Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Supported Platforms

Odin Scan supports multiple blockchain platforms including Cosmos SDK modules, CosmWasm, EVM, and Solana. Each platform has dedicated analysis logic and platform-specific rules.

Cosmos SDK & CosmWasm

Odin Scan provides comprehensive support for both Cosmos SDK Go modules and CosmWasm smart contracts.

CosmWasm (Rust)

Language: Rust Ecosystem: Cosmos SDK chains (Osmosis, Neutron, Terra, Injective, Juno, etc.)

Detection

Odin Scan identifies CosmWasm projects by checking for cosmwasm-std in Cargo.toml dependencies.

Analysis Features

  • Entry point analysis (instantiate, execute, query, migrate, sudo)
  • State management validation (storage reads/writes, key collision detection)
  • Access control checks on privileged operations
  • Cross-contract message handling and reply safety
  • IBC entry point validation
  • Addr::unchecked() usage detection
  • Unsafe arithmetic operation detection
  • Deterministic static analysis rules (8+ Rust-specific rules)

Common Vulnerability Patterns

  • Missing access control on execute handlers
  • Unsafe math operations without overflow protection
  • Unvalidated addresses passed to contract state
  • Storage key collisions between different state items
  • Unbounded iteration over state maps

Cosmos SDK Go Modules

Language: Go Ecosystem: Cosmos SDK blockchain modules and custom applications

Detection

Odin Scan identifies Cosmos SDK Go projects by checking for Go module patterns and cosmossdk.io dependencies.

Analysis Features

  • Gosec static analysis for Go security
  • Message handler validation
  • Permission and authorization checks
  • Go-specific security patterns

Common Vulnerability Patterns

  • Missing permission checks on sensitive operations
  • Unvalidated external input
  • Insecure cryptographic operations
  • Insufficient error handling
  • File permission issues

EVM

Languages: Solidity, Vyper Ecosystem: Ethereum, Arbitrum, Optimism, Base, Polygon, BSC, Avalanche, and all EVM-compatible chains

Detection

Odin Scan identifies EVM projects by the presence of .sol files combined with framework configuration:

  • foundry.toml (Foundry)
  • hardhat.config.js or hardhat.config.ts (Hardhat)

Analysis Features

  • Multi-agent AI analysis with EVM-specific rules
  • Solidity compiler version detection and version-specific checks
  • Reentrancy detection across external calls
  • Storage layout analysis
  • Access control and authorization pattern checks
  • ERC standard compliance verification

Common Vulnerability Patterns

  • Reentrancy via external calls before state updates
  • Integer overflow/underflow in older Solidity versions
  • Unprotected selfdestruct or delegatecall
  • Front-running and MEV exposure
  • Flash loan attack vectors
  • Missing input validation on public functions
  • Storage collision in proxy/upgrade patterns

Solana (SVM)

Language: Rust Ecosystem: Solana

Detection

Odin Scan identifies Solana projects by:

  • Anchor.toml and programs/ directory (Anchor framework)
  • Native Solana program structure with solana-program dependency

Analysis Features

  • Account validation and ownership checks
  • Signer verification analysis
  • PDA (Program Derived Address) derivation correctness
  • CPI (Cross-Program Invocation) safety
  • Anchor constraint validation (has_one, constraint, seeds)
  • Rent-exemption and account lifecycle checks

Common Vulnerability Patterns

  • Missing signer checks on privileged instructions
  • Incorrect account ownership validation
  • PDA seed collision or incorrect derivation
  • Unsafe CPI without proper account validation
  • Missing close account cleanup (leaving rent behind)
  • Type confusion between account structures

Auto-Detection

By default, Odin Scan automatically determines the platform by examining the repository structure. The detection order is:

  1. Check for Cosmos SDK markers (Go module with cosmossdk.io dependency)
  2. Check for CosmWasm markers (cosmwasm-std dependency)
  3. Check for EVM markers (.sol files with Foundry/Hardhat config)
  4. Check for Solana markers (Anchor.toml or solana-program dependency)

If detection is ambiguous or the repository contains multiple platforms, you can specify the platform explicitly:

# In the GitHub Action
- uses: odin-scan/odin-scan-action@v1
  with:
    api-key: ${{ secrets.ODIN_SCAN_API_KEY }}
    platform: cosmos   # or: cosmwasm, evm, solana

Platform Comparison

FeatureCosmos SDKCosmWasmEVMSolana
AI AnalysisYesYesYesYes
Static AnalysisYesYesYesYes
PoC GenerationYesYesYesYes
Auto-DetectionYesYesYesYes