🔍 Solidity Security Scanner — Live Demo

This repository demonstrates the Solidity Security Scanner PRO GitHub Action in action.

⚠️ Intentional Vulnerabilities

The VulnerableVault.sol contract contains these intentional vulnerabilities:

#	Vulnerability	Severity	Line
1	Reentrancy — external call before state update	🔴 Critical	22-24
2	Unprotected selfdestruct	🟠 High	29-31
3	Uncached array length in loop	🟡 Medium	35
4	Post-increment in loop (gas waste)	🟡 Medium	35
5	tx.origin authentication	🟠 High	41

🚀 How It Works

When you push code or open a PR, the scanner automatically:

1. Detects all .sol files
2. Runs static analysis (Slither + heuristic engine)
3. Posts inline comments on vulnerable lines
4. Outputs a JSON report with severity scores

📦 Install in Your Repo

# .github/workflows/audit.yml
name: "Security Audit"
on: [pull_request]

jobs:
  audit:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: mvmax-dev/solidity-security-scanner@main
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}

⭐ Links

• Install from Marketplace
• Main Repository
• Report Issues

---

⭐ If this scanner catches a vulnerability in your project, consider starring the main repo!