Overview

An internal-use smart contract audit framework with automated vulnerability detection and Solidity best practices enforcement.

TokenAudit is an internal smart contract audit toolkit used by security teams to automate the detection of common vulnerabilities and enforce Solidity best practices. It includes static analysis tools, customizable rule sets, and integration with CI/CD pipelines.

We developed a custom parser and rules engine capable of identifying over 50 vulnerability types, from reentrancy to gas griefing. Each flagged issue includes contextual suggestions and mitigation strategies.

TokenAudit supports both in-house reviews and client-facing reports, reducing the time and manual effort required for each engagement. It’s now used daily by one of Europe’s top blockchain audit firms.

What we did

• Developed a Solidity scanner to detect vulnerabilities in smart contracts
• Built a risk scoring system and alert system based on CVSS
• Created a visual report generator with audit history
• Added integration with GitHub for automatic scanning of commits
• Implemented a CI/CD plugin for continuous security