Automatic security vulnerability scanning
24 x 7 runtime security monitoring
Comprehensive security and risk assessment
Open-source package manager for smart contracts.
Conduct a comprehensive security assessment of your smart contract code to identify vulnerabilities and provide recommendations for remediation
Multi-Engine, Multi-Dimentional Safeguard for Your Code & Assets
Utilizing a security analyzer for static code analysis to detect potential security vulnerabilities.
Leveraging AI technology, such as ChatGPT, to detect logic vulnerabilities, encompassing a wider range of vulnerability types and adapting to various code variations. It enables detection even when the vulnerability names and code flow have been altered.
Conducting code quality assessments to identify and extract a majority of informational and low-level vulnerabilities.
Primarily focused on identifying vulnerabilities related to contract execution and fixed logic flaws, while addressing the issue of higher false positives in static detection.
Employing clone detection techniques to identify code clones and prevent the introduction of security risks through code duplication or similarity, especially for Migration Attack.
Performing security assessments on the usage of open-source libraries, ensuring their secure integration within applications.
AI × Security
Security Analyzer's engine utilizes prompts generated by the GPT model, which are specially designed with unique effects to simulate potential attack scenarios or abnormal behavior patterns. Through this hybrid approach, the engine can delve deeply into the code structure, identify, and expose complex logical vulnerabilities that might be overlooked by traditional methods. The effectiveness of this method lies in its combination of the accuracy of static analysis and the creative thinking of the GPT model, enabling it to provide a deeper level of security analysis while maintaining high efficiency.
GPTScan is an innovative security engine designed with AI at its core. It is the pioneering tool that combines GPT with static analysis to detect vulnerabilities in smart contract logic.
Instead of relying solely on GPT to identify vulnerabilities, which can lead to high false positives and is limited by GPT's pre-trained knowledge, we utilize GPT as a versatile code understanding tool. By breaking down each logic vulnerability type into scenarios and properties, GPTScan matches candidate vulnerabilities with GPT. To enhance accuracy, GPTScan further instructs GPT to intelligently recognize key variables and statements, which are then validated by static confirmation.
MetaScan's Web Interface is undergoing a major transition to include AI as a new way for users to interact with the platform.
The AI Assistant is already integrated into the project detail and scan result page. It is able to answer questions about security vulnerabilities and provide recommendations for remediation. The AI Assistant is also able to provide general security information or take actions in the context of the project.
Our goal is to offer a copiloting experience to MetaScan' users. With language as the ultimate interface, we are working to make MetaScan a more intuitive and user-friendly platform that not only will make security assessment of your code a smoother journey, but also will channel our security intelligence to provide you with the most comprehensive security coverage.
Formal Verification with Security Prover
MetaScan Security Prover is an advanced tool for formally verifying Solidity smart contracts. It features a groundbreaking symbolic execution engine, offering precise semantic analysis at the source-code level. Prover enhances user-friendliness by allowing developers and security experts to express contract specifications in a Solidity-like syntax, covering function pre/post-conditions, contract invariants, and rule-based properties. It also generates detailed bug reports to streamline fault localization during verification.
Rich Integrations with Your Favorite Tools
MetaScan provides seamless integration options for your existing tools and development environments.
On the input side, it supports loading source code from a variety of sources such as public/private Git repositories hosted at GitHub or GitLab, or any public accessible Git repositories. Additionally, users can conveniently upload zip archives containing the source code.
MetaScan also offers extensive RESTful APIs for most of its functionalities, allowing effortless integration into your infrastructure or CI/CD environment. These APIs enable you to create projects, initiate scans, and access detailed scan results. For further information, please refer to our comprehensive API documentation.
Furthermore, MetaScan seamlessly integrates with popular smart contract IDEs like Remix through plugins. It harmonizes with the development workflow, enabling security scans to be conveniently triggered directly within the IDE. Moreover, it facilitates pinpointing problematic code directly in the code editor. This makes it an invaluable companion for smart contract authoring and auditing.
At MetaScan, we understand that security should be a natural part of the development process. Therefore, we are constantly working to expand the range of tools and environments where you can leverage MetaScan's capabilities. Please feel free to reach out to us with any suggestions or ideas to enhance your experience.
Comprehensive Audit Report
MetaScan can generate an intuitive and professional report on vulnerability scanning based on the scan results, accurately summarizing and classifying all security vulnerabilities detected and offering comprehensive remediation suggestions.
The report typically consists of the following sections:
Security should not be an afterthought, especially for web3 projects where the stakes are high as the code is immutable and the assets are real. MetaScan is a comprehensive security assessment tool that provides a holistic solution for smart contract security. It is designed to help developers and security experts identify and mitigate security vulnerabilities in smart contracts.