Automated, AI-PoweredSecurity Assessment for Smart Contracts
Conduct a comprehensive security assessment of your smart contract code to identify vulnerabilities and provide recommendations for remediation
Multi-Engine, Multi-Dimentional Safeguard for Your Code & Assets
Utilizing a security analyzer for static code analysis to detect potential security vulnerabilities.
Leveraging AI technology, such as ChatGPT, to detect logic vulnerabilities, encompassing a wider range of vulnerability types and adapting to various code variations. It enables detection even when the vulnerability names and code flow have been altered.
Conducting code quality assessments to identify and extract a majority of informational and low-level vulnerabilities.
Primarily focused on identifying vulnerabilities related to contract execution and fixed logic flaws, while addressing the issue of higher false positives in static detection.
Employing clone detection techniques to identify code clones and prevent the introduction of security risks through code duplication or similarity, especially for Migration Attack.
Performing security assessments on the usage of open-source libraries, ensuring their secure integration within applications.
AI × Security
Super Power from Deep Integration with AI
Security Analyzer's engine utilizes prompts generated by the GPT model, which are specially designed with unique effects to simulate potential attack scenarios or abnormal behavior patterns. Through this hybrid approach, the engine can delve deeply into the code structure, identify, and expose complex logical vulnerabilities that might be overlooked by traditional methods. The effectiveness of this method lies in its combination of the accuracy of static analysis and the creative thinking of the GPT model, enabling it to provide a deeper level of security analysis while maintaining high efficiency.
GPTScan is an innovative security engine designed with AI at its core. It is the pioneering tool that combines GPT with static analysis to detect vulnerabilities in smart contract logic.
Instead of relying solely on GPT to identify vulnerabilities, which can lead to high false positives and is limited by GPT's pre-trained knowledge, we utilize GPT as a versatile code understanding tool. By breaking down each logic vulnerability type into scenarios and properties, GPTScan matches candidate vulnerabilities with GPT. To enhance accuracy, GPTScan further instructs GPT to intelligently recognize key variables and statements, which are then validated by static confirmation.
MetaScan's Web Interface is undergoing a major transition to include AI as a new way for users to interact with the platform.
The AI Assistant is already integrated into the project detail and scan result page. It is able to answer questions about security vulnerabilities and provide recommendations for remediation. The AI Assistant is also able to provide general security information or take actions in the context of the project.
Our goal is to offer a copiloting experience to MetaScan' users. With language as the ultimate interface, we are working to make MetaScan a more intuitive and user-friendly platform that not only will make security assessment of your code a smoother journey, but also will channel our security intelligence to provide you with the most comprehensive security coverage.
Formal Verification with Security Prover
Attain mathematical proof of your code's reliability
MetaScan Security Prover is an advanced tool for formally verifying Solidity smart contracts. It features a groundbreaking symbolic execution engine, offering precise semantic analysis at the source-code level. Prover enhances user-friendliness by allowing developers and security experts to express contract specifications in a Solidity-like syntax, covering function pre/post-conditions, contract invariants, and rule-based properties. It also generates detailed bug reports to streamline fault localization during verification.
Feature Highlights & Advantages
- Source-Code-Centric Formal Verification
- Comprehensive Verification Reports
- Automated Property Recommendations
- Solidity-Style Specification Language
- Strict Semantic Analysis at the Source-Code Level
- Minimal Learning Curve
Rich Integrations with Your Favorite Tools
MetaScan provides seamless integration options for your existing tools and development environments.
On the input side, it supports loading source code from a variety of sources such as public/private Git repositories hosted at GitHub or GitLab, or any public accessible Git repositories. Additionally, users can conveniently upload zip archives containing the source code.
MetaScan also offers extensive RESTful APIs for most of its functionalities, allowing effortless integration into your infrastructure or CI/CD environment. These APIs enable you to create projects, initiate scans, and access detailed scan results. For further information, please refer to our comprehensive API documentation.
Furthermore, MetaScan seamlessly integrates with popular smart contract IDEs like Remix through plugins. It harmonizes with the development workflow, enabling security scans to be conveniently triggered directly within the IDE. Moreover, it facilitates pinpointing problematic code directly in the code editor. This makes it an invaluable companion for smart contract authoring and auditing.
At MetaScan, we understand that security should be a natural part of the development process. Therefore, we are constantly working to expand the range of tools and environments where you can leverage MetaScan's capabilities. Please feel free to reach out to us with any suggestions or ideas to enhance your experience.
Comprehensive Audit Report
MetaScan can generate an intuitive and professional report on vulnerability scanning based on the scan results, accurately summarizing and classifying all security vulnerabilities detected and offering comprehensive remediation suggestions.
The report typically consists of the following sections:
- Executive Summary provides an overview of the project and the scale of auditing, as well as the break down of findings in different severities.
- Summary of Findings provides a concise overview of the identified issues and a full list of all the issues detected.
- Finding Detail explores each finding individually, including the name, severity, and file locations of the security issue. It also includes a comprehensive description of the problem and recommendations for mitigating the issue.
Pricing
From hobbyists to serious web3 businesses, we have a plan for you
- Full scan analysis
- All scan engines available
- Limited number of projects, organization members and scan history
- 8,000 LoC per month
- Advanced AI capability included
- PDF report export
- Unlimited projects, organization members and scan history
- 50,000 LoC per month
- Analytic dashboard
- Premium technical support
- Included manual auditing service for annual subscription
- Starts at 200,000 LoC per month
Why MetaScan?
Security should not be an afterthought, especially for web3 projects where the stakes are high as the code is immutable and the assets are real. MetaScan is a comprehensive security assessment tool that provides a holistic solution for smart contract security. It is designed to help developers and security experts identify and mitigate security vulnerabilities in smart contracts.
Extensive Checks
With over 150 security checkers, MetaScan provides comprehensive coverage for conventional security vulnerabilities and tokenomic loopholes.
Rapid Inspection
MetaScan uses automated security inspection to identify potential security flaws in the code and delivers customized security reports in a fraction of the time.
Accurate Detection
MetaScan incorporates multiple security engines, including Security Analyzer, Security Prover, Open Source Analyzer, IP Analyzer, and others, resulting in a 97% detection accuracy rate.
Cost-effective Audits
MetaScan is a low-cost option for auditing code, with audits costing only 1.5 cents per line of code, providing savings of up to 1000 times compared to traditional code audits.