🤖AI Analysis API

Create an AI Scan

POST /v1/ai-scan/upload

The AI scan endpoint allows users to submit Solidity source code for analysis. By sending a POST request to /v1/ai-scan/upload with the source code and a callback URL in the request body, the system initiates an AI-driven scan of the provided code. Upon completion, the system will send the results of the scan to the specified callback URL. This process facilitates automatic security and optimization checks for Smart Contracts written in Solidity, enabling developers to identify and address potential issues efficiently.

Headers

Name
Value

Content-Type

application/json

Authorization

Bearer <token>

Body

Include a "params" object with the following key/value pairs:

Name
Type
Description

name

string

User scan label

files

JSON

{"file1.sol": "file content", ... ,"filelast.sol": "file content"}

webhook_url

string

URL to callback after the AI scan completes.

scan_type

string

"solidity" or "cosmos"

Example

file1 = Path('./example.sol').read_text()
file2 = Path('./example2.sol').read_text()
file3 = Path('./example3.sol').read_text()
    
key = "<your auditbase key>"
route = 'v1/scans/ai/upload'
url = host + route
post_data = {
    "params":{
        "name": "scan1",
        "files": {"file1.sol": file1, "file2.sol": file2, "file3.sol": file3},
        "webhook_url": "https://<your call url>/webhook",
        "scan_type": "cosmos"
    },
}

headers = {
    'Content-Type': 'application/json',
    'Authorization': f'Bearer {key}',
}

response = requests.post(url, json=post_data, headers=headers)
print("response: ", response.json())

Response

{
  "success": true,
  "scan_id": "1234-5678-abcd-efgh",
  "callback_url": "https://your-callback-url.com",
}

Webhook Response

{
   "success": true,
   "data": { 
      "summary": {
        "high_issue_count": severities.get('high', 0),
        "medium_issue_count": severities.get('medium', 0), 
        "low_issue_count": severities.get('low', 0), 
         "num_lines": sloc, 
         "score": score
      },
      "findings": [
         {
            "title":"Propose Function Signature and Calldata Length Mismatch",
            "description":"The `propose` function enforces that the lengths of `_signatures` and `_calldatas` arrays must match. If the length of signatures does not match the calldata, the function reverts to prevent mismatches that could be exploited. If different lengths are intended for proper operation, this could inadvertently break business logic.",
            "snippet":"if (_signatures.length != _calldatas.length) revert TG_INVALID_SIGNATURES_LENGTH();",
            "confidence":0.8,
            "severity":"Medium"
         },
         {
            "title":"Protection Against Flash Loan Attacks",
            "description":"The contract uses a fixed `votingDelay` to allow token holders time to prepare for a vote and to protect against flash loan attacks. This is generally considered good practice, but the actual delay should be assessed to ensure it is sufficient based on the project's parameters.",
            "snippet":"function votingDelay() public pure override returns (uint256) { return 7200; } // 1 day",
            "confidence":1.0,
            "severity":"Non-critical"
         }
      ]
   }
}

Last updated