Aegis is a smart contract audit and analysis tool powered by artificial intelligence, dedicated to safeguarding your smart contracts from vulnerabilities.
View Demo
·
Report Bug
·
Request Feature
Aegis is a cutting-edge smart contract audit and analysis tool, empowered by state-of-the-art artificial intelligence, that safeguards your smart contracts against a wide range of vulnerabilities. Traditional security approaches like manually defining patterns are time-consuming, require deep expertise, and struggle to keep up with ever-evolving threats. Aegis leverages the power of deep learning to offer a faster, more comprehensive solution.
Watch demo here
Our mission is to empower developers of all skill levels with advanced security capabilities, simplifying the process of building robust and trustworthy smart contracts.
- AI-powered Vulnerability Detection: Our robust machine learning model, trained on extensive real-world data, accurately identifies critical vulnerabilities, exceeding the limitations of traditional rule-based approaches.
- Solidity Expertise: Aegis seamlessly supports Solidity, the leading language for smart contract development, ensuring compatibility with your existing projects.
- Actionable Insights and Remediation: Detailed reports pinpoint vulnerabilities, their severity levels, and offer concrete suggestions for remediation, guiding you towards secure and reliable smart contracts.
- Effortless Integration: Aegis integrates seamlessly into your development workflow with a user-friendly command-line interface, minimizing disruption and maximizing efficiency.
- Advanced Vulnerability Detection: Identify a broad spectrum of vulnerabilities, including reentrancy, integer overflow, access control issues, and more.
- Comprehensive Solidity Support: Analyze and scan your Solidity code for potential threats.
- Actionable Insights and Remediation: Receive detailed reports highlighting vulnerabilities, their severity levels, and suggested fixes.
- Easy Integration: Seamlessly integrate Aegis into your development workflow with a user-friendly CLI interface.
Aegis employs a two-stage approach to vulnerability detection, combining the strengths of ResNet-18 and LLAMA 2.
- Acts as the first line of defense, efficiently extracting crucial features from smart contract bytecode.
- Identifies the presence of vulnerabilities with a broad scope, providing an initial assessment.
- Built upon ResNet-18's foundation, leverages fine-tuning and specialized training to pinpoint vulnerable code segments with enhanced precision.
- Goes beyond mere detection, offering actionable guidance for resolving vulnerabilities through targeted suggestions and potential fixes.
- Precision Boost: LLAMA 2's targeted approach minimizes false positives and pinpoints relevant areas for attention, saving developers valuable time and effort.
- Actionable Insights: Gain practical, code-level recommendations for addressing vulnerabilities, empowering you to effectively secure your smart contracts.
- Open Datasets and Hallucination Mitigation: We prioritize responsible AI practices by utilizing publicly available datasets, actively addressing the potential for hallucination in LLAMA 2, and ensuring the accurate identification and remediation of vulnerabilities.
For a deeper understanding of the fine-tuning process, dataset selection, and mitigation strategies, please refer to the comprehensive documentation provided.
To setup Aegis in your local machine, you need to have the following prerequisites installed on your system:
-
Python 3.8 or higher: Download and install Python if you haven't already.
-
Poetry: We use Poetry for dependency management. Install it by following the instructions here.
Once you have the prerequisites, you can set up Aegis by following these steps:
-
Clone the repository:
git clone https://github.com/KarthikS373/aegis.git -
Navigate to the project directory:
cd aegis -
Install dependencies using Poetry:
poetry install -
Activate Virtual Environment:
poetry shell -
Run your first command:
poetry run aegis --help
For a more detailed setup guide, consult our documentation.
To see Aegis in action, check out our demo or refer to the detailed example usage guide in our documentation:
- Demo: Watch the Demo
- Example Usage Guide: Example Usage Guide
Feel free to explore and experiment with the provided examples to understand how to make the most out of Aegis for your projects.
Aegis offers a set of intuitive CLI commands for efficient interaction. Refer to the documentation for usage examples.
compile : compile the solidity code
documentation : generate documentation for the smart contract
generate : generate ready to deploy smart contracts
info : get information about the application
report : generate a pdf report for the smart contract, summarizing its content, highlighting detected vulnerabilities, and suggesting optimizations
scan : scan a file or directory for vulnerabilities
summary : get summary about the smart contract
Aegis is licensed under the MIT license. For more information, please see the LICENSE file in the repository.
We welcome contributions! For detailed instructions on how to contribute, please refer to the Contributing Guide in our documentation.