CA: Fo9wJVqWYXEgsG3UKekvK1R7YVewyUGodRfBrmjaBAGS
Chain-Fox is an all-in-one automated security platform for blockchain projects.
We unify the best open-source checkers into a single framework, making advanced security affordable, accessible, and scalable for every developer and user.
- Security audits are expensive and time-consuming.
- Existing tools are fragmented and hard to integrate.
- Many teams skip audits entirely โ leaving critical vulnerabilities in production.
Chain-Fox changes that.
We deliver automated, multi-language security detection that is easy to integrate into your workflow โ empowering developers to ship safer code without the high costs of manual audits.
Chain-Fox is evolving from code-only auditing to full Web3 risk analysis using Skills and agents. For details, see ROADMAP.md
- Rug pull detection (permissions + on-chain behavior)
- Web3 website risk checks
- Skill-based contract auditing
- Make code checkers agentic and Skill-aware
- Beta testing and feedback collection
- Improve signals and reduce false positives/negatives
- Add more Skills and specialized code checkers
- Track historical on-chain patterns
- API documentation and integration
- Multi-agent Skill system
- Threat intelligence layer
- CI/CD and alerting integration
- Browser extension (read-only)
- Open-source Skills and community contributions
- 14 advanced checkers integrated (Rust, Go, Solidity, C/C++).
- 200+ bugs found and fixed across real-world projects.
- Built-in CI/CD integration guides to get started in minutes.
Check out our [detection results](./detection-results/'Github Bug Report.xlsx')
and audit reports for real examples.
We bring together leading tools across ecosystems:
| Checker | Language | Type | Detects |
|---|---|---|---|
| lockbud | Rust | static | Memory & concurrency bugs |
| rudra | Rust | static | Memory safety, variance, lifetime bugs |
| RAPx | Rust | static | Use-after-free, memory leaks |
| AtomVChecker | Rust | static | Atomic concurrency bugs |
| Cocoon | Rust | static | Secrecy leaks |
| MIRAI | Rust | static | Panic & correctness issues |
| ERASan | Rust | dynamic | Memory access bugs |
| shuttle | Rust | dynamic | Concurrency bugs |
| kani | Rust | verifier | Safety, assertions, panics |
| GCatch | Go | static | Concurrency bugs |
| GFuzz | Go | dynamic | Concurrency bugs |
| cppcheck | C/C++ | static | Common C/C++ bugs |
| slither | Solidity | static | Solidity bugs |
| PeCatch | Solidity | static | Gas-fee inefficiencies |
๐ See our Awesome Rust Checker list for upcoming additions.
We welcome contributions from the community! Here's how you can help:
- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add some amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
Please read our Contributing Guidelines for more details.
This project is licensed under the BSD 3-Clause License - see the LICENSE file for details.
For security-related issues, please refer to our Security Policy.