SmartSec

AI-powered smart contract security scanner. Free to try, $0.50-$2.00 for deep analysis based on size. Upload contract, get vulnerability report.

Scan Contract View Pricing

To Start

50+

Vuln Patterns

EVM Chains

Basic

Free

1 scan/day

Pattern-based scanning
50+ vulnerability patterns
Solidity, Rust, Vyper, Move
Instant results
No wallet required

Pro

$0.50-$2

based on size

Claude AI deep analysis
Context-aware review
Business logic vulnerabilities
Detailed remediation steps
Pay-per-scan

SECURITY SCANNER

Scan Your Smart Contract

Upload a contract file or fetch verified source from block explorers. Select your tier and get an AI-powered vulnerability analysis.

Drop contract or click to upload

.sol, .rs, .vy, .move (max 5MB)

Basic

FREE

Pattern scan (1/day)

Pro

$0.50-$2.00

Claude AI (by size)

x402 Protocol

Built for AI Agents

No API keys. No accounts. No OAuth. Just pay and scan. Programmatic access designed for autonomous security systems.

Instant Audits

Upload contract, pay USDC, get vulnerability report. No waiting for human auditors. Results in seconds.

Pay Per Scan

USDC on Solana. Sub-second finality. Include TX signature in X-PAYMENT header.

Multi-Model

GPT-4, Claude, Gemini, Llama. Multiple AI perspectives catch vulnerabilities a single model might miss.

Agent Integration Example

# Free scan (1/day)
POST https://api.smartsec.app/audit
-F "[email protected]" -F "tier=basic"

# Pro scan ($0.50-$2 based on size)
POST https://api.smartsec.app/audit
X-PAYMENT: <tx-signature>
-F "[email protected]" -F "tier=pro"

PRICING

Simple, Transparent Pricing

Start free, upgrade when you need deeper analysis. No subscriptions, pay per scan.

FREE

Basic

1 scan/day

Pattern-based vulnerability scanner using regex matching against 50+ known vulnerability signatures. Instantly detects common issues like reentrancy, unchecked returns, tx.origin authentication, integer overflow patterns, and access control problems.

Best For

Quick sanity checks during development

Learning about common vulnerabilities

Evaluating third-party contracts

Personal projects and hackathons

METHOD

Regex patterns

DETECTS

50+ patterns

SPEED

<1 second

LIMIT

1 scan/day

VULNERABILITY PATTERNS DETECTED

Reentrancy Unchecked Returns tx.origin Selfdestruct Delegatecall Integer Overflow Access Control +40 more

RECOMMENDED

$0.50-$2

Pro

Unlimited

Claude AI deep semantic analysis. Goes beyond pattern matching to understand your contract's logic, data flow, state transitions, and business rules. Catches complex vulnerability chains, edge cases, and subtle bugs that pattern-based scanners miss. Provides detailed explanations of each issue with actionable remediation steps.

Best For

Pre-mainnet deployment checks

DeFi protocols handling user funds

NFT and token launches

Complex multi-contract systems

CI/CD pipeline integration

Pre-audit preparation

Size-Based Pricing

$0.50

Small

<500 lines

$1.00

Medium

500-2,000 lines

$2.00

Large

2,000+ lines

METHOD

Claude Sonnet AI

DETECTS

Logic + Context

SPEED

15-45 seconds

PAYMENT

USDC on Solana

PRO ANALYSIS INCLUDES

Business Logic Flaws State Machine Errors Flash Loan Vectors Oracle Manipulation MEV Exposure Detailed Remediation

Not sure which to choose? Start with a free Basic scan to get a quick overview. If issues are found or you want deeper analysis before deployment, run a Pro scan for comprehensive AI review.

SUPPORTED ECOSYSTEMS

Multi-Chain Support

Analyze contracts across EVM, Solana, and Move ecosystems. Fetch from explorers or upload directly.

Ethereum

Solidity (.sol)

BSC

Solidity (.sol)

Polygon

Solidity (.sol)

Arbitrum

Solidity (.sol)

Solana

Anchor/Rust (.rs)

Move

Aptos/Sui (.move)

SUPPORTED LANGUAGES

.sol (Solidity) .rs (Rust/Anchor) .vy (Vyper) .move (Move)

FAQ

Common Questions

What vulnerabilities do you detect?

Our AI models scan for 50+ vulnerability patterns including: reentrancy, unchecked return values, tx.origin authentication, selfdestruct misuse, delegatecall risks, integer overflow/underflow, access control issues, front-running vulnerabilities, oracle manipulation, flash loan attack vectors, and more.

What's the difference between Basic and Pro?

Basic uses pattern matching (regex) to detect common vulnerability signatures - it's instant and free, but limited to known patterns. Pro uses Claude AI to semantically understand your code's logic, data flow, and state transitions. It catches subtle business logic flaws, complex vulnerability chains, and provides detailed explanations with remediation steps.

Does this replace a manual audit?

AI scanning is a complement to, not a replacement for, professional security audits for high-value contracts. Use SmartSec for rapid iteration during development, pre-audit checks, and continuous monitoring. For major protocol launches handling significant TVL, combine with a manual audit from a reputable firm.

What is x402?

x402 is a payment protocol that lets you pay per API call instead of managing API keys and subscriptions. Send USDC on Solana, include the transaction signature in the X-PAYMENT header, and the API processes your request. No accounts, no OAuth, no billing cycles.

Is my contract code stored?

No. Contract code is processed in memory and immediately discarded after analysis. We do not store, log, or retain your source code. Audit results are temporarily available for download (1 hour) then automatically deleted.

How is pricing determined for Pro tier?

Pro tier pricing is based on contract size (line count): Small contracts (<500 lines) cost $0.50, medium contracts (500-2000 lines) cost $1.00, and large contracts (2000+ lines) cost $2.00. Use the /estimate endpoint to get the exact price before paying.

Which wallets are supported for payment?

Any Solana wallet that can send USDC SPL tokens works. The website has built-in Phantom wallet integration. For programmatic access, any wallet or SDK that can sign Solana transactions (Phantom, Solflare, Backpack, solana-web3.js, etc.) will work.

What languages and chains do you support?

We support Solidity (.sol), Rust/Anchor (.rs), Vyper (.vy), and Move (.move). For EVM chains (Ethereum, BSC, Polygon, Arbitrum), you can fetch verified source directly from block explorers. For Solana and Move ecosystems, upload your contract file directly.

Can I use SmartSec in my CI/CD pipeline?

Yes. The API is designed for programmatic access. Use the Basic tier for free daily checks during development, or integrate Pro tier scans before deployments. The x402 protocol makes it easy to automate payments - your agent sends USDC, includes the TX signature, and gets results.

What does the security score mean?

The security score (0-100) reflects the overall safety of your contract. It factors in vulnerability count, severity levels, and fund risk (issues that could lead to loss of funds). Grades range from A (90+) to F (<50). Contracts with critical fund-risk issues are capped at grade C or lower regardless of other factors.

How long does a scan take?

Basic tier scans are instant (<1 second) since they use pattern matching. Pro tier scans take 15-45 seconds depending on contract complexity, as Claude AI performs deep semantic analysis of your code.