# Smart Contract Auditor ## Smart Contract Auditor AI-powered vulnerability detection for Solidity smart contracts. Submit contract source code and receive a scored audit report identifying security issues, gas optimizations, and best-practice violations. ### Key Facts | | | | ------------ | -------------------------------------------------- | | **Endpoint** | `POST /chat/stream` | | **Model** | `smart_contract_auditor` | | **Cost** | 1 credit per request (2 with chat history enabled) | | **SDK** | `@chaingpt/smartcontractauditor` | | **Output** | Scored audit report with categorized findings | ### Parameters | Parameter | Type | Required | Description | | ------------- | ------ | -------- | -------------------------------------------------------------------------------------------------------------------------------- | | `model` | string | Yes | Must be `"smart_contract_auditor"` | | `question` | string | Yes | The Solidity source code to audit, or a follow-up question about a previous audit | | `chatHistory` | string | No | `"on"` or `"off"` (string, not boolean). Enables follow-up questions about findings. Doubles cost to 2 credits. Default: `"off"` | | `sdkUniqueId` | string | No | Unique session identifier for maintaining audit conversation context | ### Quick Start -- JavaScript ```bash npm install @chaingpt/smartcontractauditor ``` ```javascript import { SmartContractAuditor } from "@chaingpt/smartcontractauditor"; const client = new SmartContractAuditor({ apiKey: process.env.CHAINGPT_API_KEY, }); const solidityCode = ` // SPDX-License-Identifier: MIT pragma solidity ^0.8.19; contract SimpleVault { mapping(address => uint256) public balances; function deposit() external payable { balances[msg.sender] += msg.value; } function withdraw(uint256 amount) external { require(balances[msg.sender] >= amount, "Insufficient balance"); (bool success, ) = msg.sender.call{value: amount}(""); require(success, "Transfer failed"); balances[msg.sender] -= amount; } } `; const audit = await client.createChatMessage({ model: "smart_contract_auditor", question: solidityCode, chatHistory: "off", }); console.log(audit.data.bot); ``` #### Follow-Up on Findings ```javascript // Enable history to ask about specific findings const audit = await client.createChatMessage({ model: "smart_contract_auditor", question: solidityCode, chatHistory: "on", sdkUniqueId: "audit-session-001", }); console.log(audit.data.bot); // Ask for a fix recommendation const followUp = await client.createChatMessage({ model: "smart_contract_auditor", question: "Show me the corrected code with the reentrancy fix applied", chatHistory: "on", sdkUniqueId: "audit-session-001", }); console.log(followUp.data.bot); ``` ### Tips * The Auditor detects common vulnerabilities including reentrancy, integer overflow, access control issues, and gas inefficiencies. * Pair with the Smart Contract Generator for a generate-then-audit pipeline. * Use chat history to drill into specific findings and request corrected code, but note the doubled credit cost. * For the example above, the Auditor will flag the classic reentrancy vulnerability in the `withdraw` function (state update after external call). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.chaingpt.org/dev-docs-b2b-saas-api-and-sdk/chaingpt-claude-skill-and-plugin/products/smart-contract-auditor.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.