January 20, 2025

Iaanlyzer - Smart Contract Security Scanner

Smart Contract Security Scanner interface showing code editor with Solidity vulnerability analysis, upload functionality, and AI-powered security scanning with Claude Sonnet 4

What is Iaanlyzer?

Iaanlyzer is a production-ready starter template for building smart contract analysis tools powered by Claude AI. This project provides a solid foundation for developers who want to create their own customized security scanners, audit tools, or educational platforms for Solidity development.

Key Features

  • Comprehensive Analysis: Detects 15+ vulnerability types including reentrancy, access control failures, and integer overflow
  • AI-Powered: Uses Claude Sonnet 4 for intelligent analysis beyond simple pattern matching
  • Fast Results: Get detailed security reports in under 15 seconds
  • Zero False Positives: Focused on real, exploitable vulnerabilities only
  • Detailed Reports: Interactive vulnerability cards with impact analysis and fix recommendations
  • Export Reports: Download analysis results as JSON
  • Modern UI: Clean, responsive interface built with Tailwind CSS

Technical Stack

Frontend Architecture

  • Next.js 15 - Full-stack React framework with App Router
  • TypeScript 5.0 - Type safety and developer experience
  • Tailwind CSS - Modern styling and responsive design
  • Monaco Editor - Code editor with Solidity syntax highlighting
  • Lucide React - Modern icon library

AI Integration

  • Claude Sonnet 4 - Advanced AI-powered security analysis
  • Custom Prompts - Specialized vulnerability detection logic
  • JSON Response Parsing - Structured analysis results

Vulnerability Detection

Critical Severity

  • Reentrancy: External calls before state updates
  • Access Control: Missing admin function protection
  • Delegatecall: Untrusted address delegation
  • Selfdestruct: Unprotected contract destruction

High Severity

  • Unchecked Calls: External calls without return value checks
  • tx.origin Auth: Phishing-vulnerable authentication
  • Integer Overflow: Arithmetic issues in Solidity <0.8.0

Medium Severity

  • Timestamp Dependence: Block timestamp manipulation
  • DoS Vectors: Unbounded loops and gas griefing
  • Front-running: MEV exploitation opportunities

Low/Info Severity

  • Floating Pragma: Version range vulnerabilities
  • Outdated Compiler: Missing security features
  • Missing Events: Admin action transparency
  • Gas Optimization: Efficiency improvements

Self-Hosted & Open Source

This is a self-hosted application with complete control:

  • Full privacy: Your code and API key stay on your machine
  • No shared costs: Use your own Anthropic credits
  • No rate limits: No shared usage limits with other users
  • Full control: Modify, extend, and adapt to your needs
  • Fork-friendly: MIT license - use it commercially or personally

Use Cases

What Can You Build?

  • Advanced Audit Platforms: Multi-contract analysis, dependency scanning
  • Educational Tools: Interactive learning platforms for smart contract security
  • CI/CD Integration: GitHub Actions or GitLab CI plugins
  • Specialized Scanners: Focus on specific protocols (DeFi, NFTs, DAOs)
  • Team Audit Tools: Collaboration features, report generation
  • Custom Reporting: PDF reports, Notion integration, Slack notifications

Analysis Flow

  1. Upload Code: Upload .sol file or paste Solidity code directly
  2. AI Analysis: Claude Sonnet 4 analyzes vulnerabilities in 10-15 seconds
  3. Review Results: View security score (0-100) and detailed vulnerability cards
  4. Export Reports: Download analysis results as JSON

Customization Features

Easy Extensions

  • Custom Detection Rules: Modify prompts in prompts.ts
  • New Vulnerability Types: Add flash loan, oracle manipulation checks
  • Multi-file Analysis: Accept multiple contract files
  • Export Formats: PDF, Markdown, or CSV options

Advanced Integrations

  • External Tools: Integrate with Slither or Mythril
  • Team Features: User authentication, shared workspaces
  • CI/CD Pipeline: Automated security checks
  • API Access: Programmatic analysis capabilities

Live Demo

View Iaanlyzer Scanner

Impact

Iaanlyzer serves as a foundation for 50+ security tools, helping developers analyze 1000+ smart contracts, and has been forked by 200+ developers to build custom security solutions.

Security & Privacy

  • 100% Local: Everything runs on your machine
  • No Storage: Solidity code is never stored anywhere
  • Private API Key: Your API key stays in your .env.local file
  • No Tracking: No analytics, no telemetry, no data collection

Empowering developers to build the next generation of smart contract security tools with AI.

Table of Contents

Ready to build secure Web3 solutions? Let's create something exceptional.

Get In Touch