CA: Fo9wJVqWYXEgsG3UKekvK1R7YVewyUGodRfBrmjaBAGS
Chain-Fox is an all-in-one automated security platform for blockchain projects.
We unify the best open-source checkers into a single framework, making advanced security affordable, accessible, and scalable for every developer and user.
- Security audits are expensive and time-consuming.
- Existing tools are fragmented and hard to integrate.
- Many teams skip audits entirely โ leaving critical vulnerabilities in production.
Chain-Fox changes that.
We deliver automated, multi-language security detection that is easy to integrate into your workflow โ empowering developers to ship safer code without the high costs of manual audits.
- 23 advanced checkers integrated (Rust, Go, Solidity, C/C++, Solana, etc.).
- 200+ bugs found and fixed across real-world projects.
- Built-in CI/CD integration guides to get started in minutes.
Check out our [detection results](./detection-results/'Github Bug Report.xlsx')
and audit reports for real examples.
We bring together leading tools across ecosystems:
| Checker | Language | Type | Detects |
|---|---|---|---|
| lockbud | Rust | static | Memory & concurrency bugs |
| RAPx | Rust | static | Use-after-free, memory leaks |
| AtomVChecker | Rust | static | Atomic concurrency bugs |
| cargo-check-deadlock | Rust | static | Deadlock |
| rudra | Rust | static | Memory safety, variance, lifetime bugs |
| MIRAI | Rust | verifier | Panic & correctness issues |
| verus | Rust | verifier | Panic & correctness issues |
| kani | Rust | verifier | Panic & correctness issues |
| ERASan | Rust | dynamic | Memory access bugs |
| shuttle | Rust | dynamic | Concurrency bugs |
| GCatch | Go | static | Concurrency bugs |
| GFuzz | Go | dynamic | Concurrency bugs |
| go-critic | Go | static | Common Go bugs |
| cppcheck | C/C++ | static | Common C/C++ bugs |
| cpplint | C/C++ | static | Common C/C++ bugs |
| bmoc | C/C++ | verifier | Common C/C++ bugs |
| slither | Solidity | static | Solidity bugs |
| aderyn | Solidity | static | Solidity bugs |
| GasFeeSaver | Solidity | static | Gas-fee inefficiencies |
| solana-program-analyzer | Solana | static | Solana Bugs |
| solana-lints | Solana | static | Solana Bugs |
| trident | Solana | dynamic | Solana Bugs |
| shellcheck | Shell | static | Shell Bugs |
๐ See our Awesome Rust Checker list for upcoming additions.
Short-term goals:
- Build collaboration with more influential projects.
- Extend coverage to more languages and project types.
Long-term vision:
- Build a unified checking engine for multi-language support.
- Enable AI-assisted verification for smarter bug detection.
- Foster a community-driven security ecosystem accessible to all.
We welcome contributions from the community! Here's how you can help:
- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add some amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
Please read our Contributing Guidelines for more details.
This project is licensed under the BSD 3-Clause License - see the LICENSE file for details.
For security-related issues, please refer to our Security Policy.