AuditAI

AI-Powered Smart Contract Auditor

One-click audit that returns a comprehensive vulnerability report and a 0-100 SecureScore. Secure your blockchain projects with confidence.

Comprehensive Audit Features

Multiple Input Methods

Paste code directly, upload .sol files or zip bundles, or connect to your GitHub repository.

Multi-Engine Analysis

Static analysis with Slither, Mythril, and other industry-leading tools, enhanced by AI.

Comprehensive Reports

Detailed vulnerability reports with severity classification and remediation suggestions.

SecureScore™

Get a 0-100 security score based on weighted vulnerability categories.

Fix Suggestions

AI-generated code diffs to help you remediate identified vulnerabilities.

CI/CD Integration

GitHub Actions and plugins for Hardhat/Foundry to automate security checks.

Interactive Audit Report

Our comprehensive reports provide actionable insights with clear vulnerability identification and remediation suggestions.

Token.sol Audit Report

Completed

Audit ID: 123456 • April 24, 2025

78/100

SecureScore™

78/100

Good

Vulnerabilities

Critical

High

Medium

Low

Gas Optimization

Potential Savings~32,500 gas

Optimizations Found12

High Impact3

Medium Impact5

Low Impact4

Audit Summary

This smart contract audit identified several security issues that should be addressed before deployment. The contract has 2 critical vulnerabilities related to reentrancy and unchecked external calls, which could lead to fund loss. Additionally, 3 high severity issues were found, including integer overflow and access control problems.

Contract Type

ERC20 Token with Staking

Solidity Version

0.8.19

Analysis Engines

Slither, Mythril, Manticore

Three Simple Analysis Options

Choose the analysis depth that fits your needs, from basic checks to comprehensive security audits.

Basic

Slither
Static analysis for common vulnerabilities
AI Enhancement
Basic AI-powered analysis
Fast Results
Quick analysis in minutes

Recommended

Standard

Slither + Mythril
Combine static and dynamic analysis for thorough security checks
Advanced AI
Enhanced AI analysis with fix suggestions
Gas Optimization
Includes gas usage optimization tips

Comprehensive

Full Suite
All analysis engines including formal verification
Deep AI Analysis
In-depth AI security analysis
Custom Detectors
Project-specific vulnerability detection

Choose Your Ideal Plan

Free

Perfect for indie developers and small projects

1 audit per day
Up to 500 lines of code
Public reports only
Basic vulnerability detection
SecureScore™ analysis

Pro

$49/month

For serious developers and small teams

50 audits per month
Up to 10K lines of code
Private reports
CI/CLI integration
Advanced vulnerability detection
Fix suggestions with code diffs
API access

Team

$199/month

For development teams and organizations

10 team members
Unlimited audits
Up to 50K lines of code
Private reports with sharing
Priority analysis
Custom detectors
Dedicated support

Common Smart Contract Vulnerabilities

A comprehensive reference of common vulnerabilities found in Solidity smart contracts, with examples and remediation strategies.

Reentrancy

SWC-107

Security

Critical

Description

A vulnerability where a contract calls an external function that can call back into the original function, potentially leading to unexpected behavior and fund theft.

Vulnerable Code Example

function withdraw(uint256 amount) external {
    require(balances[msg.sender] >= amount);
    (bool success, ) = msg.sender.call{value: amount}("");
    require(success);
    balances[msg.sender] -= amount;
}

Remediation

Follow the checks-effects-interactions pattern: update state variables before making external calls.

Authorization Through tx.origin

SWC-115

Security

Critical

Description

Using tx.origin for authorization allows phishing attacks, as tx.origin is the original sender of a transaction, not the immediate caller.

Vulnerable Code Example

function transferOwnership(address newOwner) public {
    require(tx.origin == owner);
    owner = newOwner;
}

Remediation

Use msg.sender instead of tx.origin for authorization checks.

Integer Overflow and Underflow

SWC-101

Security

High

Description

Arithmetic operations that exceed the range of the data type, causing unexpected behavior. Solidity 0.8.0+ includes built-in overflow checks.

Vulnerable Code Example

// In Solidity < 0.8.0
function transfer(address to, uint256 amount) external {
    balances[msg.sender] -= amount;
    balances[to] += amount;
}

Remediation

Use SafeMath library for Solidity < 0.8.0 or upgrade to Solidity 0.8.0+ which has built-in overflow checks.

Unprotected Ether Withdrawal

SWC-105

Security

High

Description

Functions that allow anyone to withdraw Ether from the contract without proper access controls.

Vulnerable Code Example

function withdrawFunds() public {
    msg.sender.transfer(address(this).balance);
}

Remediation

Add proper access controls to withdrawal functions using modifiers like onlyOwner.

Delegatecall to Untrusted Callee

SWC-112

Security

High

Description

Using delegatecall to call functions from an address controlled by the user can lead to the execution of malicious code in the context of the calling contract.

Vulnerable Code Example

function delegateTransfer(address _to, uint256 _amount, address _impl) public {
    (bool success,) = _impl.delegatecall(
        abi.encodeWithSignature("transfer(address,uint256)", _to, _amount)
    );
    require(success);
}

Remediation

Avoid using delegatecall with user-supplied addresses. If necessary, implement a whitelist of trusted contracts.

Unchecked Call Return Value

SWC-104

Security

Medium

Description

Failing to check the return value of a low-level call can lead to silent failures and unexpected behavior.

Vulnerable Code Example

function withdraw(uint256 amount) public {
    msg.sender.call{value: amount}("");
    balances[msg.sender] -= amount;
}

Remediation

Always check the return value of low-level calls and handle failures appropriately.

Floating Pragma

SWC-103

Best Practice

Low

Description

Using a floating pragma (^0.8.0) allows contracts to be compiled with different compiler versions, which may introduce bugs or different behavior.

Vulnerable Code Example

pragma solidity ^0.8.0;

contract FloatingPragma {
    // Contract code
}

Remediation

Lock the pragma to a specific compiler version, e.g., pragma solidity 0.8.17;

Unnecessary SLOAD

G-001

Gas Optimization

Low

Description

Reading from storage multiple times when it could be cached in memory increases gas costs.

Vulnerable Code Example

function updateValues() public {
    // Each access to state reads from storage
    value1 = value1 + 1;
    value2 = value2 + value1;
    value3 = value3 + value2;
}

Remediation

Cache storage variables in memory when accessed multiple times in a function.

Inefficient Loop

G-002

Gas Optimization

Low

Description

Inefficient loop patterns that consume unnecessary gas, such as reading array length in each iteration.

Vulnerable Code Example

function processArray(uint[] memory data) public {
    for (uint i = 0; i < data.length; i++) {
        // Process data
    }
}

Remediation

Enterprise Blockchain

Stablecoins

Bridges