Skip to content

Owonftt/chain-guard

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

1 Commit
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

πŸ›‘οΈ ChainGuard

License: MIT Python 3.10+ FastAPI Powered by MiMo 100T Orbit Multi-Agent

AI-powered smart contract security auditing platform β€” multi-agent vulnerability scanning, risk scoring, gas optimization, and audit reporting powered by Xiaomi MiMo.

ChainGuard deploys four specialised AI agents that work in parallel to deliver comprehensive security audits for Solidity and Vyper smart contracts. Each agent leverages the Xiaomi MiMo LLM for deep semantic analysis, with deterministic fallback heuristics when no API key is configured.


πŸ—οΈ Architecture

β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚                        ChainGuard Frontend                       β”‚
β”‚                   Dark-themed Audit Dashboard                    β”‚
β”‚        Contract Input Β· Agent Status Β· Results Display          β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
                           β”‚ REST API
                           β–Ό
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚                     ChainGuard FastAPI Backend                   β”‚
β”‚  POST /audit/contract  ──┐                                      β”‚
β”‚  POST /scan/vulns       β”‚  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”     β”‚
β”‚  POST /score/risk       β”œβ”€β”€β–Άβ”‚   Async Orchestrator         β”‚     β”‚
β”‚  POST /analyze/gas      β”‚  β”‚   (concurrent agent dispatch) β”‚     β”‚
β”‚  GET  /agents/status    β”‚  β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜     β”‚
β”‚                           β”‚            β”‚                          β”‚
β”‚                           β”‚   β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”     β”‚
β”‚                           β”‚   β–Ό        β–Ό        β–Ό          β–Ό     β”‚
β”‚                           β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”β”Œβ”€β”€β”€β”€β”€β”€β”β”Œβ”€β”€β”€β”€β”€β”€β”β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚
β”‚                           β”‚ β”‚ Vuln β”‚β”‚Audit β”‚β”‚ Risk β”‚β”‚  Gas    β”‚ β”‚
β”‚                           β”‚ β”‚Scan- β”‚β”‚Repor-β”‚β”‚Score-β”‚β”‚ Analyst β”‚ β”‚
β”‚                           β”‚ β”‚ner   β”‚β”‚ter   β”‚β”‚r     β”‚β”‚         β”‚ β”‚
β”‚                           β”‚ β””β”€β”€β”¬β”€β”€β”€β”˜β””β”€β”€β”¬β”€β”€β”€β”˜β””β”€β”€β”¬β”€β”€β”€β”˜β””β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”˜ β”‚
β”‚                           β”‚    β”‚       β”‚       β”‚         β”‚      β”‚
β”‚                           β”‚    β””β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”¬β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜      β”‚
β”‚                           β”‚                β–Ό                     β”‚
β”‚                           β”‚     β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”          β”‚
β”‚                           β”‚     β”‚   Xiaomi MiMo LLM  β”‚          β”‚
β”‚                           β”‚     β”‚   (or heuristic     β”‚          β”‚
β”‚                           β”‚     β”‚    fallback)        β”‚          β”‚
β”‚                           β”‚     β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜          β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

✨ Features

πŸ” Vulnerability Scanner Agent

  • Reentrancy detection (CWE-841 / SWC-107)
  • Integer overflow/underflow (CWE-190 / SWC-101)
  • Unchecked external calls (CWE-252 / SWC-104)
  • Access control & authorisation flaws
  • Delegatecall injection (SWC-112)
  • tx.origin authentication (SWC-115)
  • Timestamp dependence (SWC-116)
  • Oracle manipulation vectors
  • Flash loan attack surfaces
  • Signature replay (SWC-121)
  • ERC-20/ERC-721 compliance issues

πŸ“Š Risk Scorer Agent

  • Weighted multi-category risk assessment
  • Categories: reentrancy, access control, arithmetic safety, external interactions, logic/design, DeFi risk, compliance
  • 0–100 overall risk score with risk level classification
  • Detailed per-category explanations

β›½ Gas Analyst Agent

  • Storage vs memory optimisation
  • Struct packing analysis
  • Unchecked arithmetic opportunities
  • Calldata vs memory parameters
  • Custom error recommendations
  • Loop optimisation (caching, unchecked increments)
  • Storage variable caching
  • Estimated gas savings per optimisation

πŸ“ Audit Reporter Agent

  • Synthesises all agent results into executive summary
  • Prioritised recommendations
  • Cross-references vulnerability IDs
  • Professional audit-grade output

🎨 Dashboard

  • Dark-themed responsive design
  • Real-time agent status cards with capability tags
  • Contract code editor with language/chain selectors
  • Severity colour-coded vulnerability cards
  • Risk gauge with category breakdown
  • Gas optimisation cards with before/after code snippets
  • Tabbed results navigation

πŸ› οΈ Tech Stack

Layer Technology
Backend Python 3.10+, FastAPI, Pydantic v2
LLM Xiaomi MiMo (7B-RL) via OpenAI-compatible API
HTTP Client httpx (async)
Frontend Vanilla HTML/CSS/JS (no build step)
Deployment Uvicorn, Netlify (frontend), any cloud (backend)

πŸš€ Getting Started

Prerequisites

  • Python 3.10+
  • (Optional) Xiaomi MiMo API key for LLM-powered analysis

1. Clone the repository

git clone https://github.com/Owonftt/chain-guard.git
cd chain-guard

2. Set up the backend

cd backend
python -m venv venv
source venv/bin/activate   # Windows: venv\Scripts\activate
pip install -r requirements.txt

3. Configure environment

cp .env.example .env
# Edit .env and add your MIMO_API_KEY

Note: ChainGuard works without an API key using built-in heuristic analysis. Add a MiMo API key for full LLM-powered deep analysis.

4. Start the server

python -m uvicorn app.main:app --reload --host 0.0.0.0 --port 8000

5. Open the dashboard

Open frontend/index.html in your browser, or serve it:

cd ../frontend
python -m http.server 3000

Visit http://localhost:3000 and set the API URL to http://localhost:8000.


πŸ“‘ API Reference

Base URL

http://localhost:8000

Endpoints

GET / β€” Service info

{
  "service": "ChainGuard API",
  "version": "1.0.0",
  "status": "operational",
  "agents": 4
}

GET /agents/status β€” Agent status

Returns status, model, and capabilities for all agents.

POST /audit/contract β€” Full audit (all agents)

Request body:

{
  "code": "pragma solidity ^0.8.20; ...",
  "language": "solidity",
  "name": "TokenVault",
  "chain": "ethereum"
}

Response: Unified AuditResult with vulnerabilities, risk score, gas analysis, summary, and recommendations.

POST /scan/vulnerabilities β€” Vulnerability scan only

Same request body. Returns VulnerabilityReport.

POST /score/risk β€” Risk score only

Same request body. Returns RiskScoreResult.

POST /analyze/gas β€” Gas analysis only

Same request body. Returns GasAnalysisResult.

Response Schemas

All responses use Pydantic v2 models with full JSON serialization. See backend/app/models/schemas.py for the complete schema definitions.


πŸ“ Project Structure

chain-guard/
β”œβ”€β”€ backend/
β”‚   β”œβ”€β”€ app/
β”‚   β”‚   β”œβ”€β”€ agents/
β”‚   β”‚   β”‚   β”œβ”€β”€ __init__.py
β”‚   β”‚   β”‚   β”œβ”€β”€ vulnerability_scanner.py   # Vuln detection agent
β”‚   β”‚   β”‚   β”œβ”€β”€ audit_reporter.py          # Report synthesis agent
β”‚   β”‚   β”‚   β”œβ”€β”€ risk_scorer.py             # Risk assessment agent
β”‚   β”‚   β”‚   └── gas_analyst.py             # Gas optimisation agent
β”‚   β”‚   β”œβ”€β”€ models/
β”‚   β”‚   β”‚   β”œβ”€β”€ __init__.py
β”‚   β”‚   β”‚   └── schemas.py                 # Pydantic models
β”‚   β”‚   β”œβ”€β”€ __init__.py
β”‚   β”‚   └── main.py                        # FastAPI application
β”‚   β”œβ”€β”€ requirements.txt
β”‚   └── .env.example
β”œβ”€β”€ frontend/
β”‚   β”œβ”€β”€ css/style.css
β”‚   β”œβ”€β”€ js/app.js
β”‚   └── index.html
β”œβ”€β”€ proof/
β”‚   β”œβ”€β”€ README.md
β”‚   β”œβ”€β”€ architecture.md
β”‚   └── token_consumption_estimate.md
β”œβ”€β”€ README.md
β”œβ”€β”€ LICENSE
β”œβ”€β”€ .gitignore
└── netlify.toml

🀝 Contributing

  1. Fork the repository
  2. Create a feature branch (git checkout -b feature/amazing-feature)
  3. Commit your changes (git commit -m 'Add amazing feature')
  4. Push to the branch (git push origin feature/amazing-feature)
  5. Open a Pull Request

πŸ“„ License

This project is licensed under the MIT License β€” see the LICENSE file for details.


πŸ™ Acknowledgements


Topics: 100t-orbit ai-agents smart-contract-security audit fastapi llm mimo multi-agent vulnerability-scanning xiaomi-mimo

About

πŸ›‘οΈ AI-powered smart contract security auditing platform β€” multi-agent vulnerability scanning, risk scoring, gas optimization, and audit reporting powered by Xiaomi MiMo

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors