SolidityScan Private API
The documentation details is about the SolidityScan Private APIs.
The Private APIs can be called via two methods
WebSockets API
HTTP API
1. WebSocket API Documentation
Overview
The WebSocket API provided by SolidityScan allows users to initiate and monitor various types of scans, including Project Scans for GitHub, BitBucket, and GitLab projects, Block Scans for different blockchain platforms, and File Scans for individual files.
URL:
api-ws.solidityscan.com
Protocol: wss
Description: This request requires authorization. The bearer token is sent in the
auth_token
request parameter.
Step 1. Auth Token Registration Description: The first step is to register with your auth token to generate an UUID.
{
"action": "message",
"payload": {
"type": "auth_token_register",
"body": {
"auth_token": "{Your_Auth_Token}"
}
}
}
Response
{
"type": "auth_token_register",
"request_uuid": "Your_UUID",
"payload": {
"message": "Auth token registered."
},
"event_timestamp": "2024-04-19 11:37:17.854547"
}
Scan Types
1. Project Scan: Supported Providers: GitHub, BitBucket, GitLab
Sample Message Request:
{
"action": "message",
"payload": {
"type": "private_project_scan_initiate",
"body": {
"provider": "github",
"project_url": "https://github.com/Shashank-In/SmartContract",
"project_name": "SolidityScan",
"project_type": "new",
"project_branch": "main",
"recur_scans": false,
"project_visibility": "public",
"skip_file_paths": []
}
}
}
provider: The provider of the project repository. In this case, it is
github
, indicating that the project is hosted on GitHub. Other supported valuesbitbucket
&gitlab
project_url: The URL of the project repository. It points to the GitHub repository where the SolidityScan project is hosted. Users can navigate to this URL to access the project's source code and other details.
project_name: The name of the project. This can be any name under 50 characters. In this case, it is "SolidityScan", indicating the name of the project hosted on GitHub.
project_type: Specifies the type of project. This is of two types
new
(A new scan)& toexisting
perform a rescan on an existing project.project_branch: This can be any existing branch that needs to be scanned.
recur_scans: A boolean (
true
orfalse
) value indicating whether recursive scans are enabled for the project. In this case, it is set to "false", suggesting that recursive scans are not enabled.project_visibility: Indicates the visibility level of the project repository accepts value
public
orprivate
. For the private repository, the user needs to configure private repository support from the integration page at https://solidityscan.com/integrations.skip_file_paths: An array of file paths or patterns to skip during scanning or processing. It is currently an empty array, indicating that no file paths are skipped during scans.
Sample Response:
{
"type": "scan_status",
"payload": {
"scan_id": "c96d55c76addf7b5",
"scan_status": "scan_done",
"project_id": "2675bc38cf338a95fff27b6ce10416ec",
"scan_details": {
"link": "https://credshields-prod.s3.amazonaws.com/private_scan_details/1cd6dbff65e1521d.json?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAR53KSZKUQRM7COPC%2F20240213%2Fus-east-2%2Fs3%2Faws4_request&X-Amz-Date=20240213T144752Z&X-Amz-Expires=60000&X-Amz-SignedHeaders=host&X-Amz-Signature=3fa904170f79ad4ee0f91f12de28ed2f6b8cc44aef2d37d72039d4cb9f2d9a04"
}
},
"event_timestamp": "2024-02-13 14:47:52.232403"
The scan data can be fetched from the S3 bucket. The JSON of the scan data sample can be found below.
{
"is_latest_scan": false,
"webhook_enabled": false,
"scan_report": {
"file_url_list": null,
"multi_file_scan_details": [
{
"issue_id": "SOLIDITY_INCORRECT_ACCESS_CONTROL",
"template_details": {
"_id": "64142385f39e851afed3ecfb",
"issue_id": "SOLIDITY_INCORRECT_ACCESS_CONTROL",
"issue_name": "INCORRECT ACCESS CONTROL",
"issue_status": "true",
"issue_severity": "critical",
"issue_confidence": "1",
"version": "1",
"multi_file_supported": "true",
"description_keys": [
"contract_name",
"library_name",
"function_name",
"modifier_name"
],
"is_production_disabled": false,
"issue_description": "<p>Access control plays an important role in segregation of privileges in smart contracts and other applications. If this is misconfigured or not properly validated on sensitive functions, it may lead to loss of funds, tokens and in some cases compromise of the smart contract. <br><br>The contract ${contract_name} is importing an access control library ${library_name} but the function ${function_name} is missing the modifier ${modifier_name}.</p>",
"issue_remediation": "<p>It is recommended to go through the contract and observe the functions that are lacking an access control modifier. If they contain sensitive administrative actions, it is advised to add a suitable modifier to the same</p>",
"detection_logic": "not defined yet",
"_created": "Thu, 01 Jan 1970 00:00:00 GMT",
"_updated": "Thu, 01 Jan 1970 00:00:00 GMT",
"_links": {
"self": {
"title": "issues",
"href": "issue_details/SOLIDITY_INCORRECT_ACCESS_CONTROL"
}
}
},
"metric_wise_aggregated_findings": [
{
"bug_hash": "V5wW8p4jOvElY652B003MrADlN0=",
"findings": [
{
"file_path": "/random.sol",
"line_nos_start": [
13
],
"line_nos_end": [
15
]
}
],
"description_details": {
"contract_name": "DamnVulnerableContract",
"library_name": "@openzeppelin/contracts/access/Ownable.sol",
"function_name": "mint",
"modifier_name": "onlyOwner"
},
"scan_id": "c96d55c76addf7b5",
"bug_id": "SSP_4110_21"
},
{
"bug_hash": "CRNyuOFO1sr6e2VJiW9BpDRdmxU=",
"findings": [
{
"file_path": "/random.sol",
"line_nos_start": [
16
],
"line_nos_end": [
19
]
}
],
"description_details": {
"contract_name": "DamnVulnerableContract",
"library_name": "@openzeppelin/contracts/access/Ownable.sol",
"function_name": "deposit",
"modifier_name": "onlyOwner"
},
"scan_id": "c96d55c76addf7b5",
"bug_id": "SSP_4110_22"
},
{
"bug_hash": "fu3U30kpKUWCdpOn-ms1SIZftro=",
"findings": [
{
"file_path": "/random.sol",
"line_nos_start": [
20
],
"line_nos_end": [
29
]
}
],
"description_details": {
"contract_name": "DamnVulnerableContract",
"library_name": "@openzeppelin/contracts/access/Ownable.sol",
"function_name": "withdraw",
"modifier_name": "onlyOwner"
},
"scan_id": "c96d55c76addf7b5",
"bug_id": "SSP_4110_23"
},
{
"bug_hash": "3TEAUNzvknB-n_I63qRsl3HmW9A=",
"findings": [
{
"file_path": "/random.sol",
"line_nos_start": [
30
],
"line_nos_end": [
34
]
}
],
"description_details": {
"contract_name": "DamnVulnerableContract",
"library_name": "@openzeppelin/contracts/access/Ownable.sol",
"function_name": "fetchPrice",
"modifier_name": "onlyOwner"
},
"scan_id": "c96d55c76addf7b5",
"bug_id": "SSP_4110_24"
}
]
},
],
"multi_file_scan_status": "scan_done",
"multi_file_scan_summary": {
"issue_severity_distribution": {
"informational": 4,
"low": 10,
"medium": 1,
"high": 2,
"critical": 4,
"gas": 10
},
"scan_time_taken": 0,
"score_v2": "0.50",
"lines_analyzed_count": 44
},
"project_branch": "main",
"project_id": "2675bc38cf338a95fff27b6ce10416ec",
"project_name": "testsol1",
"project_url": "https://github.com/Shashank-In/SmartContract",
"reporting_status": "not_generated",
"scan_id": "c96d55c76addf7b5",
"scan_init_time": "2024-02-13T14:47:47.812363",
"scan_status": "scan_done",
"scan_type": "project",
"skip_file_paths": [],
"project_skip_files": null,
"details_enabled": null,
"project_sequence_id": 4110
}
}
Verified Contract Scan: Supported Chains: All listed chains
Sample Payload:
{
"action": "message",
"payload": {
"type": "private_block_scan_initiate",
"body": {
"contract_address": "0xd34d68A92f4E37d388bb6A72d801da575503B1C3",
"contract_platform": "etherscan",
"contract_chain": "mainnet"
}
}
}
Sample Response:
{
"type": "scan_status",
"payload": {
"scan_id": "4db440faba1f2097",
"scan_status": "scan_done",
"project_id": "8d9fb842ce0b7b7b236083a313b29469",
"scan_details": {
"link": "https://credshields-prod.s3.amazonaws.com/private_scan_details/e2b646e6d4dce482.json?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAR53KSZKUQRM7COPC%2F20240213%2Fus-east-2%2Fs3%2Faws4_request&X-Amz-Date=20240213T152828Z&X-Amz-Expires=60000&X-Amz-SignedHeaders=host&X-Amz-Signature=d7ca74728a4009e5f900068bbb845a907905699bd8dad06aa9ad4ef9cabaf412"
}
},
"event_timestamp": "2024-02-13 15:28:28.928343"
}
The scan data can be fetched from the S3 bucket. The JSON of the scan data sample can be found below.
{
"is_latest_scan": false,
"webhook_enabled": false,
"scan_report": {
"compilerversion": "v0.8.19+commit.7dd6d404",
"contract_address": "0xd34d68A92f4E37d388bb6A72d801da575503B1C3",
"contract_chain": "mainnet",
"contract_url": "https://etherscan.io/address/0xd34d68A92f4E37d388bb6A72d801da575503B1C3",
"contractname": "JEW",
"currency": "ETH",
"evmversion": "Default",
"licensetype": "None",
"multi_file_scan_details": [
{
"issue_id": "SOLIDITY_PUBLIC_BURN",
"template_details": {
"_id": "641aba40b7e948b3b4af645f",
"issue_id": "SOLIDITY_PUBLIC_BURN",
"issue_name": "PUBLIC BURN",
"issue_status": "true",
"issue_severity": "critical",
"issue_confidence": "2",
"version": "1",
"multi_file_supported": "true",
"description_keys": [],
"is_production_disabled": false,
"issue_description": "<p>The contract was found to be using public or an external <code>burn</code> function. The function was missing access control to prevent another user from burning their tokens. Also, the burn function was found to be using a different address than msg.sender.</p>",
"issue_remediation": "<p>Consider adding access control modifiers to the <code>burn</code> function to prevent another user from burning their tokens. The <code>burn</code> function should use msg.sender in the <code>_from</code> argument.</p>",
"detection_logic": "Check if there\u2019s a function called _burn or burn in the contract.\n\nThe function in which it is called should have external or public visibility.\n\nCheck if _burn or burn first argument is any address except msg.sender or functions msgSender() or_ msgSender().\n\nFlag that function.\n\nRef: https://www.notion.so/credshields/Approver-has-no-ownership-so-do-not-delete-from-msg-sender-1e0fe89241cd4825a23d738b8870050e",
"_updated": "Thu, 20 Apr 2023 08:01:44 GMT",
"_created": "Thu, 01 Jan 1970 00:00:00 GMT",
"_links": {
"self": {
"title": "issues",
"href": "issue_details/SOLIDITY_PUBLIC_BURN"
}
}
},
"metric_wise_aggregated_findings": [
{
"bug_hash": "VDHHqbNdOO927Y27yftb0n2Mm2k=",
"findings": [
{
"file_path": "ERC20Burnable.sol",
"line_nos_start": [
35
],
"line_nos_end": [
38
]
}
],
"description_details": {
"function_name": ""
},
"scan_id": "4db440faba1f2097",
"bug_id": "SSB_162603_263"
}
]
},
],
"multi_file_scan_status": "scan_done",
"multi_file_scan_summary": {
"issue_severity_distribution": {
"informational": 78,
"low": 86,
"medium": 4,
"high": 5,
"critical": 1,
"gas": 96
},
"comments": {},
"count_files_analyzed": 25,
"lines_analyzed_count": 2570,
"issues_count": 270,
"score": "4.25",
"score_v2": "85.10",
"false_positive": [],
"wont_fix": [],
"fixed": [],
"latest_bug_count": 271,
"scans_ran": [
"static_template_based"
],
"scan_time_taken": 5,
"threat_score": "70.00"
},
"node_reference_id": null,
"project_id": "8d9fb842ce0b7b7b236083a313b29469",
"reporting_status": "not_generated",
"scan_id": "4db440faba1f2097",
"scan_init_time": "2024-02-13T15:28:21.248531",
"scan_status": "scan_done",
"scan_type": "block",
"details_enabled": null
}
}
File Upload Scans:
Step 1 - Fetching a pre-signed URL
file_name
- Supported file name extensions .sol
& .zip
It is required to supply a file name to generate a pre-signed S3 URL from our end. Note this is just a file name and not an actual file upload call.
GET /private/api-get-presigned-url/?file_name=Your_File.zip HTTP/1.1
Host: api.solidityscan.com
Authorization: Bearer {Your token}
{
"status": "success",
"result": {
"url": "S3_signed_URL"
}
}
The value of url
in response is the signed URL where the sol
or zip
files need to be uploaded.
Step 2 - Scan initiation Request
{
"action": "message",
"payload": {
"type": "private_project_scan_initiate",
"body": {
"file_urls": [
"S3_signed_URL"
],
"project_name": "TestRemix",
"project_type": "new"
}
}
}
Response:
{
"type": "scan_status",
"request_uuid": "e58492f72f9b7d27a5c75478a2e529eb",
"payload": {
"scan_id": "31118a10c7fe1309",
"scan_status": "scan_done",
"project_id": "4c3d528a944e7b56f696c87447609a7d",
"scan_details": {
"link": "JSON_Response_Link"
}
},
"event_timestamp": "2024-04-19 11:38:05.735806"
}
The value of the link
is the s3 link of the JSON response of the scan result data.
Sample Response:
{
"is_latest_scan": false,
"webhook_enabled": false,
"scan_report":
{
"file_url_list":
[
"https://credshields-prod.s3.amazonaws.com/temp_backend/85d1c7c2-5699-492d-bee6-2107fc2f7679/1713526282019_test_remix.zip"
],
"multi_file_scan_details":
[
{
"issue_id": "SOLIDITY_ERC721_SAFEMINT_REENTRANCY",
"no_of_findings": 6,
"template_details":
{
"issue_confidence": "2",
"issue_id": "SOLIDITY_ERC721_SAFEMINT_REENTRANCY",
"issue_name": "ERC721 SAFEMINT REENTRANCY",
"issue_severity": "critical"
}
},
{
"issue_id": "SOLIDITY_REENTRANCY",
"no_of_findings": 3,
"template_details":
{
"issue_confidence": "2",
"issue_id": "SOLIDITY_REENTRANCY",
"issue_name": "REENTRANCY",
"issue_severity": "high",
"type": "ast_parsed"
}
},
{
"issue_id": "SOLIDITY_DIRECT_SUPPORTSINTERFACE_CALLS_MAY_CAUSE_CALLER_TO_REVERT",
"no_of_findings": 6,
"template_details":
{
"issue_confidence": "2",
"issue_id": "SOLIDITY_DIRECT_SUPPORTSINTERFACE_CALLS_MAY_CAUSE_CALLER_TO_REVERT",
"issue_name": "SUPPORTSINTERFACE() CALLS MAY REVERT",
"issue_severity": "medium"
}
},
{
"issue_id": "SOLIDITY_USE_OF_MINT",
"no_of_findings": 3,
"template_details":
{
"issue_confidence": "2",
"issue_id": "SOLIDITY_USE_OF_MINT",
"issue_name": "USE OF _MINT()",
"issue_severity": "low"
}
},
{
"issue_id": "SOLIDITY_RETURN_INSIDE_LOOP",
"no_of_findings": 3,
"template_details":
{
"issue_confidence": "2",
"issue_id": "SOLIDITY_RETURN_INSIDE_LOOP",
"issue_name": "RETURN INSIDE LOOP",
"issue_severity": "informational"
}
},
{
"issue_id": "SOLIDITY_SAFEMATH",
"metric_wise_aggregated_findings":
[
{
"bug_hash": "z39xRGfx3Y8NU-DUd_-ZCs9h93w=",
"bug_id": "SSP_4943_1",
"bug_status": "pending_fix",
"comment": "",
"description_details":
{},
"findings":
[
{
"file_path": "/test_remix/test6 - Copy (3).sol",
"line_nos_end":
[
1237
],
"line_nos_start":
[
1237
]
}
],
"scan_id": "31118a10c7fe1304"
},
{
"bug_hash": "kNApsEQDz4GGweAQ-tGSnXTrqT4=",
"bug_id": "SSP_4943_2",
"bug_status": "pending_fix",
"comment": "",
"description_details":
{},
"findings":
[
{
"file_path": "/test_remix/test6 - Copy (2).sol",
"line_nos_end":
[
1237
],
"line_nos_start":
[
1237
]
}
],
"scan_id": "31118a10c7fe1304"
},
{
"bug_hash": "10EPJU2J4ps2r6i10viK20s1KTA=",
"bug_id": "SSP_4943_3",
"bug_status": "pending_fix",
"comment": "",
"description_details":
{},
"findings":
[
{
"file_path": "/test_remix/test6 - Copy (4).sol",
"line_nos_end":
[
1237
],
"line_nos_start":
[
1237
]
}
],
"scan_id": "31118a10c7fe1304"
}
],
"no_of_findings": 3,
"template_details":
{
"description_keys":
[],
"issue_confidence": "2",
"issue_description": "<p><code>SafeMath</code> library is found to be used in the contract. This increases gas consumption than traditional methods and validations if done manually.</p><p>Also, Solidity <code>0.8.0</code> includes checked arithmetic operations by default, and this renders <code>SafeMath</code> unnecessary.</p>",
"issue_id": "SOLIDITY_SAFEMATH",
"issue_name": "USE OF SAFEMATH LIBRARY",
"issue_remediation": "<p>We do not recommend using <code>SafeMath</code> library for all arithmetic operations. It is good practice to use explicit checks where it is really needed and to avoid extra checks where overflow/underflow is impossible.</p><p>The compiler should be upgraded to Solidity version <code>0.8.0+</code> which automatically checks for overflows and underflows.</p>",
"issue_severity": "gas"
}
}
],
"multi_file_scan_status": "scan_done",
"multi_file_scan_summary":
{
"issue_severity_distribution":
{
"critical": 26,
"gas": 157,
"high": 3,
"informational": 69,
"low": 99,
"medium": 12
},
"scan_time_taken": 6,
"score_v2": "84.82",
"lines_analyzed_count": 3966
},
"project_branch": null,
"project_id": "4c3d528a944e7b56f696c87447609a7d",
"project_name": "TestRemix",
"project_url": "File Scan",
"reporting_status": "not_generated",
"scan_id": "31118a10c7fe1304",
"scan_init_time": "2024-04-19T11:37:57.031916",
"scan_status": "scan_done",
"scan_status_err_msg": null,
"scan_type": "project",
"skip_file_paths":
[],
"project_skip_files":
[],
"details_enabled": false,
"project_sequence_id": 4943
}
}
Scan Lifespan and Events
Scan Initiation Acknowledgment:
Type:
private_project_scan_acknowledge
Sample:
{ "type": "private_project_scan_acknowledge", "payload": { "scan_id": "", "message": "", "project_name": "testsol1", "project_url": "https://github.com/mano-credshields/testsol1", "project_id": null }, "event_timestamp": "2024-02-13 13:30:45.750213" }
Account Credits Update:
Type:
account_credits_update
Sample:
{ "type": "account_credits_update", "payload": { "updated_credits": 78 }, "event_timestamp": "2024-02-13 13:30:46.114996" }
Scan Status Events:
Types:
scan_initiate
,scan_status
Sample:
{ "type": "scan_initiate", "payload": { "scan_details": { ... } }, "event_timestamp": "2024-02-13 13:30:46.238227" }
Post Scan Completion Details:
Type:
scan_status
withscan_status
asscan_done
Sample:
{ "type": "scan_status", "payload": { "scan_id": "3c360eb6e7d70c5c", "scan_status": "scan_done", "project_id": "851506d2648ff2a405b8de364f00ca82", "scan_details": { "link": "https://credshields-prod.s3.amazonaws.com/private_scan_details/b3249e92472d1352.json?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=...&X-Amz-Date=...&X-Amz-Expires=...&X-Amz-SignedHeaders=...&X-Amz-Signature=..." } }, "event_timestamp": "2024-02-13 13:30:56.323289" }
2. HTTP API Documentation
Project Scan
Start a project scan
POST
https://api.solidityscan.com/private/api-project-scan/
Headers
Request Body
{
"scan_report": {
"client_id": 326,
"file_url_list": null,
"multi_file_scan_details": [
{
"issue_id": "SOLIDITY_PUBLIC_BURN",
"metric_wise_aggregated_findings": [
{
"bug_hash": "865MXqQZ2gXMX6bMC6Dak67NXD8=",
"bug_id": "SSP_2115_8",
"bug_status": "pending_fix",
"comment": "",
"description_details": {
"function_name": ""
},
"findings": [
{
"file_path": "/contracts/bep20/BEP20TokenImplementation.sol",
"line_nos_end": [
241
],
"line_nos_start": [
238
]
}
],
"scan_id": "c209c67e4fc786aa"
}
],
"no_of_findings": 36,
"template_details": {
"_created": "Thu, 01 Jan 1970 00:00:00 GMT",
"_id": "64142385f39e851afed3ecc8",
"_links": {
"self": {
"href": "issue_details/SOLIDITY_LONG_REQUIRE_REVERT_STRINGS",
"title": "issues"
}
},
"_updated": "Thu, 01 Jan 1970 00:00:00 GMT",
"description_keys": [],
"detection_logic": "not defined yet",
"is_production_disabled": false,
"issue_confidence": "2",
"issue_description": "<p>The <code>require()</code> and <code>revert()</code> functions take an input string to show errors if the validation fails.</br>This strings inside these functions that are longer than <code>32 bytes</code> require at least one additional <code>MSTORE</code>, along with additional overhead for computing memory offset, and other parameters.</p>",
"issue_id": "SOLIDITY_LONG_REQUIRE_REVERT_STRINGS",
"issue_name": "LONG REQUIRE/REVERT STRINGS",
"issue_remediation": "<p>It is recommended to short the strings passed inside <code>require()</code> and <code>revert()</code> to fit under <code>32 bytes</code>. This will decrease the gas usage at the time of deployment and at runtime when the validation condition is met.</p>",
"issue_severity": "gas",
"issue_status": "true",
"multi_file_supported": "true",
"version": "1"
}
}
],
"multi_file_scan_status": "scan_done",
"multi_file_scan_summary": {
"count_files_analyzed": 15,
"issue_severity_distribution": {
"critical": 21,
"gas": 120,
"high": 20,
"informational": 18,
"low": 58,
"medium": 10
},
"issues_count": 247,
"lines_analyzed_count": 3183,
"scan_time_taken": 16,
"scans_ran": [
"static_template_based"
],
"score": "4.26",
"score_v2": "85.27"
},
"project_branch": "master",
"project_id": "bf4b2e27a7eca4a04c2e5b2f768e4054",
"project_name": "mano-credshields-eth-bsc-swap-contracts",
"project_sequence_id": 2115,
"project_url": "https://github.com/mano-credshields/eth-bsc-swap-contracts",
"quick_file_scan_details": "c209c67e4fc786aa",
"reporting_status": "not_generated",
"scan_id": "c209c67e4fc786aa",
"scan_init_time": "2023-06-12T10:18:51.367790",
"scan_status": "scan_done",
"scan_type": "project",
"skip_file_paths": []
}
}
Project Scan CURL Example
curl --location 'https://api.solidityscan.com/private/api-project-scan/' \
--header 'accept: application/json, text/plain, */*' \
--header 'accept-language: en-GB,en-US;q=0.9,en;q=0.8' \
--header 'sec-ch-ua-mobile: ?0' \
--header 'sec-fetch-dest: empty' \
--header 'sec-fetch-mode: cors' \
--header 'sec-fetch-site: same-origin' \
--header 'sec-gpc: 1' \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '{
"provider": "github"
"project_name": "SolidityScan",
"project_url": "https://github.com/Shashank-In/SmartContract",
"project_branch": "master",
"project_skip_files":[]
}'
Verified Contract Scans
Start a block scan
POST
https://api.solidityscan.com/private/api-start-scan-block/
Headers
Request Body
{
"scan_report": {
"client_id": 326,
"compilerversion": "v0.8.11+commit.d7f03943",
"contract_address": "0x814d65082Bbfbf45130741018772143b690609CE",
"contract_chain": "mainnet",
"contract_platform": "bscscan",
"contract_url": "https://bscscan.com/address/0x814d65082Bbfbf45130741018772143b690609CE",
"contractname": "TestCA",
"currency": "BNB",
"evmversion": "Default",
"licensetype": "None",
"multi_file_scan_details": [
{
"issue_id": "SOLIDITY_INCORRECT_ACCESS_CONTROL",
"metric_wise_aggregated_findings": [
{
"bug_hash": "wgs1VNce9tUpqOF1jt-bwauTY14=",
"bug_id": "SSB_3940_74",
"bug_status": "pending_fix",
"comment": "",
"description_details": {
"contract_name": "DividendPayingToken",
"function_name": "rescueTokens",
"library_name": "@openzeppelin/contracts/access/Ownable.sol",
"modifier_name": "onlyOwner"
},
"findings": [
{
"file_path": "contract.sol",
"line_nos_end": [
430
],
"line_nos_start": [
427
]
}
],
"scan_id": "7c96cf7b20b42c92"
},
{
"bug_hash": "YpFgK9IcmIEX723u-T3R7MgtPZs=",
"bug_id": "SSB_3940_75",
"bug_status": "pending_fix",
"comment": "",
"description_details": {
"contract_name": "TestCA",
"function_name": "rescueTokens",
"library_name": "@openzeppelin/contracts/access/Ownable.sol",
"modifier_name": "onlyOwner"
},
"findings": [
{
"file_path": "contract.sol",
"line_nos_end": [
605
],
"line_nos_start": [
600
]
}
],
"scan_id": "7c96cf7b20b42c92"
},
{
"bug_hash": "XiHaPHM4bJptrgKBwt5LpePsjws=",
"bug_id": "SSB_3940_76",
"bug_status": "pending_fix",
"comment": "",
"description_details": {
"contract_name": "TestCA",
"function_name": "processDividendTracker",
"library_name": "@openzeppelin/contracts/access/Ownable.sol",
"modifier_name": "onlyOwner"
},
"findings": [
{
"file_path": "contract.sol",
"line_nos_end": [
690
],
"line_nos_start": [
687
]
}
],
"scan_id": "7c96cf7b20b42c92"
},
{
"bug_hash": "abpAYui5sZSDJjtZ1iUoH4dDtoU=",
"bug_id": "SSB_3940_77",
"bug_status": "pending_fix",
"comment": "",
"description_details": {
"contract_name": "TestCA",
"function_name": "claim",
"library_name": "@openzeppelin/contracts/access/Ownable.sol",
"modifier_name": "onlyOwner"
},
"findings": [
{
"file_path": "contract.sol",
"line_nos_end": [
694
],
"line_nos_start": [
692
]
}
],
"scan_id": "7c96cf7b20b42c92"
},
{
"bug_hash": "6mNWpIIeI-jESDh_QxqdkbJ_djo=",
"bug_id": "SSB_3940_78",
"bug_status": "pending_fix",
"comment": "",
"description_details": {
"contract_name": "TESTDividendTracker",
"function_name": "process",
"library_name": "@openzeppelin/contracts/access/Ownable.sol",
"modifier_name": "onlyOwner"
},
"findings": [
{
"file_path": "contract.sol",
"line_nos_end": [
1020
],
"line_nos_start": [
975
]
}
],
"scan_id": "7c96cf7b20b42c92"
}
],
"no_of_findings": 5,
"template_details": {
"_created": "Thu, 01 Jan 1970 00:00:00 GMT",
"_id": "64142385f39e851afed3ecfb",
"_links": {
"self": {
"href": "issue_details/SOLIDITY_INCORRECT_ACCESS_CONTROL",
"title": "issues"
}
},
"_updated": "Thu, 01 Jan 1970 00:00:00 GMT",
"description_keys": [
"contract_name",
"library_name",
"function_name",
"modifier_name"
],
"detection_logic": "not defined yet",
"is_production_disabled": false,
"issue_confidence": "1",
"issue_description": "<p>Access control plays an important role in segregation of privileges in smart contracts and other applications. If this is misconfigured or not properly validated on sensitive functions, it may lead to loss of funds, tokens and in some cases compromise of the smart contract. <br><br>The contract ${contract_name} is importing an access control library ${library_name} but the function ${function_name} is missing the modifier ${modifier_name}.</p>",
"issue_id": "SOLIDITY_INCORRECT_ACCESS_CONTROL",
"issue_name": "INCORRECT ACCESS CONTROL",
"issue_remediation": "<p>It is recommended to go through the contract and observe the functions that are lacking an access control modifier. If they contain sensitive administrative actions, it is advised to add a suitable modifier to the same</p>",
"issue_severity": "critical",
"issue_status": "true",
"multi_file_supported": "true",
"version": "1"
}
}
],
"multi_file_scan_status": "scan_done",
"multi_file_scan_summary": {
"count_files_analyzed": 1,
"issue_severity_distribution": {
"critical": 5,
"gas": 91,
"high": 7,
"informational": 24,
"low": 22,
"medium": 1
},
"issues_count": 150,
"lines_analyzed_count": 1033,
"scan_time_taken": 9,
"scans_ran": [
"static_template_based"
],
"score": "3.96",
"score_v2": "79.19",
"threat_score": "76.19"
},
"node_reference_id": null,
"project_id": "a3b0fbb769c94f1733e2beeaee692dd6",
"project_sequence_id": 3940,
"quick_file_scan_details": "7c96cf7b20b42c92",
"reporting_status": "not_generated",
"scan_id": "7c96cf7b20b42c92",
"scan_init_time": "2023-06-12T10:27:28.468226",
"scan_status": "scan_done",
"scan_type": "block",
"value": "8.761483474979001e-06"
}
}
Block Scan CURL Example
curl --location 'https://api.solidityscan.com/private/api-start-scan-block/' \
--header 'accept: application/json, text/plain, */*' \
--header 'accept-language: en-GB,en-US;q=0.9,en;q=0.8' \
--header 'sec-ch-ua-mobile: ?0' \
--header 'sec-fetch-dest: empty' \
--header 'sec-fetch-mode: cors' \
--header 'sec-fetch-site: same-origin' \
--header 'sec-gpc: 1' \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '{
"contract_address": "0x814d65082Bbfbf45130741018772143b690609CE",
"contract_platform": "bscscan",
"contract_chain": "mainnet"
}'
Generate Report
Generate Report
POST
https://api.solidityscan.com/private/api-generate-report/
Headers
Request Body
{
"scan_id": "abcdefgh",
"status": "started"
}
Generate Report CURL Example
curl --location 'https://api.solidityscan.com/private/api-generate-report/' \
--header 'accept: application/json, text/plain, */*' \
--header 'accept-language: en-GB,en-US;q=0.9,en;q=0.8' \
--header 'sec-ch-ua-mobile: ?0' \
--header 'sec-fetch-dest: empty' \
--header 'sec-fetch-mode: cors' \
--header 'sec-fetch-site: same-origin' \
--header 'sec-gpc: 1' \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '{
"project_id": "abcdefgh12345",
"scan_id": "abcdef123"
}'
This documentation provides a comprehensive guide for utilizing the WebSocket API, including connection details, supported scan types, and sample payloads.
Last updated