butthtio

butthtio / solidity-cot-auditor

Public

Multi-role chain-of-thought LLM pipeline for Solidity security auditing, layered on top of Slither output.

13
7
100% credibility
Found May 04, 2026 at 13 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

A Python tool that processes Slither static analysis output on Solidity contracts using a chain-of-thought LLM pipeline to generate detailed explanations, exploit sketches, fix suggestions, and quality judgments.

How It Works

1
🔍 Discover the safety checker

You hear about a helpful tool that deeply analyzes smart contracts for security issues beyond basic scans.

2
📥 Get it ready

You download and prepare the tool on your computer so it's all set to use.

3
🤖 Connect a smart helper

You link the tool to an AI service that can think deeply about code problems.

4
📄 Pick your contract

You select the smart contract file you want to check for hidden dangers.

5
▶️ Start the deep review

You launch the full analysis, where the AI explains issues, sketches risks, suggests fixes, and double-checks everything.

📊 Receive your clear report

You get a friendly report with understandable explanations, exploit ideas for learning, simple fixes, and confidence scores, making your contract safer.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 13 to 13 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is solidity-cot-auditor?

This Python tool runs a multi-role chain-of-thought (CoT) LLM pipeline layered on top of Slither output for Solidity security auditing. Feed it a .sol file via CLI (`solidity-cot audit MyContract.sol`) or Slither JSON, and it generates Markdown/JSON reports with technical explanations, exploit sketches, fix diffs, and a judge score for each finding. It turns terse static analysis alerts into actionable insights, like why a reentrancy vuln matters here and how to patch it minimally.

Why is it gaining traction?

Unlike raw Slither or generic LLM prompters, this auditor separates roles—explainer, exploit writer, fixer, judge—for focused, inspectable CoT that reduces hallucinations and catches chain errors. Users get configurable filtering (min-severity medium, cap 20 findings), flexible LLM backends (OpenAI, Anthropic, local vLLM), and skippable steps like exploits for non-critical issues. The preserved reasoning chain and diff-style fixes make it practical for quick audits without full manual review.

Who should use this?

Solidity developers auditing DeFi contracts or running CI checks on Foundry/Hardhat projects. Security teams layering LLM smarts atop Slither for medium/high findings, especially when triaging reentrancy or access control alerts. Solo auditors needing exploit PoCs and fixes without writing custom prompts.

Verdict

Worth a spin for Slither users wanting LLM-augmented auditing—solid docs, CLI, and tests despite 13 stars and 1.0% credibility score. Still early (v0.1.0) with low adoption, so test on known vulns first; pair with human review until Mythril batching lands.

(178 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.