Does it support Substrate versions before 0.9.25?

Yes, it specifically checks for 'Verify First, Write Last' patterns which were critical for security in versions prior to the introduction of native transactional storage.

How does it handle weight analysis?

It reviews your #[pallet::weight] annotations and ensures that weight calculations are proportional to the computational cost to prevent spam-based DoS attacks.

Can it fix the vulnerabilities it finds?

Yes, for each identified issue, the skill provides specific code fixes and mitigations based on Substrate best practices and FRAME development standards.

Which vulnerabilities does this skill detect?

It scans for seven critical patterns: arithmetic overflow, panic DoS, incorrect weights, bad origin checks, storage safety, unsigned transaction risks, and weak randomness.

Substrate Vulnerability Scanner

Name: Substrate Vulnerability Scanner
Author: fjor1025

byfjor1025

0•

보안 및 테스팅

Scans Substrate and Polkadot pallets to identify critical security vulnerabilities like arithmetic overflows and panic-driven denial-of-service attacks.

The Substrate Vulnerability Scanner is a specialized security auditing tool designed for developers working with Substrate-based blockchain runtimes and FRAME pallets. It systematically analyzes Rust code for platform-specific risks including incorrect weight calculations, unauthorized origin access, and unsafe arithmetic that could lead to node crashes or unauthorized access. By automating the detection of seven critical vulnerability patterns, this skill helps secure Polkadot parachains and standalone Substrate nodes, ensuring code follows the 'verify-first, write-last' pattern and maintains robust performance through accurate fee modeling.

주요 기능

01Identification of panic-prone code patterns that cause node DoS

02Verification of 'verify-first, write-last' state storage safety

03Review of dispatchable origin checks and privilege escalation risks

04Validation of Substrate weight calculations and fee logic

050 GitHub stars

06Automated detection of arithmetic overflows and unsafe math operations

사용 사례

01Auditing custom FRAME pallets before mainnet deployment

02Validating weight benchmarks and transaction fee logic for chain stability

03Performing security reviews on Polkadot parachain runtimes

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add fjor1025/infosec-framework substrate-vulnerability-scanner

For use in Claude.ai and ChatGPT

Download Skill