AegisScan — Lightweight Static Pattern Scanner for Solidity

AegisScan is a compact, purpose-built helper for smart contract auditors: a quick pre-scan that highlights suspicious patterns and helps prioritize manual review.

Important: AegisScan is a heuristic scanner — it does not replace Slither, Mythril, or manual audit. Use as a first-pass tool.

Why AegisScan?

• Fast, zero-dependency script (pure Python, standard library).
• Finds common anti-patterns auditors care about: tx.origin, low-level calls, delegatecall, external call before state update, selfdestruct, etc.
• Produces JSON and Markdown reports you can attach to your audit.
• Easy to integrate into GitHub Actions for automatic pre-scans.

Quickstart

# clone repo
git clone https://github.com/Alikhan-Shanbay/AegisScan.git
cd AegisScan

# scan a single file
python aegisscan.py example_contracts/Vault.sol --md findings.md --json findings.json

# scan a directory
python aegisscan.py example_contracts/ --md report.md

How auditors use it

1. Run AegisScan on a target repo to quickly find suspicious lines.
2. Triage findings: convert high/medium items into manual review tickets.
3. Use findings as anchors in your audit report (include SWC reference suggestions).
4. Re-run as code changes during patch verification.

Files

• aegisscan.py — main scanner
• rules.md — explanation of rules
• example_contracts/ — small demo contracts
• tests/ — basic smoke test for CI
• .github/workflows/ci.yml — CI that runs scanner and tests

Contributing & License

Contributions welcome: add rules, map to SWC IDs, or improve heuristics.
MIT License.