UNPKG

chain-audit-cli

Version:

A command-line tool for auditing smart contracts using AI-powered analysis. Provides comprehensive security reports, vulnerability detection, and code quality assessments for Solidity contracts.

117 lines (105 loc) 3.25 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
const OpenAI = require("openai"); const analyzeContract = async (contract, apiKey) => { const openai = new OpenAI({ apiKey: apiKey, }); const prompt = ` You are a Solidity security auditor. Carefully review the smart contract code below, then deliver a comprehensive, numbered report. Smart Contract: ${contract} IMPORTANT: Respond ONLY with a valid JSON array in exactly this format (no additional text before or after): [ { "section": "Audit Report", "details": "A detailed audit report of the smart contract, covering security vulnerabilities, gas efficiency issues, and code quality problems. Include specific line numbers and code snippets where applicable." }, { "section": "Metric Scores", "details": [ { "metric": "Security", "score": 7 }, { "metric": "Performance", "score": 6 }, { "metric": "Gas Efficiency", "score": 5 }, { "metric": "Code Quality", "score": 6 }, { "metric": "Documentation", "score": 3 } ] }, { "section": "Suggestions for Improvement", "details": "Specific recommendations for improving the smart contract, including security fixes, gas optimizations, and code quality improvements." } ] `; const params = { model: "gpt-3.5-turbo", messages: [ { role: "user", content: prompt, }, ], max_tokens: 2000, temperature: 0.1, }; try { const chatCompletion = await openai.chat.completions.create(params); const responseContent = chatCompletion.choices[0].message.content; // Try to extract JSON from the response let auditResults; try { // Look for JSON array in the response const jsonMatch = responseContent.match(/\[[\s\S]*\]/); if (jsonMatch) { auditResults = JSON.parse(jsonMatch[0]); } else { // Fallback: try parsing the whole response auditResults = JSON.parse(responseContent); } } catch (parseError) { console.log("Raw OpenAI Response:"); console.log(responseContent); console.log("\n" + "=".repeat(50)); return; } // Display the structured results const auditReport = auditResults.find((r) => r.section === "Audit Report"); if (auditReport) { console.log("Audit Report:"); console.log(auditReport.details); } const metricScores = auditResults.find( (r) => r.section === "Metric Scores" ); if (metricScores) { console.log("\nMetric Scores:"); metricScores.details.forEach((metric) => { console.log(`${metric.metric}: ${metric.score}/10`); }); } const suggestions = auditResults.find( (r) => r.section === "Suggestions for Improvement" ); if (suggestions) { console.log("\nSuggestions for Improvement:"); console.log(suggestions.details); } } catch (error) { console.error("Error calling OpenAI API:", error.message); throw error; } }; module.exports = { analyzeContract };