Analyze Smart Contracts at Scale —
Across All Execution Paths

Static, dynamic, semantic, and infrastructure vulnerability detection for EVM smart contracts.

100+ proprietary algorithms analyze control flow and cryptographic misuse. Flagged contracts are automatically fuzzed, while LLM-assisted similarity and Hack-Related Proximity Scoring detect code reuse and malicious linkages.
Book a Demo CONTACT SALES

Vulnerability Detection results require a subscription.

Vulnerability Detection

Static, Dynamic, Semantic & Infrastructure Risk Analysis

Dedaub's Vulnerability Detection combines static analysis, dynamic analysis (fuzzing), LLM-assisted semantic similarity, and hack-related infrastructure scoring to identify vulnerabilities in EVM smart contracts. More than 100 proprietary static analysis algorithms evaluate control flow, storage behavior, and value flows across execution paths to surface concrete warning classes. Contracts flagged by static analysis are automatically fuzzed to determine whether a warning can lead to fund loss. LLM-assisted "Find Similar" detects structurally or logically equivalent functions across contracts, while Hack-Related Proximity Scoring measures interaction-based similarity to known malicious infrastructure through relationship graph analysis.

WHAT'S NEW

Hack-Related Proximity Scoring

Hack-related proximity scoring introduces a graph-based risk signal that measures how closely an address is related to known malicious infrastructure.

12%0x7a250d5630B4cF539739dF2C5dAcb4c659F2488D34%0x3c91a0E68B1e43E1B8C4E2D6F9A72bF541cD2e7841%0x92f81A7c43eE2bD9054F8a21C659e3F14b82dA3638%0x5d3eF8a2190bC4e97D1b8f3cA62d5E9f14720aB367%0xae726d1b4F19a3C7d8B32e5f6c4A9f1203bE87dC

Find Similar (Semantic Contract Matching)

Find Similar uses LLM-assisted semantic analysis on decompiled contracts to identify other contracts implementing structurally or logically similar functions — even when bytecode, constants, or compiler settings differ. Instead of relying on hash matching, it compares normalized control-flow and behavioral structure to detect rewritten clones, modified exploit templates, and function-level logic reuse across deployments. This enables researchers to determine whether a vulnerability is isolated or shared across a broader contract family.

Contract Filters

Dedaub's Contract Library offers a robust search interface for filtering contracts based on various criteria. You can refine your search by specific vulnerability warnings, contract states, or lists of saved contracts.

0xDAO 100x Finance 8-bit Metaverse AaveV2 AaveV3 Alchemix AlphaHomoraV2 Angle Protocol Apecoin Staking Arcadia Argent Aurora Autonolas BadgerDAO Balancer BalancerV2 Bancor BarnBridge Beefy Beethoven X BendDAO Beta Finance Brahma Bridge Mutual BurgerSwap Cartesi Celer Chainlink Chainlink CCIP Comb Financial Conic Convex Curve DAMX Deus Finance Dexible Earning.farm ebtc Enzyme Finance Equalizer Exchange ERC20Token Bank ERD Ether Orcs Euler Exactly Fantom Fei Frax Furucombo Geist GMX V2 Gnosis Chain Goldfinch Granary Finance Gro HakkaFinance Hashflow Hector Network Hegic Hook Horizon Finance Hundred finance JPEGd Keep3r Layer Zero Liquid Driver Liquity LooksRare Maker Metis Morphex Morpho mStable Multichain MUMMY Finance NexusMutual Notional Ola Ondo Finance Optimism Opyn:Gamma Opyn:Squeeth Origin Origin Story PawnFi Perpetual Polkastarter Polygon Primitive QiDao Reaper Farm RenVM Reserve Revest Rhino.fi Ribbon Finance Ridotto Rodeo Finance Rook Rysk Finance Scream SetProtocol Sherlock Sifchain Spartacus SpiritSwap SpookySwap Spool Stader Stargate StoaDeFi Sturdy Finance Sushiswap Swapos Synapse Synthetix Tarot Tempus Term Finance The Graph Themis THORChain Tomb Finance Tornado Cash UniswapV2 UniswapV3 Uwerx Network Velocimeter Vesper Volt Protocol WigoSwap Wise Lending Worldcoin Wormhole XBE Finance Yearn Yoshi Exchange ZeroEx ZKasino zkBridge ZkSync Zunami Protocol
All Marked 'safe' Marked 'unsafe' Not inspected Not marked 'safe'
Highest High Medium Low
Balance And Allowance Contract has an allowance by an approver who has a balance in the same token
Calls Possibly Privileged Function Contract calls function selector that often has access control on the other end
Calls Probably Privileged Functions Contract calls function selector that always has access control on the other end
Contract Has Balance Contract has a balance
Contract Has Money Contract has funds, directly or indirectly: has a balance, or has an allowance where the approver holds a balance, or is a "puller", or is delegatecalled by a proxy that has any of the previous
Deployed Last 7d Contract was deployed in the last 7 days
Deployed Last 90d Contract was deployed in the last 90 days
Fuzzed Contracts With Vulnerabilities
Has Ai Reconstruction
Has High Balance Contract has a high balance (default: >$10K)
Heavily Transacted Contract Contract with large number of recent transactions
Large Value Contract has large value (default: > $10K), directly or indirectly: has a balance, or has an allowance where the approver holds a balance, or is a "puller", or is delegatecalled by a proxy that has any of the previous
Puller Contract is a "puller": has past transactions in which it got funds from another contract without supplying funds in return
Recent Warnings Contract has recent warnings (default: 2 days)
Recently Transacted Contract has recent transactions (default: 2 days)
Recently Transacted Cached
Reentrant Token Contract implements a token with callbacks
Transfers Reentrant Token Contract transfers a token with callbacks
Contract Filters

Vulnerability Coverage

Accessible selfdestruct, reentrancy (including read-only variants), flashloan callback misuse, permit omissions, tainted call chains, DoS patterns, swap reachability, cryptographic misuse, and 100+ additional warning classes — continuously expanded as new attack vectors emerge.

Accessible selfdestruct SELFDESTRUCT target address can be overwritten by untrusted external caller.
Tainted selfdestruct SELFDESTRUCT target address can be overwritten by untrusted external caller.
Tainted Ownership Guard Storage field used in guarding logic can be overwritten by untrusted caller, allowing them to bypass sensitive guards.
Tainted delegatecall Target address of DELEGATECALL operation can be controlled by untrusted caller.
Sensitive call can be reached by anyone Sensitive call to DeFi API can be reached by untrusted external caller.
Sensitive callback does not check sender Sensitive callback does not check sender.
Guard can be overwritten A boolean guard is being set without a check on whether it was set before.
Initialization guard checked but not set Initialization guard checked but not set.
Relying on msg.sender == tx.origin Relying on msg.sender == tx.origin.
Suspicious conditions on msg.sender Suspicious conditions on msg.sender.
Reentrancy External call operation possibly susceptible to reentrancy attack.
Inconsistent Reentrancy guards A certain location seems to not be using the reentrancy guards used elsewhere over the same storage or external contract state.
Call to Tainted Function Target function of external call can be changed by untrusted caller.
Call and Delegate Together Contract may call same target address with both a regular call and a DELEGATECALL.
Looped delegateCall and msg.value DELEGATECALL operations used in a loop to unknown function, without checking the caller, and with msg.value.
Unchecked Low-Level Call Return status of external call is not checked.
Twin calls Repeated external calls to contract controlled by untrusted caller can allow them to return inconsistent results.
this.call() Contract makes external call to itself, whose only purpose would be to change msg.sender.
Swap publicly reachable Swap operation can be reachable by untrusted external caller.
Swap reachable, contract has funds Swap operation can be reachable by untrusted external caller, static patterns suggest the contract holds funds.
Swap call with 0 minAmountOut Swap call with 0 minAmountOut.
Uniswap price manipulation potential A swap on Uniswap/Sushiswap/similar clone can be price-manipulated.
Uniswap tainted token The contract calls Uniswap operation passing tokens that can be controlled by untrusted external caller.
Unrestricted approve proxy The contract can be manipulated to give token approvals to untrusted parties.
Unrestricted transfer proxy Various parameters of an ERC20 token transfer call can be controlled by an untrusted external caller.
Unrestricted transferFrom Proxy Various parameters of an ERC20 token transferFrom call can be controlled by an untrusted external caller.
ERC20 call demands high-level return value ERC20 call does not accept implementations (as in USDT) that do not have a high-level return value.
Transfer of entire balance A token transfer sends the entire balance of the contract, which can lead to misleading calculations.
FlashLoan unchecked callback The flashloan callback method does not contain an assertion checking the initiator of the flash loan.
DoS (Unbounded Iteration) Array iterator may be susceptible to DoS caused by untrusted caller increasing storage requirements.
DoS: Call can cause failure External call can cause a denial-of-service by failing/throwing or returning certain values.
DoS: Suspicious revert inside loop A loop contains a rarely-reverting statement. An interesting case is a division that can be manipulated to revert.
DoS: Unbounded Iteration Loop iteration over array may be susceptible to denial-of-service by growing the array's size.
DoS: Wallet Griefing Value-transfer call statement (inside loop) can cause a denial-of-service by failing/throwing.
ECDSA signature malleability ECDSA signature used as key to data structure, a twin, equivalent signature can be produced by an attacker.
ECDSA without chainid SHA3 hash used in ECDSA signing does not include chainId, allowing for possible cross-chain replay attacks.
Inconsistent ECDSA signing ECDSA signing includes several arguments of a function but skips one or more.
Bad Randomness Bad source of randomness can be exploited by untrusted caller.
Merkle node can be used as leaf Merkle leaf is the result of a 2 word keccak hash operation, allowing internal nodes to be used as leaves.
Permit omits sensitive variable Permit call seems to omit sensitive variable from signed data, although others are included.
Arithmetic error Arithmetic overflow or underflow can occur due to unchecked operations.
Rounding down of monetary amount A monetary amount is rounding down in a way that could cause higher outflow.
Rounding up of monetary amount A monetary amount is rounding up in a way that could cause higher outflow.
Inconsistent absolute scaling Some quantity is being scaled inconsistently (e.g., constant close to 10^6 in one site vs 10^8 elsewhere).
Inconsistent relative scaling Some quantity is being scaled inconsistently relative to another.
Inconsistent complex relative scaling Some quantity is being scaled inconsistently relative to the sum of two others.
Suspicious decimal arithmetic The way the contract uses powers of ten is unexpected (e.g., additively instead of multiplicatively).
Suspicious lack of token decimal arithmetic The contract seems to handle multiple tokens but not to adjust for decimals consistently.
Suspicious token decimal arithmetic The way the contract uses token decimals is unexpected.
Tokens may have inconsistent decimals Two tokens appear to have an assumed connection in their decimal scales.
SSTORE inconsistent with others SSTORE seems to be writing to more symbolic addresses than other similar ones. Could there be an aliasing attack?
SSTORE to tainted address SSTORE operation writes to a tainted, user-controlled storage address.
Stale value in storage The contract seems to be caching volatile values, derived over the storage variables of another contract.
Storage leak due to undeleted mapping Storage leak due to undeleted mapping.
Immutable storage location declared mutable Storage location never written, only read. Should have been declared immutable.
Suspicious SSTORE guard A storage write is being guarded by conditions that seem to only check the value that's being overwritten.
Chainlink data feed may provide stale answers The Chainlink oracle is not (fully) checked for staleness.
Manipulable Tellor answer An attacker may exploit Tellor's dispute system by submitting malicious data and forcing the contract to consume it in the same block.
Tainted money-sensitive var in external call Untrusted callers can control the value of a sensitive argument of an external call.
Rare tainted money-sensitive var in external call Usually-protected function call is unprotected in this instance.
Suspicious money burn operation Suspicious call to sensitive money burn operation.
Suspicious money transfer operation Suspicious call to sensitive money transfer operation.
FUZZED: Arbitrary Call Contract found to be calling untrusted external party.
FUZZED: Fund Loss Contract found to be losing money in a transaction.
FUZZED: Imbalanced Uniswap Pair Fuzzing detected an imbalanced Uniswap pair.
FUZZED: Selfdestruct Contract found to be calling selfdestruct.
Classifier: Suspicious contract Classifier: Suspicious contract.
No-op external function call External view/pure call has an unused result.
No-op internal function call Internal call with no side effects has an unused result.
No-op storage load Data loaded from storage (at high gas cost) seem to never be used.
Reachable assert Specific values found that cause low-level assert to fail.
Inconsistent assertions Sensitive operation can be reached by different entry points without the same assertions being made consistently.
Inconsistent array iteration Two arrays that seem to grow independently are being accessed by the same index in a loop.
Unused public function argument Unused public function argument.
Undisclosed Vulnerability Vulnerability reported Dec. 5, 2023, description upcoming.
Vulnerability Coverage

Dynamic Analysis (Fuzzing)

In the Dedaub model, dynamic analysis is implemented through automated fuzzing. Contracts flagged by static analysis are automatically exercised with generated transaction inputs to determine whether a vulnerability can lead to fund loss. Findings such as FUZZED: Fund Loss, FUZZED: Arbitrary Call, or FUZZED: Selfdestruct indicate that a warning has been dynamically validated.

Dynamic Analysis (Fuzzing)

API & Integration

Static analysis results can be accessed programmatically and integrated into Monitoring pipelines, internal risk dashboards, and incident response workflows.
Request Enterprise API Access

Create Your Free Account Now

Security Suite Login

Are you looking for security audits? Find out more here.