Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Introduction

Odin Scan is an AI-powered smart contract security scanner that detects vulnerabilities across multiple blockchain platforms. It combines multi-agent AI analysis with deterministic static analysis to produce high-confidence findings with minimal false positives.

Supported Platforms

PlatformLanguagesEcosystem
CosmWasmRustCosmos SDK chains (Osmosis, Neutron, Terra, etc.)
EVMSolidity, VyperEthereum, Arbitrum, Base, Polygon, BSC, and all EVM-compatible chains
Solana (SVM)RustSolana (Anchor and native programs)

Odin Scan automatically detects the platform based on your project structure, or you can specify it explicitly.

Key Differentiators

Multi-Agent AI Analysis

Odin Scan runs multiple independent AI models in parallel, using the most advanced large language models available. Each model analyzes your code with platform-aware expertise. When multiple models flag the same issue, the finding’s confidence is automatically boosted, reducing noise and surfacing real vulnerabilities. The model lineup is continuously updated to incorporate the latest advances in AI reasoning.

Deterministic Static Analysis

Odin Scan ships platform-specific rules that catch known vulnerability patterns with zero ambiguity. These deterministic checks complement the AI-based detection to provide comprehensive coverage.

Verification Pipeline

Every AI-generated finding passes through a verification pipeline that cross-checks findings against the code and considers repository context (audit history, compiler version, trust model) to produce accurate final severity ratings.

Proof-of-Concept Generation

For confirmed vulnerabilities, Odin Scan can generate executable proof-of-concept code that demonstrates the exploit scenario, making it easier to understand and reproduce issues during remediation.

Integration Options

Odin Scan fits into your development workflow through three integration points:

  • GitHub Action – Drop a workflow file into your repository and receive security findings as PR comments, inline annotations, and GitHub Code Scanning alerts via SARIF upload. See GitHub Action Setup.
  • REST API – Submit code for analysis programmatically and retrieve structured results. See API Reference.

Who It Is For

  • Smart contract developers who want automated security checks integrated into their CI pipeline
  • Security teams performing initial triage before manual review
  • Auditors looking for a fast first pass to identify areas of concern in large codebases

Feature Overview

  • Multi-platform support with automatic detection (CosmWasm, EVM, Solana)
  • Multi-agent AI analysis with confidence boosting from cross-agent agreement
  • Deterministic static analysis rules
  • SARIF output for GitHub Code Scanning integration
  • PR comments with configurable visibility modes (full, counts, private)
  • Severity thresholds to gate CI pipelines
  • Proof-of-concept generation for confirmed vulnerabilities
  • Context-aware analysis using README, compiler info, and audit history
  • JSON, Markdown, and SARIF output formats