Overview
Odin Scan processes smart contract code through a proprietary analysis pipeline that combines AI analysis with deterministic static checks and a verification layer. The pipeline is designed to maximize detection accuracy while minimizing false positives.
How It Works
When you submit code for analysis, Odin Scan performs the following high-level steps:
-
Platform Detection — Odin Scan examines your repository to determine whether you are building on CosmWasm, EVM, or Solana. You can also specify the platform explicitly.
-
Context Understanding — Odin Scan gathers context about your project (README, compiler version, audit history, trust model) to tailor the analysis to your specific environment.
-
AI + Static Analysis — Multiple AI models and deterministic static analysis rules analyze your code in parallel. Each analyzer operates independently to maximize coverage. See Multi-Agent AI and Static Analysis for more on each approach.
-
Verification — Findings are cross-checked, deduplicated, and verified against the source code. False positive reduction runs automatically to ensure the findings that reach your report are accurate and actionable.
-
Report Generation — Verified findings are formatted into the requested output: JSON, Markdown, or SARIF for GitHub Code Scanning. Each finding includes a title, description, severity, confidence, code location, and remediation guidance.
What You Get
Every scan produces a structured report containing:
- Findings with severity (Critical, High, Medium, Low, Informational) and confidence levels
- Code locations pinpointing the exact file and line number
- Remediation guidance explaining how to fix each issue
- Proof-of-concept code demonstrating exploit scenarios (when available)
- Context-aware severity adjusted for your project’s specific environment
See Vulnerability Categories for the full breakdown of how findings are classified.