substrate-vulnerability-scanner

The Substrate Vulnerability Scanner is a specialized security audit tool designed for developers and auditors working with Substrate-based blockchains, such as Polkadot parachains and standalone networks. It focuses on identifying platform-specific security patterns within FRAME pallets that, if left unaddressed, could lead to chain-wide node crashes, denial-of-service (DoS) attacks, unauthorized administrative access, or loss of user funds. The tool provides a systematic approach to auditing the dispatchable extrinsic functions and runtime configurations that form the core of any Substrate chain.

• Performs static analysis to detect 7 critical vulnerability patterns: Arithmetic Overflow (missing checked/saturating ops), Panic DoS (unsafe unwrap/expect/indexing), Weights and Fees (improper benchmarking/DoS risk), Verify-First-Write-Last violations, Unsigned Transaction Validation bypasses, Bad Randomness (insecure seeds), and Bad Origin checks.

• Inspects codebase structure, including pallet implementations in lib.rs, runtime configurations, and benchmarking files, to ensure compliance with security best practices.

• Assists in validating storage writes and event emissions against transactional safety standards introduced in Substrate v0.9.25+.

• Supports integration with Rust-native tooling such as cargo-fuzz, try-runtime for migration testing, and the native Substrate benchmarking framework for weight calculation verification.

• Provides actionable remediation advice, identifying specific code lines and suggesting implementation fixes for identified security flaws.

• Users should invoke this skill during the pre-launch security assessment of custom pallets or when performing routine audits of runtime upgrades.

• The scanner expects standard Rust-based Substrate project structures; users must ensure the target project includes proper frame-support dependencies to achieve full coverage.

• Typical usage involves scanning for panic-prone patterns, reviewing arithmetic logic for potential overflows, and verifying that all privileged operations use ensure_root or secure custom origins rather than insecure ensure_signed checks.

• The tool is particularly effective for developers maintaining high-stakes pallets where weight calculation errors can lead to spam attacks or operational instability.