AI-powered smart contract security auditing platform β multi-agent vulnerability scanning, risk scoring, gas optimization, and audit reporting powered by Xiaomi MiMo.
ChainGuard deploys four specialised AI agents that work in parallel to deliver comprehensive security audits for Solidity and Vyper smart contracts. Each agent leverages the Xiaomi MiMo LLM for deep semantic analysis, with deterministic fallback heuristics when no API key is configured.
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β ChainGuard Frontend β
β Dark-themed Audit Dashboard β
β Contract Input Β· Agent Status Β· Results Display β
ββββββββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββ
β REST API
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β ChainGuard FastAPI Backend β
β POST /audit/contract βββ β
β POST /scan/vulns β ββββββββββββββββββββββββββββββββ β
β POST /score/risk ββββΆβ Async Orchestrator β β
β POST /analyze/gas β β (concurrent agent dispatch) β β
β GET /agents/status β βββββββββββ¬βββββββββββββββββββββ β
β β β β
β β ββββββββββΌβββββββββ¬βββββββββββ β
β β βΌ βΌ βΌ βΌ β
β β βββββββββββββββββββββββββββββββββββ β
β β β Vuln ββAudit ββ Risk ββ Gas β β
β β βScan- ββRepor-ββScore-ββ Analyst β β
β β βner ββter ββr ββ β β
β β ββββ¬ββββββββ¬ββββββββ¬ββββββββββ¬βββββ β
β β β β β β β
β β βββββββββ΄ββββ¬ββββ΄ββββββββββ β
β β βΌ β
β β ββββββββββββββββββββββ β
β β β Xiaomi MiMo LLM β β
β β β (or heuristic β β
β β β fallback) β β
β β ββββββββββββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
- Reentrancy detection (CWE-841 / SWC-107)
- Integer overflow/underflow (CWE-190 / SWC-101)
- Unchecked external calls (CWE-252 / SWC-104)
- Access control & authorisation flaws
- Delegatecall injection (SWC-112)
- tx.origin authentication (SWC-115)
- Timestamp dependence (SWC-116)
- Oracle manipulation vectors
- Flash loan attack surfaces
- Signature replay (SWC-121)
- ERC-20/ERC-721 compliance issues
- Weighted multi-category risk assessment
- Categories: reentrancy, access control, arithmetic safety, external interactions, logic/design, DeFi risk, compliance
- 0β100 overall risk score with risk level classification
- Detailed per-category explanations
- Storage vs memory optimisation
- Struct packing analysis
- Unchecked arithmetic opportunities
- Calldata vs memory parameters
- Custom error recommendations
- Loop optimisation (caching, unchecked increments)
- Storage variable caching
- Estimated gas savings per optimisation
- Synthesises all agent results into executive summary
- Prioritised recommendations
- Cross-references vulnerability IDs
- Professional audit-grade output
- Dark-themed responsive design
- Real-time agent status cards with capability tags
- Contract code editor with language/chain selectors
- Severity colour-coded vulnerability cards
- Risk gauge with category breakdown
- Gas optimisation cards with before/after code snippets
- Tabbed results navigation
| Layer | Technology |
|---|---|
| Backend | Python 3.10+, FastAPI, Pydantic v2 |
| LLM | Xiaomi MiMo (7B-RL) via OpenAI-compatible API |
| HTTP Client | httpx (async) |
| Frontend | Vanilla HTML/CSS/JS (no build step) |
| Deployment | Uvicorn, Netlify (frontend), any cloud (backend) |
- Python 3.10+
- (Optional) Xiaomi MiMo API key for LLM-powered analysis
git clone https://github.com/Owonftt/chain-guard.git
cd chain-guardcd backend
python -m venv venv
source venv/bin/activate # Windows: venv\Scripts\activate
pip install -r requirements.txtcp .env.example .env
# Edit .env and add your MIMO_API_KEYNote: ChainGuard works without an API key using built-in heuristic analysis. Add a MiMo API key for full LLM-powered deep analysis.
python -m uvicorn app.main:app --reload --host 0.0.0.0 --port 8000Open frontend/index.html in your browser, or serve it:
cd ../frontend
python -m http.server 3000Visit http://localhost:3000 and set the API URL to http://localhost:8000.
http://localhost:8000
{
"service": "ChainGuard API",
"version": "1.0.0",
"status": "operational",
"agents": 4
}Returns status, model, and capabilities for all agents.
Request body:
{
"code": "pragma solidity ^0.8.20; ...",
"language": "solidity",
"name": "TokenVault",
"chain": "ethereum"
}Response: Unified AuditResult with vulnerabilities, risk score, gas analysis, summary, and recommendations.
Same request body. Returns VulnerabilityReport.
Same request body. Returns RiskScoreResult.
Same request body. Returns GasAnalysisResult.
All responses use Pydantic v2 models with full JSON serialization. See backend/app/models/schemas.py for the complete schema definitions.
chain-guard/
βββ backend/
β βββ app/
β β βββ agents/
β β β βββ __init__.py
β β β βββ vulnerability_scanner.py # Vuln detection agent
β β β βββ audit_reporter.py # Report synthesis agent
β β β βββ risk_scorer.py # Risk assessment agent
β β β βββ gas_analyst.py # Gas optimisation agent
β β βββ models/
β β β βββ __init__.py
β β β βββ schemas.py # Pydantic models
β β βββ __init__.py
β β βββ main.py # FastAPI application
β βββ requirements.txt
β βββ .env.example
βββ frontend/
β βββ css/style.css
β βββ js/app.js
β βββ index.html
βββ proof/
β βββ README.md
β βββ architecture.md
β βββ token_consumption_estimate.md
βββ README.md
βββ LICENSE
βββ .gitignore
βββ netlify.toml
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the MIT License β see the LICENSE file for details.
- Xiaomi MiMo β LLM backbone
- FastAPI β Backend framework
- OpenZeppelin β Security patterns reference
- SWC Registry β Smart contract weakness classification
Topics: 100t-orbit ai-agents smart-contract-security audit fastapi llm mimo multi-agent vulnerability-scanning xiaomi-mimo