function escape

Full list is accessible at GET /scan/detectors — returns JSON.

CI integration

GitHub Actions

Drop this in .github/workflows/solidguard.yml — runs on every push and fails the build on any Critical/High finding.

name: SolidGuard
on: [push, pull_request]

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Pack sources
        run: |
          tar czf project.tgz src/
          echo "B64=$(base64 -w0 project.tgz)" >> $GITHUB_ENV
      - name: SolidGuard scan
        run: |
          curl -sS -X POST https://threatchain.io/scan \
            -H "Content-Type: application/json" \
            -H "X-API-Key: ${{ secrets.THREATCHAIN_KEY }}" \
            -d "{\"archive_b64\":\"$B64\",\"archive_format\":\"tar.gz\",\"language\":\"solidity\"}" \
            > report.json
      - name: Fail on Critical/High
        run: |
          CRIT=$(jq .summary.critical report.json)
          HIGH=$(jq .summary.high report.json)
          echo "Critical: $CRIT, High: $HIGH"
          if [ "$CRIT" -gt 0 ] || [ "$HIGH" -gt 0 ]; then exit 1; fi
      - uses: actions/upload-artifact@v4
        with:
          name: solidguard-report
          path: report.json

GitLab CI

solidguard:
  stage: test
  image: alpine:latest
  script:
    - apk add curl jq tar
    - tar czf - src/ | base64 > project.b64
    - |
      curl -sS -X POST https://threatchain.io/scan \
        -H "Content-Type: application/json" \
        -H "X-API-Key: $THREATCHAIN_KEY" \
        -d @project.json > report.json
    - |
      if [ "$(jq .summary.critical report.json)" -gt 0 ]; then exit 1; fi
  artifacts:
    paths: [report.json]

AI analysis explained

The AI pass runs after static analysis and has access to the full source plus whatever the rule engine already flagged. Three things the AI does that rules don't:

Triages false positives. Slither will flag every .call as "low-level call"; the AI demotes benign ones and keeps only the ones that actually miss a check.
Reasons about intent. If the function is supposed to be permissionless (a burn function) the AI won't flag missing access control. If the comment says "internal use only" but the function is public, the AI raises severity.
Chains bugs. A missing updatedAt check is Low on its own, but when combined with a liquidation function that reads the same oracle, the AI upgrades it to High and explains the chain.

You can disable AI with ai_review: false — scan becomes pure static, 10x faster, but more noise.

Tips & limits

Don't include node_modules or lib/. It inflates your LOC count against your quota and SolidGuard resolves those imports automatically.
Paste compiled code for proxies. If you're scanning deployed bytecode, pass language: "solidity-bytecode" and the scanner will use Mythril's symbolic engine.
Free tier is 1,000 LOC per scan. Bigger files get a 413 Payload Too Large. Upgrade or split the scan.
Scan timeout is 120 seconds. If you hit it, try ai_review: false or split by contract.
Cache is 24 hours. Identical code hashes return cached reports instantly.

Troubleshooting

Symptom	Cause	Fix
All findings are "info" severity	AI pass failed (API key quota, timeout)	Set `ai_review: false` or upgrade to Pro for higher AI budget
Scan hangs past 120s	Mythril symbolic exec on complex contract	Pass `deep: false` in request body
Imports unresolved errors	Custom remappings needed	Include a `remappings` array matching your `foundry.toml`
"Language not detected"	File extension missing, or mixed-language file	Set `language` explicitly
429 Too Many Requests	Free-tier quota hit	Wait for the window to reset or add an API key

Still stuck? Email us with the scan_id and we'll investigate.