Static Analysis
Odin Scan includes deterministic static analysis rules that complement the AI-based detection. These rules provide precise, reproducible checks for known vulnerability patterns with zero ambiguity.
How Static Analysis Complements AI
AI-based analysis excels at detecting complex, context-dependent vulnerabilities that require understanding intent and business logic. Static analysis excels at catching well-defined patterns with zero false positives in common cases.
| Aspect | AI Analysis | Static Analysis |
|---|---|---|
| Pattern detection | Complex, contextual | Well-defined, deterministic |
| False positive rate | Higher (reduced by verification) | Very low |
| Novel vulnerabilities | Can detect previously unseen patterns | Limited to known patterns |
| Reproducibility | May vary between runs | Identical results every run |
By running both in parallel, Odin Scan achieves broad coverage (AI) with high precision (static analysis).
CosmWasm Rules
The following rules are currently available for CosmWasm contracts:
| Rule | Severity | Description |
|---|---|---|
missing_access_control | Critical | Detects execute handlers and privileged operations that lack authorization checks. Looks for functions that modify state or transfer funds without verifying the caller’s identity or role. |
unsafe_math | High | Identifies arithmetic operations that could overflow or underflow. Flags direct use of +, -, *, / operators on integer types instead of checked or saturating alternatives. |
unchecked_addr | High | Finds usage of Addr::unchecked() where user-supplied strings are converted to addresses without validation via deps.api.addr_validate(). |
input_validation | Medium | Detects missing validation on message fields and function parameters. Checks for unbounded strings, missing range checks on numeric inputs, and unvalidated enum variants. |
storage_key_collisions | Medium | Identifies storage items that use identical or overlapping keys, which can cause silent data corruption when two state items write to the same storage slot. |
predictable_randomness | Medium | Detects use of predictable sources for randomness such as block height, block time, or transaction hashes. These values can be manipulated or predicted by validators. |
unsaved_storage | Low | Finds state modifications that are computed but never persisted to storage. Catches cases where a value is loaded, modified in memory, but the save() call is missing. |
unbounded_loops | Low | Identifies loops that iterate over collections without pagination or upper bounds. In a smart contract context, unbounded iteration can exceed gas limits and cause transaction failures. |
Rule Details
Each rule provides:
- Exact code location – file path and line number of the flagged pattern
- Explanation – why the pattern is problematic
- Remediation – suggested code change to resolve the issue
- Code examples – demonstrating both the vulnerable and secure pattern
Platform Coverage
Static analysis rules are organized by platform. Each platform has its own set of rules tailored to its specific vulnerability landscape:
| Platform | Status | Rule Count | Notes |
|---|---|---|---|
| CosmWasm | Active | 8+ rules | Full coverage of common CosmWasm vulnerabilities |
| Solana | Planned | – | Will cover Anchor constraints, account validation, PDA safety |
| EVM | Active | – | Includes additional Solidity-specific checks |
Integration With AI Analysis
Static analysis runs in parallel with AI analysis. When a static analysis rule and an AI model both flag the same code location for the same category, the aggregated finding receives a confidence boost. This cross-validation between deterministic and probabilistic detection methods produces high-confidence results.