(Replace this with a real screenshot of your Dashboard)
EthSec is an open-source security tool designed to bridge the gap between "Learning Solidity" and "Finding Vulnerabilities."
Current industrial tools (like Slither or Mythril) are powerful but overwhelming. They flood beginners with 50+ pages of "Low Severity" warnings (noise). EthSec is built on a "Signal-First" philosophy:
- Filter the Noise: Ignores gas optimizations and style warnings.
- Focus on Danger: Only flags high-impact risks (Reentrancy, Access Control, Logic Errors).
- Educational Output: Doesn't just say "Error"; it provides an "Attack Plan" to help students understand how the exploit works.
Note: This repository hosts the Interactive Frontend Demo. The core analysis engine (L0 Python Layer) is being developed in a separate repository.
This demo simulates the "EthSec Experience" that we are building:
- 🕵️ Terminal-Style Scanning: A visual "Hacker Aesthetic" that shows exactly what the engine is checking (Proxy detection, Slither integration, etc.).
- 🚦 Severity-Based Reporting: Instantly categorizes findings into
CRITICAL,HIGH, andMEDIUM. - 🧠 Contextual Analysis: (Planned) Integration with LLMs to explain bugs in plain English.
- 🛡️ Core Detector Set:
- D001: Unsafe
delegatecallusage (Storage collision risks). - D002: Phishing risks via
tx.origin. - D005: Reentrancy (Checks-Effects-Interactions violations).
- D007: Missing Access Control on state-changing functions.
If you want to play with the UI simulation on your machine:
# 1. Clone the demo
git clone https://github.com/YungExpat/EthSec-Demo.git
# 2. Enter the folder
cd EthSec-Demo
# 3. Install dependencies
npm install
# 4. Start the development server
npm run dev
Open http://localhost:5173 to see the dashboard.
We are applying for funding to move this project from Prototype to Public Infrastructure.
-
Phase 1 (Completed):
-
✅ Developed Core L0 Python Primitives (Regex/AST Detectors).
-
✅ Designed "High-Signal" Dashboard UI (This Repo).
-
Phase 2 (In Progress - Funding Goal):
-
🚧 Connect this React Frontend to the Python Analysis Engine.
-
🚧 Dockerize the "Heavy Worker" (Slither + Solc-Select integration).
-
Phase 3 (Future):
-
🔮 "One-Click Exploit Generation" (Auto-scaffold Foundry tests for verified bugs).
EthSec is built by students, for students. If you are learning Web3 security, we'd love your help adding new "Detector Rules."
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingDetector) - Commit your Changes (
git commit -m 'Add some AmazingDetector') - Push to the Branch (
git push origin feature/AmazingDetector) - Open a Pull Request
Distributed under the MIT License. See LICENSE for more information.
As an Electrical Engineering student, I treat Smart Contracts like hardware circuits: once printed (deployed), bugs are permanent. I built EthSec to help students like me "debug the circuit" before it goes live.
This project is licensed under the MIT License - see the LICENSE file for details.
The MIT License allows:
- ✅ Commercial use
- ✅ Modification
- ✅ Distribution
- ✅ Private use
You are free to use, modify, and distribute this software as long as you include the original copyright notice.