Full Report
The repository contains a set of Claude Skills for Solidity smart contract vulnerabilities. They range from authorization on tx.origin to more nuanced/contextualized things like access control checks. Many of these are already found via Slither but it's the new ones that are interesting to me. Cheatsheet
Analysis Summary
This analysis focuses on the security tool described in the provided context, which implements a vulnerability scanning methodology for Solidity smart contracts using an AI model (Claude Code).
# Tool/Technique: SCV Scan (Solidity Code Vulnerability Scan)
## Overview
SCV Scan is a custom "Claude Code skill" designed to scan Solidity smart contract codebases for security vulnerabilities. It operationalizes a methodology referencing 36 unique vulnerability types, sourced in part from the `smart-contract-vulnerabilities` project. Its purpose is to identify both known issues (like those flagged by Slither) and more nuanced, contextual vulnerabilities using an AI-driven audit workflow.
## Technical Details
- Type: Tool (AI-Assisted Security Scanner)
- Platform: Targets Solidity codebases (used within the Claude AI environment).
- Capabilities: Scans for 36 unique vulnerability classes, performs syntactic and semantic analysis, validates findings against detailed reference files, and generates reports with remediation advice.
- First Seen: Not specified in the context (repository creation date is the proxy for availability).
## MITRE ATT&CK Mapping
Since this tool is a defensive/auditing tool, direct offensive mappings are less applicable. However, if this methodology were weaponized or misused, it would relate to analyzing software weaknesses. We focus on the defensive aspect, which is generally outside the standard coverage of traditional offensive ATT&CK mapping unless mapping the discovery process.
*Mapping focus based on analysis capability:*
- **TA0009 - Collection** (If used to extract sensitive logic/vulnerabilities prematurely)
- T1530 - Data from Local System (Analysis of source code)
## Functionality
### Core Capabilities
1. **Cheatsheet Loading:** Reads `references/CHEATSHEET.md`, a condensed lookup table providing keywords for 36 vulnerability classes.
2. **Syntactic Sweep:** Uses `grep` functionality (via the AI environment) to search for trigger keywords associated with vulnerabilities.
3. **Semantic Sweep:** Performs a read-through of code to detect logic bugs that lack reliable syntactic signatures (e.g., cross-function reentrancy, nuanced access control issues).
4. **Deep Validation:** For candidate findings, the tool reads the full, detailed reference files (e.g., `reentrancy.md`, `overflow-underflow.md`) to apply verification heuristics and check against stated false-positive conditions.
5. **Reporting:** Outputs confirmed findings detailing severity, associated code snippets, and proposed fixes.
### Advanced Features
- **Contextual Detection:** Specifically targets "nuanced/contextualized things like access control checks" which are harder for traditional static analyzers to catch.
- **Structured Reference Data:** Utilizes detailed reference files containing **Preconditions**, **Vulnerable Patterns**, **Detection Heuristics**, **False Positives**, and **Remediation** for robust analysis across 36 classes.
- **Custom Skill Integration:** Leverages the structure of Claude Code Skills for execution flow within the AI environment.
## Indicators of Compromise
As this is a *scanning/auditing* tool for source code, it does not typically generate traditional malware IOCs (hashes, C2s). IOCs are related to its execution environment or the input codebase being scanned.
- File Hashes: N/A (Source code analysis tool)
- File Names: `CHEATSHEET.md`, `SKILL.md`, `<vulnerability_name>.md` (e.g., `reentrancy.md`)
- Registry Keys: N/A
- Network Indicators: N/A (Execution is localized to code scanning)
- Behavioral Indicators: Execution of complex prompt workflows involving syntactic searches followed by deep semantic validation reads on source files.
## Associated Threat Actors
This tool is presented as an open-source defensive asset for smart contract security auditing. No threat actors are explicitly associated with its *use* in the context provided.
## Detection Methods
Detection applies to the *tool checking for code flaws*, not the tool itself being malicious.
- Signature-based detection: Applicable if the execution environment (Claude skill) leaves specific artifacts that could be signatured (unlikely in this context).
- Behavioral detection: Monitoring for systematic, keyword-driven searches across large code repositories, followed by detailed interpretive analysis steps.
- YARA rules: Not applicable for analyzing the execution of this specific AI skill infrastructure.
## Mitigation Strategies
Mitigation centers on securing the smart contracts being analyzed and structuring the audit process appropriately.
- Prevention measures: Relying on well-vetted vulnerability patterns and comprehensive reference checks during auditing.
- Hardening recommendations: Ensuring smart contracts adhere to best practices to avoid the 36 vulnerability types covered (e.g., using SafeMath, implementing robust access control checks like `onlyOwner`).
## Related Tools/Techniques
- **Slither:** Explicitly mentioned as a tool whose findings SCV Scan aims to complement or expand upon.
- **Smart Contract Vulnerability Checkers:** General purpose static/dynamic analysis tools for EVM code.
- **AI-assisted Code Auditing:** The broader category of using LLMs for security analysis.