entry-point-analyzer

The Entry Point Analyzer is a specialized security tool designed for auditors and developers to map the attack surface of smart contract projects. It focuses exclusively on state-changing functions, which are the primary vectors for financial loss and state corruption. By systematically filtering out read-only functions like Solidity's view/pure or CosmWasm's query handlers, the tool allows auditors to concentrate on high-impact areas of the codebase. It identifies externally callable functions and performs access control analysis to distinguish between public, role-restricted, and contract-only entry points. This tool is essential for initial audit phases, providing a structured foundation for more complex vulnerability research.

• Automatically detects contract languages including Solidity, Vyper, Solana/Rust, Move, TON, and CosmWasm.

• Integrates with Slither for automated entry point extraction in Solidity codebases.

• Performs fine-grained access control classification for roles such as owner, admin, governance, and pauser.

• Generates structured markdown reports detailing function signatures, locations, and privilege requirements.

• Facilitates rapid attack surface mapping and identifies potential privilege escalation paths through role-restricted operations.

• Use this skill during the early stages of a smart contract audit to gain a clear understanding of the system's external boundaries.

• It is not a vulnerability scanner; it is a context-building prerequisite for subsequent security work.

• Does not analyze non-state-changing operations, as these are typically excluded from the core attack surface for financial exploits.

• Supports multi-chain environments by mapping specific patterns like Solana's mut account references or Move's entry function qualifiers.

• Provides a clear summary table of functions by category, helping auditors prioritize their manual review efforts based on authorization complexity and call exposure.