AI-Powered Smart Contract Security Analysis Engine
The OpenAuditLabs Agent is an advanced multi-agent system that automatically detects security vulnerabilities in smart contracts using artificial intelligence. Built with CrewAI framework, it orchestrates specialized AI agents to perform comprehensive security analysis with 95%+ accuracy.
- Python 3.11+
- Docker & Docker Compose
- PostgreSQL 15+
- Redis 7+
# Clone the repository
git clone https://github.com/OpenAuditLabs/agent.git
cd agent
# Install dependencies
pip install -r requirements.txt
# Setup environment variables
cp .env.example .env
# Start services
docker-compose up -d
# Run database migrations
alembic upgrade head
# Start the agent
python -m uvicorn main:app --reload# Build and run with Docker
docker-compose up --build
# API will be available at http://localhost:8000The Agent system employs a hierarchical multi-agent architecture powered by CrewAI:
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Coordinator Agent β
β (Workflow Orchestration) β
βββββββββββββββββββββββββββ¬ββββββββββββββββββββββββββββββββββββ
β
βββββββββββββββββββΌββββββββββββββββββ
β β β
βββββββββΌβββββββ ββββββββββΌβββββββββ βββββββΌββββββ
βStatic Analysisβ βDynamic Analysis β βML Classifierβ
β Agent β β Agent β β Agent β
β (Slither) β β (Mythril) β β(Transformers)β
βββββββββββββββββ βββββββββββββββββββ βββββββββββββ
β β β
βββββββββββββββββββΌββββββββββββββββββ
β
βββββββββββΌββββββββββ
βReport Generation β
β Agent β
βββββββββββββββββββββ
agent/
βββ src/
β βββ agents/ # CrewAI agent implementations
β β βββ coordinator.py # Main orchestration agent
β β βββ static_agent.py # Slither integration
β β βββ dynamic_agent.py # Mythril integration
β β βββ ml_agent.py # ML classification
β βββ api/ # FastAPI endpoints
β β βββ routes/
β β βββ models/
β βββ core/ # Core analysis engine
β β βββ pipeline.py # Analysis pipeline
β β βββ orchestrator.py # Agent orchestration
β βββ models/ # ML models & schemas
β β βββ transformers/ # Transformer models
β β βββ gnn/ # Graph Neural Networks
β βββ tools/ # External tool integrations
β β βββ slither.py # Static analysis
β β βββ mythril.py # Symbolic execution
β βββ utils/ # Utility functions
βββ tests/ # Test suites
βββ data/ # Sample contracts & datasets
βββ docker/ # Docker configurations
βββ docs/ # Documentation
βββ notebooks/ # Research notebooks
Start the FastAPI server:
uvicorn main:app --host 0.0.0.0 --port 8000curl -X POST "http://localhost:8000/analyze/contract" \
-H "Content-Type: application/json" \
-d '{
"contract_code": "contract Simple { function transfer() public {} }",
"language": "solidity",
"analysis_type": "comprehensive"
}'from openauditlabs_agent import AnalysisClient
# Initialize client
client = AnalysisClient(api_url="http://localhost:8000")
# Analyze contract
result = client.analyze_contract(
contract_code=contract_source,
language="solidity"
)
# Get results
vulnerabilities = result.get_vulnerabilities()
for vuln in vulnerabilities:
print(f"Severity: {vuln.severity}, Type: {vuln.type}")- Static Analysis: Slither integration with 90+ detectors
- Dynamic Analysis: Mythril symbolic execution with PoC generation
- ML Classification: Transformer and GNN models for pattern recognition
- Ensemble Methods: Combined analysis for enhanced accuracy
- Solidity (.sol) - Complete support
- Vyper (.vy) - Full analysis pipeline
- Rust (Substrate/Ink!) - Advanced detection
- Move (Aptos/Sui) - Experimental support
- Processing Speed: 1000+ LoC analyzed in <5 minutes
- Accuracy: 95%+ vulnerability detection rate
- Scalability: 500+ concurrent analyses
- Uptime: 99.9% availability with auto-scaling
- 50+ Vulnerability Types: Complete SWC coverage
- CVSS Scoring: Automated severity assessment
- Proof of Concept: Executable exploit generation
- Remediation: Actionable fix suggestions
# Database
DATABASE_URL=postgresql://user:pass@localhost:5432/openauditlabs
REDIS_URL=redis://localhost:6379
# API Configuration
API_HOST=0.0.0.0
API_PORT=8000
SECRET_KEY=your-secret-key
# Agent Configuration
CREWAI_API_KEY=your-crewai-key
OPENAI_API_KEY=your-openai-key
# Tool Configuration
SLITHER_VERSION=0.10.0
MYTHRIL_VERSION=0.24.2
# ML Models
MODEL_CACHE_DIR=./models
TRANSFORMER_MODEL=microsoft/codebert-base
GNN_MODEL_PATH=./models/gnn_classifier.pt# agents/config.py
AGENT_CONFIG = {
"coordinator": {
"model": "gpt-4",
"temperature": 0.1,
"max_tokens": 2000
},
"static_agent": {
"slither_detectors": ["all"],
"timeout": 300,
"gas_analysis": True
},
"dynamic_agent": {
"mythril_timeout": 600,
"max_depth": 3,
"create_poc": True
},
"ml_agent": {
"confidence_threshold": 0.8,
"ensemble_voting": "soft",
"model_batch_size": 32
}
}# Install development dependencies
pip install -r requirements-dev.txt
# Setup pre-commit hooks
pre-commit install
# Run tests
pytest tests/ -v
# Code formatting
black src/
isort src/
# Type checking
mypy src/# Unit tests
pytest tests/unit/
# Integration tests
pytest tests/integration/
# End-to-end tests
pytest tests/e2e/
# Load tests
pytest tests/load/ --load-test- Create agent class in
src/agents/ - Implement required methods:
analyze(): Main analysis logicget_tools(): Return required toolsget_config(): Return agent configuration
- Register in
src/core/orchestrator.py - Add tests in
tests/agents/
Example:
from crewai import Agent
from typing import Dict, List
class CustomAgent(Agent):
def __init__(self, config: Dict):
super().__init__(
role="Custom Analyzer",
goal="Detect specific vulnerability patterns",
backstory="Specialized security expert",
tools=self.get_tools(),
**config
)
def analyze(self, contract_code: str) -> List[Dict]:
# Implement custom analysis logic
return []- All contract inputs are sanitized and validated
- File size limits enforced (max 10MB)
- Rate limiting on API endpoints
- Input encoding detection and normalization
- Contract source code encrypted at rest (AES-256)
- Analysis results stored with access controls
- Audit logs for all operations
- Automatic data retention policies
- JWT-based API authentication
- Role-based access control (RBAC)
- API key management for integrations
- Session management and timeout
- Analysis throughput and latency
- Vulnerability detection accuracy
- Agent performance metrics
- Resource utilization
# System health
curl http://localhost:8000/health
# Agent status
curl http://localhost:8000/agents/status
# Database connectivity
curl http://localhost:8000/health/db- Structured JSON logging
- Correlation IDs for request tracking
- Error aggregation and alerting
- Performance monitoring
We welcome contributions! Please see our Contributing Guide for details.
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
- Follow PEP 8 style guide
- Add type hints to all functions
- Write comprehensive tests
- Update documentation
- Ensure all checks pass
# Build production image
docker build -t openauditlabs/agent:latest .
# Run with docker-compose
docker-compose -f docker-compose.prod.yml up -d# Deploy to Kubernetes
kubectl apply -f k8s/
# Check deployment
kubectl get pods -n openauditlabs- VS Code extension available
- Vim/Neovim integration
- JetBrains plugin support
- Sublime Text package
| Metric | Value |
|---|---|
| Analysis Speed | < 5 minutes per 1000 LoC |
| Accuracy | 95%+ vulnerability detection |
| False Positives | < 5% |
| Throughput | 500+ analyses/day |
| Uptime | 99.9% |
| Memory Usage | < 2GB per analysis |
- Documentation: docs.openauditlabs.com
- Issues: GitHub Issues
- Discussions: GitHub Discussions
- Email: [email protected]
- Discord: OpenAuditLabs Community
This project is licensed under the GNU Affero General Public License v3 (AGPLv3) - see the LICENSE file for details.
- CrewAI for multi-agent orchestration
- Slither for static analysis
- Mythril for symbolic execution
- OpenZeppelin for smart contract security standards
- Smart Contract Weakness Classification for vulnerability taxonomy
π‘οΈ Securing the Future of Smart Contracts with AI π‘οΈ
Website β’ Documentation β’ Blog β’ Twitter