ChainSage is an advanced AI-based security analyzer that detects, explains, and visualizes vulnerabilities in Ethereum-based Solidity smart contracts. Powered by a fusion of deep learning (CodeBERT, Mistral), anomaly detection (Isolation Forest), and rule-based logic, ChainSage offers a seamless DevSecOps solution through its powerful FastAPI backend and modern Streamlit UI.
ChainSage is an advanced AI-driven auditing tool designed to analyze and secure Ethereum smart contracts written in Solidity. It seamlessly integrates Machine Learning, Rule-Based Engines, and Visual Analysis to identify, explain, and visualize security vulnerabilities with high accuracy and contextual relevance.
This tool is ideal for:
- 🔗 Blockchain developers
- 🔍 Web3 auditors
- 🔬 Security researchers
- 📚 Smart contract learners
-
🤖 AI-Powered Detection Engine
- Uses CodeBERT (fine-tuned on Solidity contracts) and Mistral for advanced contextual analysis
- Identifies logical vulnerabilities like
Reentrancy,tx.origin misuse, and more
-
🔍 Hybrid Rule-Based Enhancements
- Custom detection for
.call(),unchecked-send, and unprotected ownership transfer - Works alongside the ML models to increase reliability and precision
- Custom detection for
-
📊 Dynamic Risk Diagrams with Graphviz
- Converts control flow into visual threat maps
- Clearly highlights critical paths and exploitable entry points
-
🧠 Streamlit-Powered Dashboard
- Upload Solidity
.solcontracts for instant analysis - Displays AI-generated HTML reports and SVG graphs
- Upload Solidity
-
🔐 Secure Coding Recommendations
- Suggestions inspired by OpenZeppelin, ConsenSys, and Slither audits
- Actionable prevention tips integrated into every finding
-
⚙️ FastAPI & CLI Integration
- RESTful API for remote ML inference and contract analysis
- Run directly via command-line or hook into CI/CD pipelines
-
🧪 Included Vulnerable Contracts
- Sample
.solcontracts with known issues for testing and demoing - Great for education, debugging, and benchmarking
- Sample
| Model | Role |
|---|---|
| 🧠 CodeBERT | Transformer model fine-tuned to classify Solidity snippets |
| 🔎 Mistral-7B | Explains detected issues in natural language (via prompting) |
| 🌲 Isolation Forest | Detects outliers in contract structure/statistics |
| Uses RegEx and patterns to detect risky Solidity behaviors |
graph TD
A[User Uploads .sol File] --> B[Streamlit UI]
B --> C[FastAPI Backend]
C --> D[CodeBERT Classifier]
C --> E[Mistral Explainer]
C --> F[Rule-Based Analyzer]
C --> G[Graphviz SVG Generator]
G --> H[Visual Report]
E --> H
D --> H
F --> H
H --> I[HTML Vulnerability Report + Diagram]
Components:
- 🖥 Frontend: Streamlit + Lottie + Custom HTML/CSS
- ⚙️ Backend: FastAPI + PyTorch + Transformers + Graphviz
- 📦 ML Models: CodeBERT, Mistral (via API), Isolation Forest
ChainSage/
├── api/
│ └── routes/
│ └── vulnerability.py
├── ai_models/
│ └── vulnerability_detector.py
├── models/
│ └── codebert_classifier/
│ └── isolation_forest.pkl
│ └── ppo_wallet.zip
├── smart_contracts/
│ └── sample_contracts/
│ └── vulnerable_contract.sol
├── frontend/
│ └── streamlit_app/
│ └── app.py
├── test_contract.sol
├── mistral_vulnerability_checker.py
├── generate_dataset.py
├── evaluate_model.py
├── train_codebert_classifier.py
├── cli_infer.py
├── .env
├── requirements.txt
└── README.md
git clone https://github.com/Vaibhav06Jha28/ChainSage.git
cd ChainSage
python -m venv venv
venv\Scripts\activate
pip install -r requirements.txt
cd api && uvicorn main:app --reload
cd ../frontend/streamlit_app && streamlit run app.py- Type: Reentrancy Attack
- Detected By: CodeBERT + Rule Engine
- Severity: 🔴 High
- Explanation: External call before state update
- Fix: Apply Checks-Effects-Interactions pattern or use
ReentrancyGuard
Vaibhav Jha
🔗 LinkedIn
🧑💻 GitHub
MIT License © 2025 Vaibhav Jha