# HTTP API ### Generate token by following this [generating-private-key](https://apidoc.solidityscan.com/solidityscan-security-api/getting-started/apis/generating-private-key "mention") ### Start a project scan `POST` `https://api.solidityscan.com/private/api-project-scan/` | Name | Type | Description | | --------------- | ------ | --------------- | | Authorization\* | String | Bearer \ | **Request Body** | Name | Type | Description | | ----------------- | --------- | --------------------------------------------------------- | | project\_url\* | string | url of the project | | project\_branch | string | branch of the repository to scan | | skip\_file\_paths | \[string] | list of paths to skip when scanning | | rescan | boolean | true if this scan has already been scanned, false if not. | Project Scan Example {% tabs %} {% tab title="Request" %} ``` curl --location 'https://api.solidityscan.com/private/api-project-scan/' \ --header 'accept: application/json, text/plain, */*' \ --header 'accept-language: en-GB,en-US;q=0.9,en;q=0.8' \ --header 'sec-ch-ua-mobile: ?0' \ --header 'sec-fetch-dest: empty' \ --header 'sec-fetch-mode: cors' \ --header 'sec-fetch-site: same-origin' \ --header 'sec-gpc: 1' \ --header 'Authorization: Bearer ' \ --header 'Content-Type: application/json' \ --data '{ "provider": "github", "project_name": "SolidityScan", "project_url": "https://github.com/Shashank-In/SmartContract", "project_branch": "main", "project_skip_files":[] }' ``` {% endtab %} {% tab title="Response" %} ``` { "scan_report": { "client_id": 326, "file_url_list": null, "multi_file_scan_details": [ { "issue_id": "SOLIDITY_PUBLIC_BURN", "metric_wise_aggregated_findings": [ { "bug_hash": "865MXqQZ2gXMX6bMC6Dak67NXD8=", "bug_id": "SSP_2115_8", "bug_status": "pending_fix", "comment": "", "description_details": { "function_name": "" }, "findings": [ { "file_path": "/contracts/bep20/BEP20TokenImplementation.sol", "line_nos_end": [ 241 ], "line_nos_start": [ 238 ] } ], "scan_id": "c209c67e4fc786aa" } ], "no_of_findings": 36, "template_details": { "_created": "Thu, 01 Jan 1970 00:00:00 GMT", "_id": "64142385f39e851afed3ecc8", "_links": { "self": { "href": "issue_details/SOLIDITY_LONG_REQUIRE_REVERT_STRINGS", "title": "issues" } }, "_updated": "Thu, 01 Jan 1970 00:00:00 GMT", "description_keys": [], "detection_logic": "not defined yet", "is_production_disabled": false, "issue_confidence": "2", "issue_description": "

The require() and revert() functions take an input string to show errors if the validation fails.
This strings inside these functions that are longer than 32 bytes require at least one additional MSTORE, along with additional overhead for computing memory offset, and other parameters.

", "issue_id": "SOLIDITY_LONG_REQUIRE_REVERT_STRINGS", "issue_name": "LONG REQUIRE/REVERT STRINGS", "issue_remediation": "

It is recommended to short the strings passed inside require() and revert() to fit under 32 bytes. This will decrease the gas usage at the time of deployment and at runtime when the validation condition is met.

", "issue_severity": "gas", "issue_status": "true", "multi_file_supported": "true", "version": "1" } } ], "multi_file_scan_status": "scan_done", "multi_file_scan_summary": { "count_files_analyzed": 15, "issue_severity_distribution": { "critical": 21, "gas": 120, "high": 20, "informational": 18, "low": 58, "medium": 10 }, "issues_count": 247, "lines_analyzed_count": 3183, "scan_time_taken": 16, "scans_ran": [ "static_template_based" ], "score": "4.26", "score_v2": "85.27" }, "project_branch": "master", "project_id": "bf4b2e27a7eca4a04c2e5b2f768e4054", "project_name": "mano-credshields-eth-bsc-swap-contracts", "project_sequence_id": 2115, "project_url": "https://github.com/mano-credshields/eth-bsc-swap-contracts", "quick_file_scan_details": "c209c67e4fc786aa", "reporting_status": "not_generated", "scan_id": "c209c67e4fc786aa", "scan_init_time": "2023-06-12T10:18:51.367790", "scan_status": "scan_done", "scan_type": "project", "skip_file_paths": [] } } ``` {% endtab %} {% endtabs %} #### Verified Contract Scans ### Start a block scan `POST` `https://api.solidityscan.com/private/api-start-scan-block/` | Name | Type | Description | | --------------- | ------ | --------------- | | Authorization\* | String | Bearer \ | **Request Body** | Name | Type | Description | | -------------------- | ------ | ----------------------------------- | | contract\_address\* | string | address of the contract | | contract\_platform\* | string | | | contract\_chain\* | strin | chain which the contract belongs to | **Block Scan CURL Example** {% tabs %} {% tab title="Request" %} ``` curl --location 'https://api.solidityscan.com/private/api-start-scan-block/' \ --header 'accept: application/json, text/plain, */*' \ --header 'accept-language: en-GB,en-US;q=0.9,en;q=0.8' \ --header 'sec-ch-ua-mobile: ?0' \ --header 'sec-fetch-dest: empty' \ --header 'sec-fetch-mode: cors' \ --header 'sec-fetch-site: same-origin' \ --header 'sec-gpc: 1' \ --header 'Authorization: Bearer ' \ --header 'Content-Type: application/json' \ --data '{ "contract_address": "0x814d65082Bbfbf45130741018772143b690609CE", "contract_platform": "bscscan", "contract_chain": "mainnet" }' ``` {% endtab %} {% tab title="Response" %} ``` { "scan_report": { "client_id": 326, "compilerversion": "v0.8.11+commit.d7f03943", "contract_address": "0x814d65082Bbfbf45130741018772143b690609CE", "contract_chain": "mainnet", "contract_platform": "bscscan", "contract_url": "https://bscscan.com/address/0x814d65082Bbfbf45130741018772143b690609CE", "contractname": "TestCA", "currency": "BNB", "evmversion": "Default", "licensetype": "None", "multi_file_scan_details": [ { "issue_id": "SOLIDITY_INCORRECT_ACCESS_CONTROL", "metric_wise_aggregated_findings": [ { "bug_hash": "wgs1VNce9tUpqOF1jt-bwauTY14=", "bug_id": "SSB_3940_74", "bug_status": "pending_fix", "comment": "", "description_details": { "contract_name": "DividendPayingToken", "function_name": "rescueTokens", "library_name": "@openzeppelin/contracts/access/Ownable.sol", "modifier_name": "onlyOwner" }, "findings": [ { "file_path": "contract.sol", "line_nos_end": [ 430 ], "line_nos_start": [ 427 ] } ], "scan_id": "7c96cf7b20b42c92" }, { "bug_hash": "YpFgK9IcmIEX723u-T3R7MgtPZs=", "bug_id": "SSB_3940_75", "bug_status": "pending_fix", "comment": "", "description_details": { "contract_name": "TestCA", "function_name": "rescueTokens", "library_name": "@openzeppelin/contracts/access/Ownable.sol", "modifier_name": "onlyOwner" }, "findings": [ { "file_path": "contract.sol", "line_nos_end": [ 605 ], "line_nos_start": [ 600 ] } ], "scan_id": "7c96cf7b20b42c92" }, { "bug_hash": "XiHaPHM4bJptrgKBwt5LpePsjws=", "bug_id": "SSB_3940_76", "bug_status": "pending_fix", "comment": "", "description_details": { "contract_name": "TestCA", "function_name": "processDividendTracker", "library_name": "@openzeppelin/contracts/access/Ownable.sol", "modifier_name": "onlyOwner" }, "findings": [ { "file_path": "contract.sol", "line_nos_end": [ 690 ], "line_nos_start": [ 687 ] } ], "scan_id": "7c96cf7b20b42c92" }, { "bug_hash": "abpAYui5sZSDJjtZ1iUoH4dDtoU=", "bug_id": "SSB_3940_77", "bug_status": "pending_fix", "comment": "", "description_details": { "contract_name": "TestCA", "function_name": "claim", "library_name": "@openzeppelin/contracts/access/Ownable.sol", "modifier_name": "onlyOwner" }, "findings": [ { "file_path": "contract.sol", "line_nos_end": [ 694 ], "line_nos_start": [ 692 ] } ], "scan_id": "7c96cf7b20b42c92" }, { "bug_hash": "6mNWpIIeI-jESDh_QxqdkbJ_djo=", "bug_id": "SSB_3940_78", "bug_status": "pending_fix", "comment": "", "description_details": { "contract_name": "TESTDividendTracker", "function_name": "process", "library_name": "@openzeppelin/contracts/access/Ownable.sol", "modifier_name": "onlyOwner" }, "findings": [ { "file_path": "contract.sol", "line_nos_end": [ 1020 ], "line_nos_start": [ 975 ] } ], "scan_id": "7c96cf7b20b42c92" } ], "no_of_findings": 5, "template_details": { "_created": "Thu, 01 Jan 1970 00:00:00 GMT", "_id": "64142385f39e851afed3ecfb", "_links": { "self": { "href": "issue_details/SOLIDITY_INCORRECT_ACCESS_CONTROL", "title": "issues" } }, "_updated": "Thu, 01 Jan 1970 00:00:00 GMT", "description_keys": [ "contract_name", "library_name", "function_name", "modifier_name" ], "detection_logic": "not defined yet", "is_production_disabled": false, "issue_confidence": "1", "issue_description": "

Access control plays an important role in segregation of privileges in smart contracts and other applications. If this is misconfigured or not properly validated on sensitive functions, it may lead to loss of funds, tokens and in some cases compromise of the smart contract.

The contract ${contract_name} is importing an access control library ${library_name} but the function ${function_name} is missing the modifier ${modifier_name}.

", "issue_id": "SOLIDITY_INCORRECT_ACCESS_CONTROL", "issue_name": "INCORRECT ACCESS CONTROL", "issue_remediation": "

It is recommended to go through the contract and observe the functions that are lacking an access control modifier. If they contain sensitive administrative actions, it is advised to add a suitable modifier to the same

", "issue_severity": "critical", "issue_status": "true", "multi_file_supported": "true", "version": "1" } } ], "multi_file_scan_status": "scan_done", "multi_file_scan_summary": { "count_files_analyzed": 1, "issue_severity_distribution": { "critical": 5, "gas": 91, "high": 7, "informational": 24, "low": 22, "medium": 1 }, "issues_count": 150, "lines_analyzed_count": 1033, "scan_time_taken": 9, "scans_ran": [ "static_template_based" ], "score": "3.96", "score_v2": "79.19", "threat_score": "76.19" }, "node_reference_id": null, "project_id": "a3b0fbb769c94f1733e2beeaee692dd6", "project_sequence_id": 3940, "quick_file_scan_details": "7c96cf7b20b42c92", "reporting_status": "not_generated", "scan_id": "7c96cf7b20b42c92", "scan_init_time": "2023-06-12T10:27:28.468226", "scan_status": "scan_done", "scan_type": "block", "value": "8.761483474979001e-06" } } ``` {% endtab %} {% endtabs %} #### Generate Report ### Generate Report `POST` `https://api.solidityscan.com/private/api-generate-report/` Request Headers | Name | Type | Description | | --------------- | ------ | --------------- | | Authorization\* | String | Bearer \ | **Request Body** | Name | Type | Description | | ------------- | ------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------- | | project\_id\* | string | project\_id to generate report for | | scan\_id\* | string | id of the scan associated | | scan\_type | string | block \| project (Use block scan when generating report of scanned on-chain contract and use project type when generating report of github or file upload) | **Generate Report CURL Example** {% tabs %} {% tab title="Request" %} ``` curl --location 'https://api.solidityscan.com/private/api-generate-report/' \ --header 'accept: application/json, text/plain, */*' \ --header 'accept-language: en-GB,en-US;q=0.9,en;q=0.8' \ --header 'sec-ch-ua-mobile: ?0' \ --header 'sec-fetch-dest: empty' \ --header 'sec-fetch-mode: cors' \ --header 'sec-fetch-site: same-origin' \ --header 'sec-gpc: 1' \ --header 'Authorization: Bearer ' \ --header 'Content-Type: application/json' \ --data '{ "project_id": "6571b352c270c4eafcd0c8b09a75aebc", "scan_id": "2934f6851ea514ee", "scan_type":"project" }' ``` {% endtab %} {% tab title="Response" %} ``` { "scan_id": "abcdefgh", "status": "started" } ``` {% endtab %} {% endtabs %} ## **Pre-Signed URL Generation** `GET``https://api.solidityscan.com/private/api-get-presigned-url/` Generates a pre-signed URL for uploading a file (e.g., `test.sol`). **Headers** | Name | Value | | ------------- | ------------------ | | Content-Type | `application/json` | | Authorization | `Bearer ` | **Response** {% tabs %} {% tab title="200" %} ```json { "status": "success", "result": { "url": "" } } ``` {% endtab %} {% tab title="400" %} ```json { "status": "failed", "message": "Filetype not valid" } ``` {% endtab %} {% endtabs %} **Curl Example:** ```bash curl --location 'https://api.solidityscan.com/private/api-get-presigned-url/?file_name=test.sol' \ --header 'accept: application/json, text/plain, */*' \ --header 'accept-language: en-GB,en-US;q=0.9,en;q=0.8' \ --header 'content-type: application/json' \ --header 'Authorization: Bearer ' \ --data '' ``` *** ## **Scan Retrieval** `POST``https://api.solidityscan.com/private/api-get-scan/` Fetches the scan result of a specific project or file. **Headers** | Name | Value | | ------------- | ------------------ | | Content-Type | `application/json` | | Authorization | `Bearer ` | **Body** | Name | Type | Description | | ----------- | ------ | ----------------- | | client\_id | number | Id of the client | | scan\_id | string | Id of the scan | | scan\_type | string | Type of Scan | | project\_id | string | Id of the project | **Response** {% tabs %} {% tab title="200" %} ```json { "scan_report": { "file_url_list": [ "https://credshields-prod.s3.amazonaws.com/temp_backend/15c9c621-11ab-4db5-a005-4c98ebbad1d9/1736928326545_testnew.sol" ], "is_quick_scan": false, "multi_file_scan_details": [ { "issue_id": "SOLIDITY_INCORRECT_ACCESS_CONTROL", "metric_wise_aggregated_findings": [ { "bug_hash": "mUvFpuKREc_hKplmSXj99sLGIzg=", "bug_id": "SSP_51519_14", "bug_status": "pending_fix", "description_details": { "contract_name": "BUG", "function_name": "transferToken", "library_name": "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol", "modifier_name": "onlyOwner" }, "findings": [ { "ai_tagged_reason": "The function 'transferToken' has a require statement checking the balance of msg.sender and ensures the recipient address is not zero. It does not modify critical data without proper checks, and it operates on the balance of msg.sender, which is appropriate for a public function.", "ai_tagged_status": false, "file_path": "/testnew.sol", "line_nos_end": [ 27 ], "line_nos_start": [ 22 ] } ], "scan_id": "759bab4e4c214fc5" } ], "no_of_findings": 1, "template_details": { "description_keys": [ "contract_name", "library_name", "function_name", "modifier_name" ], "issue_confidence": "1", "issue_description": "

Access control plays an important role in segregation of privileges in smart contracts and other applications. If this is misconfigured or not properly validated on sensitive functions, it may lead to loss of funds, tokens and in some cases compromise of the smart contract.

The contract ${contract_name} is importing an access control library ${library_name} but the function ${function_name} is missing the modifier ${modifier_name}.

", "issue_id": "SOLIDITY_INCORRECT_ACCESS_CONTROL", "issue_name": "INCORRECT ACCESS CONTROL", "issue_remediation": "

It is recommended to go through the contract and observe the functions that are lacking an access control modifier. If they contain sensitive administrative actions, it is advised to add a suitable modifier to the same

", "issue_severity": "critical", "issue_status": "true", "static_issue_description": "

Access control plays an important role in the segregation of privileges in smart contracts and other applications. If this is misconfigured or not properly validated on sensitive functions, it may lead to loss of funds, tokens and in some cases compromise of the smart contract.

The contract is importing an access control library but the function is missing the modifier.

" } }, ....... ``` {% endtab %} {% tab title="400" %} ```json { "error": "Invalid request" } ``` {% endtab %} {% endtabs %} {% file src="" %} **Curl Example:** ```bash curl --location 'https://api.solidityscan.com/private/api-get-scan/' \ --header 'accept: application/json, text/plain, */*' \ --header 'content-type: application/json' \ --header 'Authorization: Bearer ' \ --data '{ "client_id": 802, "scan_id": "789e422d9923edd3", "scan_type": "block", "project_id": "09577d722c51953c21e0a41199c47699" }' ``` *** ## **File Scan** `POST``https://api.solidityscan.com/private/api-file-scan/` Uploads a file and initiates its scan. **Headers** | Name | Value | | ------------- | ------------------ | | Content-Type | `application/json` | | Authorization | `Bearer ` | **Body** | Name | Type | Description | | ------------- | ------ | ---------------------------------------------- | | file\_urls | array | An array containing all the URLs of the files. | | project\_name | string | Name of the project | | project\_type | string | Type of the project | **Response** {% tabs %} {% tab title="200" %} ```json { "scan_report": { "file_url_list": [ "https://credshields-prod.s3.amazonaws.com/temp_backend/15c9c621-11ab-4db5-a005-4c98ebbad1d9/1736928326545_testnew.sol" ], "is_quick_scan": false, "multi_file_scan_details": [ { "issue_id": "SOLIDITY_INCORRECT_ACCESS_CONTROL", "metric_wise_aggregated_findings": [ { "bug_hash": "mUvFpuKREc_hKplmSXj99sLGIzg=", "bug_id": "SSP_51519_14", "bug_status": "pending_fix", "description_details": { "contract_name": "BUG", "function_name": "transferToken", "library_name": "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol", "modifier_name": "onlyOwner" }, "findings": [ { "ai_tagged_reason": "The function 'transferToken' has a require statement checking the balance of msg.sender and ensures the recipient address is not zero. It does not modify critical data without proper checks, and it operates on the balance of msg.sender, which is appropriate for a public function.", "ai_tagged_status": false, "file_path": "/testnew.sol", "line_nos_end": [ 27 ], "line_nos_start": [ 22 ] } ], "scan_id": "759bab4e4c214fc5" } ], "no_of_findings": 1, "template_details": { "description_keys": [ "contract_name", "library_name", "function_name", "modifier_name" ], "issue_confidence": "1", "issue_description": "

Access control plays an important role in segregation of privileges in smart contracts and other applications. If this is misconfigured or not properly validated on sensitive functions, it may lead to loss of funds, tokens and in some cases compromise of the smart contract.

The contract ${contract_name} is importing an access control library ${library_name} but the function ${function_name} is missing the modifier ${modifier_name}.

", "issue_id": "SOLIDITY_INCORRECT_ACCESS_CONTROL", "issue_name": "INCORRECT ACCESS CONTROL", "issue_remediation": "

It is recommended to go through the contract and observe the functions that are lacking an access control modifier. If they contain sensitive administrative actions, it is advised to add a suitable modifier to the same

", "issue_severity": "critical", "issue_status": "true", "static_issue_description": "

Access control plays an important role in the segregation of privileges in smart contracts and other applications. If this is misconfigured or not properly validated on sensitive functions, it may lead to loss of funds, tokens and in some cases compromise of the smart contract.

The contract is importing an access control library but the function is missing the modifier.

" } }, ....... ``` {% endtab %} {% endtabs %} {% file src="" %}