Skip to content

BitsLabSec/BitslabAI

Repository files navigation

BitslabAI Injective Solidity Worker

Public lightweight scanner for Solidity projects that target the Injective EVM profile.

This repository intentionally contains only a standalone worker and a CLI trigger script. It does not include private web applications, queues, databases, LLM orchestration, or internal knowledge base assets.

Repository Layout

scripts/
  run_injective_worker.py   Scan a Solidity file or project directory
  run_demo.py               Run the bundled sample project
src/injective_worker/
  detector.py               Injective precompile detection and rules
  worker.py                 Scan orchestration and report rendering
  methodology.py            Public review methodology included in reports
samples/
  injective_exchange_proxy/ Minimal runnable demo input
docs/
  ARCHITECTURE.md           Public architecture notes
  METHODOLOGY.md            Public review methodology

What It Checks

  • Injective EVM precompile address references:
    • Bank: 0x0000000000000000000000000000000000000064
    • Exchange: 0x0000000000000000000000000000000000000065
    • Staking: 0x0000000000000000000000000000000000000066
  • Exchange proxy paths that pass user-like sender arguments into order, deposit, withdraw, or cancel flows.
  • Staking delegation lifecycle calls without visible validator and amount validation.
  • Bank token movement or supply flows without visible denom, decimal, and accounting guards.
  • An Injective Solidity checklist in generated reports.

Quick Start

Run the bundled demo:

python scripts/run_demo.py --out-dir reports

Expected output:

DEMO_JSON_REPORT=reports/injective_demo.json
DEMO_MARKDOWN_REPORT=reports/injective_demo.md
DEMO_FINDINGS=1

Scan your own Solidity project:

python scripts/run_injective_worker.py \
  --source /path/to/solidity/project \
  --project-name my-injective-app \
  --out-dir reports \
  --format both

Useful CI mode:

python scripts/run_injective_worker.py \
  --source /path/to/solidity/project \
  --fail-on medium

The script prints:

  • JSON_REPORT=...
  • MARKDOWN_REPORT=...
  • CHAIN_PROFILE=Injective EVM
  • PRECOMPILE_REFERENCES=...
  • INJECTIVE_FINDINGS=...

Public Methodology

The report includes a public methodology section:

  1. Discover Solidity files.
  2. Identify Injective precompile references.
  3. Classify Bank, Exchange, and Staking call surfaces.
  4. Apply deterministic Injective EVM profile checks.
  5. Map findings to public checklist cards.
  6. Emit JSON and Markdown evidence for manual review.

Notes

This worker is a deterministic pre-screening tool. Findings should be reviewed by an auditor before being treated as confirmed vulnerabilities. General Solidity issues such as reentrancy, access control, integer precision, ERC standard compliance, and DeFi accounting bugs still require normal Solidity security review in addition to this Injective-specific profile.

About

Public Injective EVM Solidity profile worker

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages