Supported Platforms
Odin Scan supports three smart contract platforms. Each platform has dedicated analysis logic and platform-specific rules.
CosmWasm
Language: Rust Ecosystem: Cosmos SDK chains (Osmosis, Neutron, Terra, Injective, Juno, etc.)
Detection
Odin Scan identifies CosmWasm projects by checking for cosmwasm-std in Cargo.toml dependencies.
Analysis Features
- Entry point analysis (
instantiate,execute,query,migrate,sudo) - State management validation (storage reads/writes, key collision detection)
- Access control checks on privileged operations
- Cross-contract message handling and reply safety
- IBC entry point validation
Addr::unchecked()usage detection- Unsafe arithmetic operation detection
- Deterministic static analysis rules
Common Vulnerability Patterns
- Missing access control on
executehandlers - Unsafe math operations without overflow protection
- Unvalidated addresses passed to contract state
- Storage key collisions between different state items
- Unbounded iteration over state maps
EVM
Languages: Solidity, Vyper Ecosystem: Ethereum, Arbitrum, Optimism, Base, Polygon, BSC, Avalanche, and all EVM-compatible chains
Detection
Odin Scan identifies EVM projects by the presence of .sol files combined with framework configuration:
foundry.toml(Foundry)hardhat.config.jsorhardhat.config.ts(Hardhat)
Analysis Features
- Multi-agent AI analysis with EVM-specific rules
- Solidity compiler version detection and version-specific checks
- Reentrancy detection across external calls
- Storage layout analysis
- Access control and authorization pattern checks
- ERC standard compliance verification
Common Vulnerability Patterns
- Reentrancy via external calls before state updates
- Integer overflow/underflow in older Solidity versions
- Unprotected
selfdestructordelegatecall - Front-running and MEV exposure
- Flash loan attack vectors
- Missing input validation on public functions
- Storage collision in proxy/upgrade patterns
Solana (SVM)
Language: Rust Ecosystem: Solana
Detection
Odin Scan identifies Solana projects by:
Anchor.tomlandprograms/directory (Anchor framework)- Native Solana program structure with
solana-programdependency
Analysis Features
- Account validation and ownership checks
- Signer verification analysis
- PDA (Program Derived Address) derivation correctness
- CPI (Cross-Program Invocation) safety
- Anchor constraint validation (
has_one,constraint,seeds) - Rent-exemption and account lifecycle checks
Common Vulnerability Patterns
- Missing signer checks on privileged instructions
- Incorrect account ownership validation
- PDA seed collision or incorrect derivation
- Unsafe CPI without proper account validation
- Missing close account cleanup (leaving rent behind)
- Type confusion between account structures
Auto-Detection
By default, Odin Scan automatically determines the platform by examining the repository structure. The detection order is:
- Check for CosmWasm markers (
cosmwasm-stddependency) - Check for EVM markers (
.solfiles with Foundry/Hardhat config) - Check for Solana markers (Anchor.toml or
solana-programdependency)
If detection is ambiguous or the repository contains multiple platforms, you can specify the platform explicitly:
# In the GitHub Action
- uses: odin-scan/odin-scan-action@v1
with:
api-key: ${{ secrets.ODIN_SCAN_API_KEY }}
platform: cosmwasm # or: evm, solana
Platform Comparison
| Feature | CosmWasm | EVM | Solana |
|---|---|---|---|
| AI Analysis | Yes | Yes | Yes |
| Static Analysis | Yes | Yes | Planned |
| PoC Generation | Yes | Yes | Yes |
| Auto-Detection | Yes | Yes | Yes |