The AI scan endpoint allows users to submit Solidity source code for analysis. By sending a POST request to /v1/ai-scan with the source code and a callback URL in the request body, the system initiates an AI-driven scan of the provided code. Upon completion, the system will send the results of the scan to the specified callback URL. This process facilitates automatic security and optimization checks for Smart Contracts written in Solidity, enabling developers to identify and address potential issues efficiently.
{"success":true,"data":{"findings":[ {"title":"Propose Function Signature and Calldata Length Mismatch", "description":"The `propose` function enforces that the lengths of `_signatures` and `_calldatas` arrays must match. If the length of signatures does not match the calldata, the function reverts to prevent mismatches that could be exploited. If different lengths are intended for proper operation, this could inadvertently break business logic.",
"snippet":"if (_signatures.length != _calldatas.length) revert TG_INVALID_SIGNATURES_LENGTH();","confidence":0.8,"severity":"Medium" }, {"title":"Protection Against Flash Loan Attacks", "description":"The contract uses a fixed `votingDelay` to allow token holders time to prepare for a vote and to protect against flash loan attacks. This is generally considered good practice, but the actual delay should be assessed to ensure it is sufficient based on the project's parameters.",
"snippet":"function votingDelay() public pure override returns (uint256) { return 7200; } // 1 day","confidence":1.0,"severity":"Non-critical" }, {"title":"Excessive Proposal Threshold", "description":"The `proposalThreshold` sets a potentially high threshold for proposal submissions, which could centralize control to large holders and diminish active participation in governance. The appropriateness of this threshold should be evaluated in the context of the project's governance objectives and token distribution.",
"snippet":"function proposalThreshold() public pure override returns (uint256) { return 1_000_000_000 ether / 10_000; }",
"confidence":0.6,"severity":"Low" }, {"title":"Missing Access Control", "description":"A thorough contract audit is needed to ensure adequate access controls are in place for critical functions like `_execute` and `_cancel`. The lack of proper checks may allow unintended actors to execute or cancel proposals. The severity will depend on the full audit findings.",
"snippet":"internal override(GovernorUpgradeable, GovernorTimelockControlUpgradeable)","confidence":0,"severity":"Critical" }, {"title":"Governance Security Based on Timelock", "description":"The security of the governance process relies on the implementation of the timelock controller. If the timelock delay is incorrectly set, it could fail to prevent undesirable governance actions. A detailed inspection of the timelock implementation is needed to ascertain its security.",
"snippet":"Inherited from GovernorTimelockControlUpgradeable","confidence":0,"severity":"High" } ] }}
