HTTP API
Generate token by following this Generating Private Key
Start a project scan
POST
https://api.solidityscan.com/private/api-project-scan/
Authorization*
String
Bearer <token>
Request Body
project_url*
string
url of the project
project_branch
string
branch of the repository to scan
skip_file_paths
[string]
list of paths to skip when scanning
rescan
boolean
true if this scan has already been scanned, false if not.
Project Scan Example
curl --location 'https://api.solidityscan.com/private/api-project-scan/' \
--header 'accept: application/json, text/plain, */*' \
--header 'accept-language: en-GB,en-US;q=0.9,en;q=0.8' \
--header 'sec-ch-ua-mobile: ?0' \
--header 'sec-fetch-dest: empty' \
--header 'sec-fetch-mode: cors' \
--header 'sec-fetch-site: same-origin' \
--header 'sec-gpc: 1' \
--header 'Authorization: Bearer <Your Token>' \
--header 'Content-Type: application/json' \
--data '{
"provider": "github",
"project_name": "SolidityScan",
"project_url": "https://github.com/Shashank-In/SmartContract",
"project_branch": "main",
"project_skip_files":[]
}'
{
"scan_report": {
"client_id": 326,
"file_url_list": null,
"multi_file_scan_details": [
{
"issue_id": "SOLIDITY_PUBLIC_BURN",
"metric_wise_aggregated_findings": [
{
"bug_hash": "865MXqQZ2gXMX6bMC6Dak67NXD8=",
"bug_id": "SSP_2115_8",
"bug_status": "pending_fix",
"comment": "",
"description_details": {
"function_name": ""
},
"findings": [
{
"file_path": "/contracts/bep20/BEP20TokenImplementation.sol",
"line_nos_end": [
241
],
"line_nos_start": [
238
]
}
],
"scan_id": "c209c67e4fc786aa"
}
],
"no_of_findings": 36,
"template_details": {
"_created": "Thu, 01 Jan 1970 00:00:00 GMT",
"_id": "64142385f39e851afed3ecc8",
"_links": {
"self": {
"href": "issue_details/SOLIDITY_LONG_REQUIRE_REVERT_STRINGS",
"title": "issues"
}
},
"_updated": "Thu, 01 Jan 1970 00:00:00 GMT",
"description_keys": [],
"detection_logic": "not defined yet",
"is_production_disabled": false,
"issue_confidence": "2",
"issue_description": "<p>The <code>require()</code> and <code>revert()</code> functions take an input string to show errors if the validation fails.</br>This strings inside these functions that are longer than <code>32 bytes</code> require at least one additional <code>MSTORE</code>, along with additional overhead for computing memory offset, and other parameters.</p>",
"issue_id": "SOLIDITY_LONG_REQUIRE_REVERT_STRINGS",
"issue_name": "LONG REQUIRE/REVERT STRINGS",
"issue_remediation": "<p>It is recommended to short the strings passed inside <code>require()</code> and <code>revert()</code> to fit under <code>32 bytes</code>. This will decrease the gas usage at the time of deployment and at runtime when the validation condition is met.</p>",
"issue_severity": "gas",
"issue_status": "true",
"multi_file_supported": "true",
"version": "1"
}
}
],
"multi_file_scan_status": "scan_done",
"multi_file_scan_summary": {
"count_files_analyzed": 15,
"issue_severity_distribution": {
"critical": 21,
"gas": 120,
"high": 20,
"informational": 18,
"low": 58,
"medium": 10
},
"issues_count": 247,
"lines_analyzed_count": 3183,
"scan_time_taken": 16,
"scans_ran": [
"static_template_based"
],
"score": "4.26",
"score_v2": "85.27"
},
"project_branch": "master",
"project_id": "bf4b2e27a7eca4a04c2e5b2f768e4054",
"project_name": "mano-credshields-eth-bsc-swap-contracts",
"project_sequence_id": 2115,
"project_url": "https://github.com/mano-credshields/eth-bsc-swap-contracts",
"quick_file_scan_details": "c209c67e4fc786aa",
"reporting_status": "not_generated",
"scan_id": "c209c67e4fc786aa",
"scan_init_time": "2023-06-12T10:18:51.367790",
"scan_status": "scan_done",
"scan_type": "project",
"skip_file_paths": []
}
}
Verified Contract Scans
Start a block scan
POST
https://api.solidityscan.com/private/api-start-scan-block/
Authorization*
String
Bearer <token>
Request Body
contract_address*
string
address of the contract
contract_platform*
string
contract_chain*
strin
chain which the contract belongs to
Block Scan CURL Example
curl --location 'https://api.solidityscan.com/private/api-start-scan-block/' \
--header 'accept: application/json, text/plain, */*' \
--header 'accept-language: en-GB,en-US;q=0.9,en;q=0.8' \
--header 'sec-ch-ua-mobile: ?0' \
--header 'sec-fetch-dest: empty' \
--header 'sec-fetch-mode: cors' \
--header 'sec-fetch-site: same-origin' \
--header 'sec-gpc: 1' \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '{
"contract_address": "0x814d65082Bbfbf45130741018772143b690609CE",
"contract_platform": "bscscan",
"contract_chain": "mainnet"
}'
{
"scan_report": {
"client_id": 326,
"compilerversion": "v0.8.11+commit.d7f03943",
"contract_address": "0x814d65082Bbfbf45130741018772143b690609CE",
"contract_chain": "mainnet",
"contract_platform": "bscscan",
"contract_url": "https://bscscan.com/address/0x814d65082Bbfbf45130741018772143b690609CE",
"contractname": "TestCA",
"currency": "BNB",
"evmversion": "Default",
"licensetype": "None",
"multi_file_scan_details": [
{
"issue_id": "SOLIDITY_INCORRECT_ACCESS_CONTROL",
"metric_wise_aggregated_findings": [
{
"bug_hash": "wgs1VNce9tUpqOF1jt-bwauTY14=",
"bug_id": "SSB_3940_74",
"bug_status": "pending_fix",
"comment": "",
"description_details": {
"contract_name": "DividendPayingToken",
"function_name": "rescueTokens",
"library_name": "@openzeppelin/contracts/access/Ownable.sol",
"modifier_name": "onlyOwner"
},
"findings": [
{
"file_path": "contract.sol",
"line_nos_end": [
430
],
"line_nos_start": [
427
]
}
],
"scan_id": "7c96cf7b20b42c92"
},
{
"bug_hash": "YpFgK9IcmIEX723u-T3R7MgtPZs=",
"bug_id": "SSB_3940_75",
"bug_status": "pending_fix",
"comment": "",
"description_details": {
"contract_name": "TestCA",
"function_name": "rescueTokens",
"library_name": "@openzeppelin/contracts/access/Ownable.sol",
"modifier_name": "onlyOwner"
},
"findings": [
{
"file_path": "contract.sol",
"line_nos_end": [
605
],
"line_nos_start": [
600
]
}
],
"scan_id": "7c96cf7b20b42c92"
},
{
"bug_hash": "XiHaPHM4bJptrgKBwt5LpePsjws=",
"bug_id": "SSB_3940_76",
"bug_status": "pending_fix",
"comment": "",
"description_details": {
"contract_name": "TestCA",
"function_name": "processDividendTracker",
"library_name": "@openzeppelin/contracts/access/Ownable.sol",
"modifier_name": "onlyOwner"
},
"findings": [
{
"file_path": "contract.sol",
"line_nos_end": [
690
],
"line_nos_start": [
687
]
}
],
"scan_id": "7c96cf7b20b42c92"
},
{
"bug_hash": "abpAYui5sZSDJjtZ1iUoH4dDtoU=",
"bug_id": "SSB_3940_77",
"bug_status": "pending_fix",
"comment": "",
"description_details": {
"contract_name": "TestCA",
"function_name": "claim",
"library_name": "@openzeppelin/contracts/access/Ownable.sol",
"modifier_name": "onlyOwner"
},
"findings": [
{
"file_path": "contract.sol",
"line_nos_end": [
694
],
"line_nos_start": [
692
]
}
],
"scan_id": "7c96cf7b20b42c92"
},
{
"bug_hash": "6mNWpIIeI-jESDh_QxqdkbJ_djo=",
"bug_id": "SSB_3940_78",
"bug_status": "pending_fix",
"comment": "",
"description_details": {
"contract_name": "TESTDividendTracker",
"function_name": "process",
"library_name": "@openzeppelin/contracts/access/Ownable.sol",
"modifier_name": "onlyOwner"
},
"findings": [
{
"file_path": "contract.sol",
"line_nos_end": [
1020
],
"line_nos_start": [
975
]
}
],
"scan_id": "7c96cf7b20b42c92"
}
],
"no_of_findings": 5,
"template_details": {
"_created": "Thu, 01 Jan 1970 00:00:00 GMT",
"_id": "64142385f39e851afed3ecfb",
"_links": {
"self": {
"href": "issue_details/SOLIDITY_INCORRECT_ACCESS_CONTROL",
"title": "issues"
}
},
"_updated": "Thu, 01 Jan 1970 00:00:00 GMT",
"description_keys": [
"contract_name",
"library_name",
"function_name",
"modifier_name"
],
"detection_logic": "not defined yet",
"is_production_disabled": false,
"issue_confidence": "1",
"issue_description": "<p>Access control plays an important role in segregation of privileges in smart contracts and other applications. If this is misconfigured or not properly validated on sensitive functions, it may lead to loss of funds, tokens and in some cases compromise of the smart contract. <br><br>The contract ${contract_name} is importing an access control library ${library_name} but the function ${function_name} is missing the modifier ${modifier_name}.</p>",
"issue_id": "SOLIDITY_INCORRECT_ACCESS_CONTROL",
"issue_name": "INCORRECT ACCESS CONTROL",
"issue_remediation": "<p>It is recommended to go through the contract and observe the functions that are lacking an access control modifier. If they contain sensitive administrative actions, it is advised to add a suitable modifier to the same</p>",
"issue_severity": "critical",
"issue_status": "true",
"multi_file_supported": "true",
"version": "1"
}
}
],
"multi_file_scan_status": "scan_done",
"multi_file_scan_summary": {
"count_files_analyzed": 1,
"issue_severity_distribution": {
"critical": 5,
"gas": 91,
"high": 7,
"informational": 24,
"low": 22,
"medium": 1
},
"issues_count": 150,
"lines_analyzed_count": 1033,
"scan_time_taken": 9,
"scans_ran": [
"static_template_based"
],
"score": "3.96",
"score_v2": "79.19",
"threat_score": "76.19"
},
"node_reference_id": null,
"project_id": "a3b0fbb769c94f1733e2beeaee692dd6",
"project_sequence_id": 3940,
"quick_file_scan_details": "7c96cf7b20b42c92",
"reporting_status": "not_generated",
"scan_id": "7c96cf7b20b42c92",
"scan_init_time": "2023-06-12T10:27:28.468226",
"scan_status": "scan_done",
"scan_type": "block",
"value": "8.761483474979001e-06"
}
}
Generate Report
Generate Report
POST
https://api.solidityscan.com/private/api-generate-report/
Request Headers
Authorization*
String
Bearer <token>
Request Body
project_id*
string
project_id to generate report for
scan_id*
string
id of the scan associated
scan_type
string
block | project (Use block scan when generating report of scanned on-chain contract and use project type when generating report of github or file upload)
Generate Report CURL Example
curl --location 'https://api.solidityscan.com/private/api-generate-report/' \
--header 'accept: application/json, text/plain, */*' \
--header 'accept-language: en-GB,en-US;q=0.9,en;q=0.8' \
--header 'sec-ch-ua-mobile: ?0' \
--header 'sec-fetch-dest: empty' \
--header 'sec-fetch-mode: cors' \
--header 'sec-fetch-site: same-origin' \
--header 'sec-gpc: 1' \
--header 'Authorization: Bearer <Your Token Here>' \
--header 'Content-Type: application/json' \
--data '{
"project_id": "6571b352c270c4eafcd0c8b09a75aebc",
"scan_id": "2934f6851ea514ee",
"scan_type":"project"
}'
{
"scan_id": "abcdefgh",
"status": "started"
}
Pre-Signed URL Generation
GET
https://solidityscan.com/app/private/api-get-presigned-url/
Generates a pre-signed URL for uploading a file (e.g., test.sol
).
Headers
Content-Type
application/json
Authorization
Bearer <token>
Response
{
"status": "success",
"result": {
"url": "<URL_OF_THE_FILE>"
}
}
{
"status": "failed",
"message": "Filetype not valid"
}
Curl Example:
curl --location 'https://solidityscan.com/app/private/api-get-presigned-url/?file_name=test.sol' \
--header 'accept: application/json, text/plain, */*' \
--header 'accept-language: en-GB,en-US;q=0.9,en;q=0.8' \
--header 'content-type: application/json' \
--header 'Authorization: Bearer <ACCESS_TOKEN>' \
--data ''
Scan Retrieval
POST
https://solidityscan.com/app/private/api-get-scan/
Fetches the scan result of a specific project or file.
Headers
Content-Type
application/json
Authorization
Bearer <token>
Body
client_id
number
Id of the client
scan_id
string
Id of the scan
scan_type
string
Type of Scan
project_id
string
Id of the project
Response
{
"scan_report": {
"file_url_list": [
"https://credshields-prod.s3.amazonaws.com/temp_backend/15c9c621-11ab-4db5-a005-4c98ebbad1d9/1736928326545_testnew.sol"
],
"is_quick_scan": false,
"multi_file_scan_details": [
{
"issue_id": "SOLIDITY_INCORRECT_ACCESS_CONTROL",
"metric_wise_aggregated_findings": [
{
"bug_hash": "mUvFpuKREc_hKplmSXj99sLGIzg=",
"bug_id": "SSP_51519_14",
"bug_status": "pending_fix",
"description_details": {
"contract_name": "BUG",
"function_name": "transferToken",
"library_name": "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol",
"modifier_name": "onlyOwner"
},
"findings": [
{
"ai_tagged_reason": "The function 'transferToken' has a require statement checking the balance of msg.sender and ensures the recipient address is not zero. It does not modify critical data without proper checks, and it operates on the balance of msg.sender, which is appropriate for a public function.",
"ai_tagged_status": false,
"file_path": "/testnew.sol",
"line_nos_end": [
27
],
"line_nos_start": [
22
]
}
],
"scan_id": "759bab4e4c214fc5"
}
],
"no_of_findings": 1,
"template_details": {
"description_keys": [
"contract_name",
"library_name",
"function_name",
"modifier_name"
],
"issue_confidence": "1",
"issue_description": "<p>Access control plays an important role in segregation of privileges in smart contracts and other applications. If this is misconfigured or not properly validated on sensitive functions, it may lead to loss of funds, tokens and in some cases compromise of the smart contract. <br><br>The contract ${contract_name} is importing an access control library ${library_name} but the function ${function_name} is missing the modifier ${modifier_name}.</p>",
"issue_id": "SOLIDITY_INCORRECT_ACCESS_CONTROL",
"issue_name": "INCORRECT ACCESS CONTROL",
"issue_remediation": "<p>It is recommended to go through the contract and observe the functions that are lacking an access control modifier. If they contain sensitive administrative actions, it is advised to add a suitable modifier to the same</p>",
"issue_severity": "critical",
"issue_status": "true",
"static_issue_description": "<p>Access control plays an important role in the segregation of privileges in smart contracts and other applications. If this is misconfigured or not properly validated on sensitive functions, it may lead to loss of funds, tokens and in some cases compromise of the smart contract. <br><br>The contract is importing an access control library but the function is missing the modifier.</p>"
}
},
.......
{
"error": "Invalid request"
}
Curl Example:
curl --location 'https://solidityscan.com/app/private/api-get-scan/' \
--header 'accept: application/json, text/plain, */*' \
--header 'content-type: application/json' \
--header 'Authorization: Bearer <ACCESS_TOKEN>' \
--data '{
"client_id": 802,
"scan_id": "789e422d9923edd3",
"scan_type": "block",
"project_id": "09577d722c51953c21e0a41199c47699"
}'
File Scan
POST
https://solidityscan.com/app/private/api-file-scan/
Uploads a file and initiates its scan.
Headers
Content-Type
application/json
Authorization
Bearer <token>
Body
file_urls
array
An array containing all the URLs of the files.
project_name
string
Name of the project
project_type
string
Type of the project
Response
{
"scan_report": {
"file_url_list": [
"https://credshields-prod.s3.amazonaws.com/temp_backend/15c9c621-11ab-4db5-a005-4c98ebbad1d9/1736928326545_testnew.sol"
],
"is_quick_scan": false,
"multi_file_scan_details": [
{
"issue_id": "SOLIDITY_INCORRECT_ACCESS_CONTROL",
"metric_wise_aggregated_findings": [
{
"bug_hash": "mUvFpuKREc_hKplmSXj99sLGIzg=",
"bug_id": "SSP_51519_14",
"bug_status": "pending_fix",
"description_details": {
"contract_name": "BUG",
"function_name": "transferToken",
"library_name": "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol",
"modifier_name": "onlyOwner"
},
"findings": [
{
"ai_tagged_reason": "The function 'transferToken' has a require statement checking the balance of msg.sender and ensures the recipient address is not zero. It does not modify critical data without proper checks, and it operates on the balance of msg.sender, which is appropriate for a public function.",
"ai_tagged_status": false,
"file_path": "/testnew.sol",
"line_nos_end": [
27
],
"line_nos_start": [
22
]
}
],
"scan_id": "759bab4e4c214fc5"
}
],
"no_of_findings": 1,
"template_details": {
"description_keys": [
"contract_name",
"library_name",
"function_name",
"modifier_name"
],
"issue_confidence": "1",
"issue_description": "<p>Access control plays an important role in segregation of privileges in smart contracts and other applications. If this is misconfigured or not properly validated on sensitive functions, it may lead to loss of funds, tokens and in some cases compromise of the smart contract. <br><br>The contract ${contract_name} is importing an access control library ${library_name} but the function ${function_name} is missing the modifier ${modifier_name}.</p>",
"issue_id": "SOLIDITY_INCORRECT_ACCESS_CONTROL",
"issue_name": "INCORRECT ACCESS CONTROL",
"issue_remediation": "<p>It is recommended to go through the contract and observe the functions that are lacking an access control modifier. If they contain sensitive administrative actions, it is advised to add a suitable modifier to the same</p>",
"issue_severity": "critical",
"issue_status": "true",
"static_issue_description": "<p>Access control plays an important role in the segregation of privileges in smart contracts and other applications. If this is misconfigured or not properly validated on sensitive functions, it may lead to loss of funds, tokens and in some cases compromise of the smart contract. <br><br>The contract is importing an access control library but the function is missing the modifier.</p>"
}
},
.......
Last updated