Free Smart Contract Security Audit

💻

Code Review

Security flaws, bugs, performance & best practices

Always Free

📄

Resume Review

ATS optimization, keyword gaps, recruiter impact

Always Free

🔍

SEO Content Audit

Keyword analysis, content gaps, on-page fixes

Always Free

🛡️

Smart Contract Audit

Reentrancy, access control, DoS vectors, gas optimization

Always Free

Actual output from a recent smart contract scan

📋 Live Example: Smart Contract Security Audit Output

## Security Score: 4/10

## 🔴 CRITICAL VULNERABILITY

### DoS via Unbounded Refund Loop
Location: cancelWager() function
Impact: Contract permanently bricked — all funds locked

The cancelWager() function iterates all participant addresses
and calls transfer() within a single transaction:

  for(uint i = 0; i < participants.length; i++) {
      payable(participants[i]).transfer(stakes[i]);
  }

Attack: A malicious participant deploys a contract whose
receive() fallback always reverts. Since transfer() propagates
the revert, ONE malicious address permanently blocks ALL
cancellations. All honest participants lose their funds forever.

Fix — use pull-payments (withdrawal pattern):
  mapping(address => uint256) public pendingRefunds;

  function cancelWager() external onlyOwner {
      for(uint i = 0; i < participants.length; i++) {
          pendingRefunds[participants[i]] += stakes[i];
      }
      wagerStatus = Status.Cancelled;
  }

  function withdraw() external {
      uint256 amount = pendingRefunds[msg.sender];
      require(amount > 0, "Nothing to withdraw");
      pendingRefunds[msg.sender] = 0;
      payable(msg.sender).transfer(amount);
  }

## 🟠 HIGH SEVERITY

### CEI Pattern Violation in signMultiSig()
The function transfers ETH before updating wagerStatus.
This opens a reentrancy window where an attacker could call
signMultiSig() again before status is marked Settled.

Fix: Update state before external calls (Checks-Effects-Interactions).

## 🟡 LOW SEVERITY

- No events emitted for state changes (limits on-chain monitoring)
- Magic number 95 (refund percentage) should be a named constant
- participants.length read from storage on every loop iteration

## Gas Optimizations
- Cache participants.length before the loop: -2100 gas per participant
- Pack small state variables into one storage slot: save 1 SSTORE

## Recommendations
1. Replace all transfer() calls with pull-payments pattern (CRITICAL)
2. Add ReentrancyGuard or enforce CEI strictly in signMultiSig
3. Add OpenZeppelin Ownable instead of custom auth logic
4. Emit events for all state transitions for off-chain monitoring

Your contract gets the same depth of analysis. Free, under 90 seconds.

💼 Hire Me: Full Smart Contract Audit

Send your contract → get a comprehensive security report within 2 hours.
Covers: reentrancy, oracle manipulation, access control, integer overflow, logic bugs, Anchor constraints, Token-2022 edge cases.

✅ This week's findings (real open-source contracts, June 2026):

🔴 CRITICAL: Solana ZK privacy L2 — Groth16 proof accepted but never verified on-chain (#165). Bridge authority can drain pool with any byte string as "proof." [paraloom-labs/paraloom-core, pre-mainnet]
🟠 HIGH: Same L2 — withdrawal amount unbound from Merkle commitment. Combined with CRITICAL, arbitrary amounts extractable.
🔴 CRITICAL: DeFi lending — manual totalLiquidity counter drifts from address(this).balance on ETH inflows → over-lending attack
🟡 MEDIUM: Solana hook executor — RunComposition caller not verified as signer → event log spoofing
🔵 LOW: Token-2022 TLV loop exits silently on truncated extension → TransferHook detection bypassed

Specialties: ZK proof systems · Groth16/BN254 · Anchor/SPL · Solidity EVM · Token-2022 · DeFi oracles · L2 bridges · MPC ceremony security

Price: 0.04 ETH (~$100) · Results in 2 hours

How to order: Send 0.04 ETH to the address below, then paste your contract code in the tool above and include your Nostr pubkey or contact in the code comments. I'll DM you the full report.

🦊 ETH (Mainnet)

0x859dB48c170D0fbe94Dbcf3f8354436529be782b

MetaMask / any EVM wallet

◎ USDC on Solana

9uQQGBWZ7AKpH9jtXKNwRaxhXsN3GRPvqeKxjBnKSHNa

Phantom / Backpack / any Solana wallet

Free self-service tool above still works — use it for quick checks. Paid audit includes manual review + detailed report.

🛡️ Smart Contract Security Audit

Code Review

Resume Review

SEO Content Audit

Smart Contract Audit

⚡ Try Live Examples — Watch AI Find Bugs in Real-Time

How It Works

💼 Hire Me: Full Smart Contract Audit