Substrate Vulnerability Scanner

Skill Active

Scans Substrate/Polkadot pallets for 7 critical vulnerabilities including arithmetic overflow, panic DoS, incorrect weights, and bad origin checks. Use when auditing Substrate runtimes or FRAME pallets.

Purpose

To enhance the security of Substrate/Polkadot blockchains by providing automated detection of critical vulnerabilities within custom FRAME pallets.

Features

Scans Substrate/Polkadot pallets for 7 critical vulnerabilities
Identifies arithmetic overflow, panic DoS, incorrect weights, bad origin checks
Analyzes Rust code for security patterns
Provides fixes and mitigation steps for identified issues
Validates dispatchable functions and weight calculations

Use Cases

Auditing custom Substrate pallets
Reviewing FRAME runtime code
Pre-launch security assessment of Substrate chains
Validating dispatchable extrinsic functions

Non-Goals

Auditing smart contracts on other blockchain platforms
Performing dynamic analysis or runtime fuzzing
Replacing formal security audits entirely

Trust

warning:Issues Attention13 issues opened, 4 closed in the last 90 days, indicating a closure rate below 50% and a moderate number of open issues.

Installation

First, add the marketplace

/plugin marketplace add trailofbits/skills

/plugin install building-secure-contracts@trailofbits

Quality Score

92 /100

Analyzed about 13 hours ago

Trust Signals

Last commit3 days ago

GitHub owner trailofbits

Stars5.2k

LicenseCC-BY-SA-4.0

Status

View Source

Similar Extensions

Ship Gate

100

Pre-production audit that scans a codebase for security, database, deployment, code quality, AI/LLM, dependency, frontend, and observability issues. Intercepts deploy commands and blocks until critical items pass. Stack-agnostic. Use for "run ship gate", "am I ready to ship", "pre-launch audit", "can I deploy", "push to production", "go live checklist", "preflight check". Not for CI/CD setup or infra provisioning.

Skill

alirezarezvani

Web3 Testing

Test smart contracts comprehensively using Hardhat and Foundry with unit tests, integration tests, and mainnet forking. Use when testing Solidity contracts, setting up blockchain test suites, or validating DeFi protocols.

Skill

wshobson

Aptos Gas & Performance Optimization Expert

Expert on Aptos gas optimization, performance tuning, storage costs, execution efficiency, inline functions, aggregator usage, parallel execution, table vs vector tradeoffs, and gas profiling tools. Triggers on keywords gas optimization, performance, gas cost, storage fee, inline, aggregator, parallel execution, gas profiling, optimization

Skill

raintree-technology

Solidity Security

Master smart contract security best practices to prevent common vulnerabilities and implement secure Solidity patterns. Use when writing smart contracts, auditing existing contracts, or implementing security measures for blockchain applications.

Skill

wshobson

Aptos Move Testing

Expert on testing Move smart contracts on Aptos, including unit tests, integration tests, Move Prover formal verification, debugging strategies, and test coverage. Triggers on keywords move test, unit test, integration test, move prover, formal verification, debug, coverage, assert, expect

Skill

raintree-technology

Aptos Framework Expert

Expert on Aptos Framework (0x1 standard library) - account, coin, fungible_asset, object, timestamp, table, event, vector, string, option, error, and other core modules. Triggers on keywords aptos framework, 0x1, account module, table, smarttable, event, timestamp, randomness, aggregator, resource account

Skill

raintree-technology