If this project helps your work, support ongoing maintenance and new features.
ETH Donation Wallet
0x11282eE5726B3370c8B480e321b3B2aA13686582
Scan the QR code or copy the wallet address above.
π High-performance tool for detecting security vulnerabilities and patterns in Ethereum smart contracts.
How it works: Define patterns in YAML templates β SCPF scans smart contracts β Finds matching patterns β Reports vulnerabilities
Tags: rust smart-contracts security scanner ethereum blockchain vulnerability-detection pattern-matching defi web3 solidity static-analysis open-source mit
- Smart Contract Pattern Finder (SCPF)
- π Ethereum Support - Mainnet contract scanning via Etherscan API
- π Local Project Scanning - Scan .sol files in your workspace
- π Git Diff Scanning - Only scan changed files in PRs
- π€ CI/CD Integration - GitHub Actions, GitLab CI, Bitbucket Pipelines
- π YAML Templates - Easy-to-write pattern definitions
- β ERC Compliance - Detect ERC-20/721/1155 implementations
- π Size-Weighted Risk Scoring - Normalized per 100KB to eliminate size bias
- π§ Context-Aware Filtering - Reduce obvious false positives with semantic and contextual filters
- β‘ Chunked Scanning - Handle larger sources without exhausting memory
- πΎ Smart Caching - Avoid redundant API calls
- π Cascade API Key System - Up to 6 keys with automatic rolling fallback
- π― Modular Architecture - CLI, core engine, server, and web UI components
- π Security Focused - Built for vulnerability triage, reporting, and SARIF-based code scanning
- π High Performance - Built with Rust for speed
- π§ Extensible - Easy to add custom patterns
- π Optional Web UI -
scpf-serverandfrontend/provide a dashboard-driven workflow
- Automated Vulnerability Detection - Scan contracts for common vulnerabilities (reentrancy, delegatecall, unchecked calls)
- Pre-deployment Checks - Validate contracts before mainnet deployment
- Continuous Monitoring - Watch for newly deployed vulnerable contracts
- Pattern Analysis - Identify common patterns in DeFi protocols
- Protocol Comparison - Compare security implementations across projects
- Risk Assessment - Evaluate smart contract risk profiles
- Automated Reconnaissance - Quickly scan multiple contracts for vulnerabilities
- Pattern Discovery - Find recurring vulnerability patterns
- Batch Analysis - Scan entire protocols at once
- Pre-commit Hooks - Validate contracts before commits
- CI/CD Integration - Automated security checks in pipelines
- Code Review - Assist manual code reviews with automated findings
- Learning Tool - Understand common smart contract vulnerabilities
- Template Library - Study real-world vulnerability patterns
- Security Training - Train developers on secure coding practices
- Create Templates - Define vulnerability patterns in YAML files
- Load Templates - SCPF reads your pattern definitions
- Fetch Contracts - Retrieves smart contract source code from blockchain explorers
- Scan & Match - Applies regex patterns to find vulnerabilities
- Report Results - Displays findings with severity levels and context
git clone https://github.com/Teycir/smartcontractpatternfinder.git
cd smartcontractpatternfinder
cargo build --releasescpf init# Scan blockchain contract
scpf scan 0x1234567890abcdef --chains ethereum
# Scan local project (auto-detects .sol files)
scpf scan
# Scan only changed files (for PRs)
scpf scan --diff main..HEAD
# Scan with custom templates
scpf scan --templates ./my-templates
# Scan multiple contracts
scpf scan 0xabc... 0xdef... 0x123... --chains ethereum
# Export to JSON/SARIF
scpf scan --output json > results.json
scpf scan --output sarif > results.sarif
# Restrict results to critical findings
scpf scan --min-severity criticalTemplates define patterns to search for in smart contracts. SCPF loads these templates and matches them against contract source code.
id: reentrancy-basic
name: Basic Reentrancy Pattern
description: Detects potential reentrancy vulnerabilities
severity: high
tags:
- security
- reentrancy
patterns:
- id: external-call-with-value
pattern: '\.call\{value:'
message: External call with value transfer detected
- id: delegatecall-usage
pattern: '\.delegatecall\('
message: Delegatecall usage detectedWhat happens:
- SCPF loads this template from
templates/reentrancy.yaml - Fetches contract source code from blockchain explorer
- Searches for
.call{value:and.delegatecall(patterns - Reports any matches with line numbers and context
smartcontractpatternfinder/
βββ crates/
β βββ scpf-types/ # Core types and data structures
β βββ scpf-core/ # Scanning, semantic analysis, caching
β βββ scpf-cli/ # Command-line interface
β βββ scpf-server/ # Web server and scan orchestration
βββ frontend/ # Optional web dashboard
βββ templates/ # Pattern detection templates
βββ benchmarks/ # Accuracy and SARIF benchmark tooling
βββ scripts/ # Utility scripts (.sh, .py)
βββ docs/ # Project documentation
βββ sol/ # Solidity test files
βββ action.yml # GitHub Marketplace action definition
- scpf-types: Core data structures (Template, Pattern, Match, ScanResult)
- scpf-core: Business logic (Scanner, TemplateLoader, ContractFetcher, Cache, AST and semantic validation)
- scpf-cli: User interface (CLI commands, output formatting)
- scpf-server: HTTP server for orchestrating scans and streaming progress
- frontend: Browser UI for starting scans and reviewing results
Scan smart contracts for patterns.
scpf scan [OPTIONS] [ADDRESSES]...
Options:
-n, --chains <CHAINS> Comma-separated chain list
-t, --templates <TEMPLATES> Templates directory
-o, --output <OUTPUT> Output format [default: console]
--concurrency <CONCURRENCY> Concurrent requests [default: 2]
--pages <PAGES> Number of explorer pages to fetch [default: 5]
--diff <DIFF> Only scan changed files (e.g., main..HEAD)
--min-severity <LEVEL> Minimum severity to report [default: high]
--only-templates <IDS> Restrict scan to specific template IDs
--exclude-templates <IDS> Exclude specific template IDs
--contract-type <TYPE> Filter by contract type (erc20, erc721, erc1155, proxy, defi)
--fast Skip semantic analysis for speed
--fetch-zero-day <DAYS> Pull recent exploit patterns before scanning
--extract-sources <N> Save the top N riskiest sources into the report directory
-v, --verbose... Increase verbosity (-v, -vv, -vvv)
-h, --help Print helpExamples:
# Scan local project
scpf scan
# Scan blockchain contract
scpf scan 0x1234567890abcdef --chains ethereum
# Scan only changed files
scpf scan --diff main..HEAD
# Scan with custom templates
scpf scan --templates ./custom-templates
# Scan with more pages
scpf scan --chains ethereum --pages 10
# Restrict findings to selected templates
scpf scan --only-templates reentrancy,delegatecall-user-input
# Export to SARIF for CI/CD
scpf scan --output sarif > results.sarifscpf auditruns the broader audit workflow using the same scan argumentsscpf templateslists, shows, installs, updates, and browses template collectionsscpf fetch-zero-dayimports recent exploit intelligence into templatesscpf pattern-builderlaunches the interactive pattern helper
Initialize a new SCPF project.
scpf init [PATH]
Options:
-y, --yes Skip interactive prompts
-h, --help Print helpExamples:
# Initialize in current directory
scpf init
# Initialize in specific directory
scpf init ./my-project
# Skip prompts
scpf init --yes| Chain | Network | API Provider | Status |
|---|---|---|---|
| Ethereum | Mainnet | Etherscan API | β Active |
| BSC | BNB Smart Chain | BscScan API | π§ Planned |
| Polygon | Polygon PoS | PolygonScan API | π§ Planned |
| Arbitrum | Arbitrum One | Arbiscan API | π§ Planned |
| Optimism | OP Mainnet | Optimistic Etherscan API | π§ Planned |
| Base | Base Mainnet | BaseScan API | π§ Planned |
| Avalanche | Avalanche C-Chain | SnowTrace API | π§ Planned |
| Fantom | Fantom Opera | FtmScan API | π§ Planned |
| Linea | Linea Mainnet | LineaScan API | π§ Planned |
| Scroll | Scroll Mainnet | ScrollScan API | π§ Planned |
Note: Currently only Ethereum mainnet is fully supported. Multi-chain support is planned for future releases. See Chain Support Status for implementation details.
SCPF uses Etherscan API for fetching contract source code. Configure API keys via environment variables:
# Single key (required)
export ETHERSCAN_API_KEY="your-key"
# Optional: Add up to 6 keys for automatic cascade fallback
export ETHERSCAN_API_KEY_2="your-key-2"
export ETHERSCAN_API_KEY_3="your-key-3"
export ETHERSCAN_API_KEY_4="your-key-4"
export ETHERSCAN_API_KEY_5="your-key-5"
export ETHERSCAN_API_KEY_6="your-key-6"For the packaged desktop app on Linux, you can also create:
~/.local/share/com.teycir.scpf.desktop/.envwith:
ETHERSCAN_API_KEY=your-keyIf explorer keys are missing, recent-contract discovery will fail and the desktop app will fall back to generating only the 0-day summary.
SCPF implements a rolling cascade fallback system for API keys:
- Primary Key - Tries
ETHERSCAN_API_KEYfirst - Automatic Rotation - If rate limited or failed, automatically tries next key
- Up to 6 Keys - Supports
ETHERSCAN_API_KEYthroughETHERSCAN_API_KEY_6 - Smart Retry - 50ms delay between key attempts
- Rate Limiting - Built-in semaphore (5 concurrent requests)
Benefits:
- β Avoid rate limit errors (Etherscan free tier: 5 calls/sec)
- β Increased throughput with multiple keys
- β Automatic failover if one key fails
- β Zero configuration - just add more keys
- Etherscan: https://etherscan.io/apis (free tier: 5 calls/sec)
Tip: Create multiple free Etherscan accounts to get 6 API keys for maximum throughput (30 calls/sec).
- console - Human-readable terminal output (default)
- json - Machine-readable JSON
- sarif - SARIF format for CI/CD integration
Add to .github/workflows/security.yml:
name: Security Scan
on: [push, pull_request]
jobs:
scpf:
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
steps:
- uses: actions/checkout@v4
- uses: teycir/smartcontractpatternfinder@v1
with:
severity: high
output-format: sarif
fail-on-findings: trueFeatures:
- β Zero configuration
- β SARIF integration (results in Security tab)
- β Cached installation
- β
Customizable severity threshold via
--min-severity
π Full GitHub Action Documentation
scpf-scan:
image: rust:latest
script:
- cargo install scpf-cli
- scpf scan --output sarif > results.sarif
artifacts:
reports:
sast: results.sarifπ Full GitLab/Bitbucket Documentation
#!/bin/bash
# .git/hooks/pre-commit
scpf scan --diff HEAD || exit 1# Run tests
cargo test --all
# Check code
cargo check
# Format code
cargo fmt
# Lint
cargo clippy
# Build release
cargo build --releaseThe desktop app lives under frontend/ and is packaged with Tauri.
cd frontend
npm install
cargo install tauri-cli --version '^2'
npm run desktop:build
npm run desktop:install-shortcutBuild artifacts are written to frontend/src-tauri/target/release/bundle/.
On Linux, npm run desktop:build produces .deb, .rpm, and .AppImage bundles. The AppImage step runs through linuxdeploy, so it can fail inside restricted sandboxes even when the project itself is healthy. If that happens, rerun the desktop build from a normal host shell instead of a locked-down sandbox.
npm run desktop:install-shortcut installs a local launcher in ~/.local/share/applications/scpf-desktop.desktop, copies the icon set into ~/.local/share/icons/hicolor, and creates a ~/Desktop/SCPF Desktop.desktop shortcut when a Desktop folder exists.
The desktop shell now targets a dedicated local backend address, http://127.0.0.1:32145, to avoid collisions with unrelated services that may already be using 8080.
On first launch, the desktop app also seeds ~/.local/share/com.teycir.scpf.desktop/.env.example so the expected API key format is easy to discover.
Templates are the core of SCPF - they define what patterns to find in smart contracts.
- Define Patterns - Write regex patterns that match vulnerable code
- Set Severity - Classify findings (info, low, medium, high, critical)
- Add Context - Provide descriptions and messages for findings
- Save as YAML - Store in
templates/directory - SCPF Loads & Scans - Tool automatically uses your templates
- Create a
.yamlfile intemplates/ - Define patterns with regex
- Set severity level (info, low, medium, high, critical)
- Add descriptive tags
Template Structure:
id: unique-template-id
name: Human Readable Name
description: Detailed description of what this detects
severity: high # info | low | medium | high | critical
tags:
- category
- subcategory
patterns:
- id: pattern-id
pattern: 'regex-pattern'
message: Description of what was foundContributions welcome! Please follow:
- Amazon Q rules in
.amazonq/rules/ - Modular architecture principles
- Test-driven development
- Clean, documented code
- Fork the repository
- Create a feature branch
- Follow coding standards
- Add tests for new features
- Submit a pull request
MIT License - see LICENSE for details.
Teycir Ben Soltane
- Website: teycirbensoltane.tn
- GitHub: @Teycir
- GitHub Repository
- Quick Wins Features - ERC Compliance, L2 Support, Risk Scoring
- Ecosystem & Extensibility - Template Registry, Plugin System
- Project Roadmap - Future plans and status
- Template Changelog - Template version history
- GitHub Action Documentation
- Issue Tracker
- Author Website
Built with β€οΈ using Rust by Teycir Ben Soltane

