Project Description
I’m building an automated model that scans Solidity code on the Ethereum network and flags three critical weaknesses—reentrancy, arithmetic overflow/underflow, and access-control flaws.
What I need from you is a working detection engine: it can be rule-based, machine-learning, formal-verification driven, or a hybrid, as long as it reliably pinpoints those issues in typical ERC-20/721 style contracts and produces a clear, human-readable report. I’ll provide sample contracts (both vulnerable and safe) so you can tune precision and recall; feel free to augment with publicly available datasets such as SWC Registry examples.
Because this is Ethereum-only work, please focus on Solidity syntax quirks, common library usage (OpenZeppelin), and the nuances of the EVM. If you lean on tools like Slither, Mythril, Foundry, or custom AST parsers, mention how they fit into your pipeline.
Deliverables
• Source code of the detection model with setup instructions
• A CLI or minimal web interface that accepts .sol files or contract addresses and returns the vulnerability report
• README describing architecture, dependencies, and how to retrain or extend rules
Acceptance criteria
1. For a held-out test set I supply, the model flags at least 90 % of known vulnerabilities with under 10 % false positives.
2. Runs on a standard Linux environment in less than 2 minutes per contract (average size ≈1 k lines).
3. Code is fully commented and ready for future extensions, e.g., to support additional vulnerability classes.
If this sounds like a challenge you’d enjoy, tell me briefly which approach you prefer and any similar tooling you’ve built before.