31649 Contracts scanned
938789 Issues found

Created by ICE center, ETH Zurich and ChainSecurity AG, a top provider for smart contract audits.

No contracts scanned yet.



Click to upload File or Drag & Drop here

The ZIP file must contain all contracts
Support for git repositories is experimental
Oops!
Compiler error: ...

Learn more

RESEARCH

The Ethereum security scanner is based on the latest research from the ICE center, ETH Zurich. For more details, read our research paper.

CONFERENCE TALKS

The research behind the Ethereum security scanner has been presented at 10+ major academic and Ethereum conferences, including DevCon3, EdCON, d10e, Crypto Summit 2018, Crypto Valley Conference 2018, and others.

BLOG

Read our blog to learn about common security issues in Ethereum smart contracts and how our Ethereum scanner discovers them automatically.

Ether transfers whose execution can be manipulated by other transactions must be inspected for unintended behavior.
The receiver of ether transfers must not be influenced by other transactions.
The amount of ether transferred must not be influenced by other transactions.
Calls into external contracts that receive all remaining gas and are followed by state changes may be reentrant.
Ether transfers (such as send and transfer) that are followed by state changes may be reentrant.
Method calls that are followed by state changes may be reentrant.
Contract fields that can be modified by any user must be inspected.
Writes to storage should be used by the contract, otherwise they are unnecessary.
The return value of statements that may return error values must be explicitly checked.
The use of division before multiplication may result in incorrect final results due to integer rounding.
The use of division to calculate the amount of transferred ether may be incorrect due to integer rounding.
The execution of selfdestruct statements must be restricted to an authorized set of users.
Method arguments must be sanitized before they are used in computations.
The origin statement must not be used for authorization.
The execution of ether flows should be restricted to an authorized set of users.
Contracts that may receive ether must also allow users to extract the deposited ether from the contract.
The target of a call instruction can be manipulated by an attacker.
Security-sensitive operations must not depend on block information.
Security-sensitive operations must not depend on gas-related information.
The target and arguments provided to delegatecall must be sanitized.