This project provides an LLM-powered pipeline to enrich the output of static analysis tools like Slither for Solidity smart contract security auditing. It targets developers and security auditors seeking deeper insights beyond terse static analysis findings, offering explanations, exploitability, and fixes to accelerate vulnerability remediation.

How It Works

The tool processes Slither's JSON output, feeding each finding into a four-stage, chain-of-thought LLM pipeline. Each stage has a distinct role: an Explainer provides technical context and a verdict, an ExploitWriter drafts a minimal Proof-of-Concept, a Fixer generates a unified diff for the suggested code change, and a Judge assesses the quality of the preceding steps. This role separation allows for focused LLM calls, reducing hallucinations and enabling modularity, while preserving the chain-of-thought for inspection. Findings are filtered by severity before processing, defaulting to 'medium' and above.

Quick Start & Requirements

• Installation: pip install -e ".[dev]". Slither is a separate install: pip install slither-analyzer (requires solc).
• Prerequisites: OpenAI API key (or compatible endpoint like vLLM, Together AI, Fireworks) or Anthropic API key. solc is required for Slither.
• Setup: Requires LLM API key configuration via environment variables (e.g., OPENAI_API_KEY, LLM_BASE_URL).
• Links: Official documentation sections for Install, Quick Start, How It Works, Configuration, and Results are available within the README.

Highlighted Details

• Multi-role chain-of-thought LLM pipeline for enhanced Solidity security auditing.
• Layered on top of Slither static analysis output, providing context and actionable insights.
• Supports OpenAI-compatible endpoints and Anthropic Claude models.
• Outputs detailed Markdown and JSON reports, including explanations, exploit sketches, and code fixes.

Maintenance & Community

The project roadmap includes future integrations like Mythril, batch auditing for entire Foundry projects, and a GitHub Actions workflow template. Testing is facilitated via a fake LLM client, negating the need for API keys during test execution.

Licensing & Compatibility

• License: Apache 2.0.
• Compatibility: Permissive license suitable for commercial use and integration into closed-source projects.

Limitations & Caveats

The project is actively under development, with features such as Mythril integration, batch auditing for entire Foundry projects, and a GitHub Actions workflow template planned for future releases. Support for fine-tuned models is also a future consideration.