AmirhosseinHonardoust
Smart-Contract-Risk-Analyzer
Solidity

A lightweight static analysis engine for Solidity smart contracts. Extracts code features, detects dangerous patterns (delegatecall, tx.origin, call.value), computes heuristic risk scores, and classifies contracts into Low/Medium/High risk levels. Includes multiple example vulnerabilities and a clean CLI for rapid security assessment.

Last updated Jun 20, 2026
22
Stars
1
Forks
0
Issues
0
Stars/day
Attention Score
33
Language breakdown
No language data available.
โ–ธ Files click to expand
README

Smart Contract Risk Analyzer

Static analysis + heuristic risk scoring for Solidity smart contracts


Overview

Smart Contract Risk Analyzer is a lightweight, extensible static analysis tool for auditing Solidity contracts. It uses rule-based heuristics, pattern detection, and surface-level code metrics to produce:

  • A risk score (0โ€“100)
  • A risk level (Low / Medium / High)
  • A detailed feature breakdown extracted from the contractโ€™s source code
  • A cryptographic source hash for traceability
This project provides a minimal but powerful foundation for building more advanced analyzers, ML-driven detectors, AST-based analysis, or on-chain verification tools.

Why This Project Exists

Security is the #1 priority in smart contract development. Even simple mistakes, like unsafe access control, reentrancy windows, or misuse of delegatecall, can lead to millions in losses.

Most developers:

  • Donโ€™t have access to high-end auditing tools
  • Donโ€™t know how to build static analyzers
  • Want a lightweight tool they can run locally
This project solves that by offering:
  • A simple CLI-based analyzer
  • A dangerous-pattern detector
  • A clear scoring system
  • A set of sample vulnerable contracts
  • A structure designed for future expansion

Features

Static Feature Extraction

The analyzer extracts:

| Feature | Meaning | | ------------------ | ---------------------------------------------- | | n_lines | Total number of code lines (size/complexity) | | n_payable | Count of payable functions | | has_delegatecall | High-risk opcode for proxy & dynamic execution | | hascallvalue | Deprecated low-level call pattern | | hastxorigin | Critical access-control vulnerability |


Heuristic Risk Scoring

Risk score out of 100, based on:

  • High-risk opcodes
  • Misleading patterns
  • Exposure surfaces
  • Code size

Scoring rules (current version)

| Pattern | Score | | --------------------------------- | ----- | | delegatecall | +50 | | tx.origin | +40 | | call.value | +30 | | Many payable functions (>3) | +25 | | Some payable functions (>0) | +5 | | Large contracts (>100 lines) | +5 | | Very large contracts (>300 lines) | +15 |

Risk buckets:

  • 0โ€“20 โ†’ Low
  • 21โ€“60 โ†’ Medium
  • 61โ€“100 โ†’ High

Built-In Example Contracts

The project includes multiple real security scenarios:

  • Safe contract
  • Many-payable (expanded attack surface)
  • Delegatecall vulnerability
  • Proxy pattern
  • Reentrancy vulnerability
  • Access-control bug
  • Oracle manipulation bug
  • More...
Full analysis for each is included below.

Project Structure

smart-contract-risk-analyzer/
โ”œโ”€โ”€ contracts/
โ”‚   โ””โ”€โ”€ RiskRegistry.sol              # (optional, not used)
โ”œโ”€โ”€ data/
โ”‚   โ””โ”€โ”€ examples/                     # All test Solidity contracts
โ”‚       โ”œโ”€โ”€ safe_contract.sol
โ”‚       โ”œโ”€โ”€ medium_risk.sol
โ”‚       โ”œโ”€โ”€ highriskdelegatecall.sol
โ”‚       โ”œโ”€โ”€ reentrancy_vuln.sol
โ”‚       โ”œโ”€โ”€ oracle_manipulation.sol
โ”‚       โ”œโ”€โ”€ proxy_contract.sol
โ”‚       โ”œโ”€โ”€ accesscontrolbug.sol
โ”‚       โ””โ”€โ”€ sample_contract.sol
โ”œโ”€โ”€ src/
โ”‚   โ”œโ”€โ”€ analyzer/
โ”‚   โ”‚   โ”œโ”€โ”€ features.py               # feature extraction
โ”‚   โ”‚   โ”œโ”€โ”€ risk.py                   # scoring engine
โ”‚   โ””โ”€โ”€ cli.py                        # CLI entry point
โ”œโ”€โ”€ scripts/
โ”‚   โ”œโ”€โ”€ train_model.py                # placeholder
โ”‚   โ””โ”€โ”€ analyzeandregister.py       # placeholder
โ””โ”€โ”€ templates/
    โ””โ”€โ”€ report.html                   # placeholder

Quick Start

1. Install

cd smart-contract-risk-analyzer
python -m venv .venv
.\.venv\Scripts\activate  # Windows
pip install -r requirements.txt   # (optional; no dependencies required yet)

2. Run the analyzer

python src\cli.py --file data\examples\sample_contract.sol

3. Output example

{
  "source_hash": "1da354a9b...",
  "features": {
    "n_lines": 16,
    "n_payable": 0,
    "has_delegatecall": 1,
    "hascallvalue": 0,
    "hastxorigin": 1
  },
  "risk_score": 90,
  "risk_level": "High"
}

Detailed Analysis of Included Contracts

Below is a breakdown of how the analyzer evaluates each contract.


1. safe_contract.sol, Safe Contract

No dangerous patterns Simple owner-withdraw logic Some payable functions but low quantity Risk: Low (score ~5)


2. medium_risk.sol, Many Payable Functions

No dangerous opcodes 5+ payable functions โ†’ expanded attack surface Risk: Medium (score ~25)


3. highriskdelegatecall.sol, Critical Security Risks

Contains two extremely dangerous patterns:

  • delegatecall
  • tx.origin for authorization
This is catastrophic in real-world deployments.

Risk: High (score ~90)


4. reentrancy_vuln.sol, Classic Reentrancy Bug

Calls:

(bool ok,) = msg.sender.call{value: amount}("");

Effect-before-interaction, making it reentrancy-vulnerable. Current version does not yet detect this, but future improvements will.

Risk (current): Lowโ€“Medium (score ~5) Risk (real-world): High


5. accesscontrolbug.sol, Anyone Can Change Owner

function setOwner(address newOwner) public {
    owner = newOwner;
}

There is no require(msg.sender == owner) check. Current heuristics do NOT yet detect this.

Risk (current): Low (score ~0) Risk (actual): High


6. oracle_manipulation.sol, Open Price Oracle

Anyone can update the price.

Again: current heuristics do NOT detect this.

Risk (current): Low Risk (actual): Mediumโ€“High


7. proxy_contract.sol, Upgradeable Proxy

Legitimate use of delegatecall, but still inherently dangerous.

Risk: Medium (score ~55)


How to Improve the Analyzer

The analyzer is intentionally simple. Hereโ€™s how you can extend it:

1. Add more pattern detectors

  • Detect call{value:...} syntax
  • Detect unprotected setters
  • Detect missing require() on critical operations
  • Detect unsafe public variables
  • Detect unguarded external calls

2. Use an AST parser

Replace regex with:

  • solidity-parser-antlr (Node.js)
  • slither JSON AST output
  • tree-sitter-solidity

3. Add ML model (RandomForest/XGBoost)

Steps:

  • Compute features for all example contracts
  • Label them manually (Low/Medium/High)
  • Train a classifier
  • Replace heuristics with prediction

4. Generate HTML/PDF Reports

Use Jinja2 + templates to create:

  • contract summary
  • risk indicators
  • function-level breakdown
  • recommendations

Roadmap

| Feature | Status | | --------------------------------- | ------ | | Static feature extraction | Done | | Heuristic scoring engine | Done | | CLI interface | Done | | Built-in sample contracts | Done | | ML-based scoring | Next | | AST-based analysis | Next | | Web interface | Planned | | Report generation | Planned | | Rule-based vulnerability patterns | Planned |

๐Ÿ”— More in this category

ยฉ 2026 GitRepoTrend ยท AmirhosseinHonardoust/Smart-Contract-Risk-Analyzer ยท Updated daily from GitHub