Engineering
entry-point-analyzer avatar

entry-point-analyzer

Map the attack surface of smart contract codebases by identifying and categorizing state-changing entry points.

CourseVibe Coding & Tech Startup CourseTurn ideas into shipped products with AI-assisted coding and startup essentials—structured lessons, hands-on builds, and a clear path from prototype to launch. Open the course page for the full syllabus, format, and how to join.View syllabus & course details

Introduction

The Entry Point Analyzer is a specialized security auditing tool designed to map the attack surface of smart contract codebases. By systematically identifying functions that modify contract state, it enables developers and security researchers to focus their audit efforts on the most critical components of the system. This skill effectively filters out noise by excluding read-only view and pure functions, allowing users to concentrate on the functions that can actually trigger state changes, modify balances, or alter contract logic. It is an essential component for teams performing security reviews on protocols built with Solidity, Vyper, Rust (Solana/CosmWasm), Move (Aptos/Sui), and TON (FunC/Tact).

  • Automatically detects contract languages and applies specific parsing logic for each.

  • Integrates with Slither for Solidity projects to provide high-fidelity entry point extraction and printer-based reports.

  • Categorizes functions into Public (unrestricted), Role-Restricted (admin/owner/governance), and Contract-Only (callback/integration points) to highlight access control patterns.

  • Generates structured Markdown reports detailing the function name, file path, and specific access control modifiers for each identified entry point.

  • Provides a clear methodology for manual inspection when automated tools like Slither are unavailable or unsupported.

  • Use this skill at the initiation of a security audit to establish a comprehensive overview of how a contract interacts with external actors.

  • Ensure your environment has the necessary language-specific tools installed, such as Slither for Solidity, to maximize the accuracy of the analysis.

  • The output is intended for security auditing and threat modeling; it does not replace deep vulnerability analysis but serves as the foundational step for locating potential entry vectors for attacks.

  • It specifically excludes functions like getters or query entry points that cannot modify state, ensuring that the generated report remains highly relevant to security concerns.

  • When encountering complex access control patterns or dynamic authorization, supplement the automated findings with a manual review of the identified role-checking logic.

Repository Stats

Stars
4,874
Forks
424
Open Issues
21
Language
Python
Default Branch
main
Sync Status
Idle
Last Synced
Apr 29, 2026, 07:09 AM
View on GitHub
entry-point-analyzer | Skills Hub