Scout: Security Analysis Tool

Scout is an extensible open-source tool intended to assist smart contract developers and auditors detect common security issues and deviations from best practices. This is the vscode extension for Scout.

Visit Scout's website to learn more about the project, currently available for Polkadot's ink! and Stellar's Soroban smart contract languages.

Features

• Detection of common security issues and deviations from best practices.
• Line squiggles and hover messages to highlight issues.

Requirements

Before installing the extension, make sure you have the following requirements:

• rust-analyzer extension installed.
• Rust components installed.
• For Polkadot's ink! version, have cargo-scout-audit installed.
• For Stellar's Soroban version, have cargo-scout-audit-soroban installed.

Release Notes

0.1.3

Fix description and resources.

0.1.2

Building upon our commitment to enhancing smart contract security, we are thrilled to announce version 0.1.2 of our Scout vscode extension. This latest update introduces support for Soroban smart contracts on the Stellar blockchain, showcasing Scout's expanding versatility and capability to adapt to different Rust-based blockchain environments.

In this release, we are proud to present 12 new detectors and vulnerability classes specifically tailored for Soroban smart contracts, each accompanied by comprehensive test cases. This significant addition not only extends our coverage to another vital blockchain platform but also reinforces Scout's role as a critical tool in the smart contract development and auditing process.

0.1.1

Fix icon.

0.1.0

We're excited to announce the initial release of Scout, the vscode extension. This release lays the groundwork for smart contract developers and auditors, to efficiently identify common security issues and deviations from best practices within their ink! smart contracts.

We include in this release 14 detectors and vulnerablity classes with multiple test-cases.

About CoinFabrik

We - CoinFabrik - are a research and development company specialized in Web3, with a strong background in cybersecurity. Founded in 2014, we have worked on over 180 blockchain-related projects, EVM based and also for Solana, Algorand, and Polkadot. Beyond development, we offer security audits through a dedicated in-house team of senior cybersecurity professionals, currently working on code in Substrate, Solidity, Clarity, Rust, and TEAL.

Our team has an academic background in computer science and mathematics, with work experience focused on cybersecurity and software development, including academic publications, patents turned into products, and conference presentations. Furthermore, we have an ongoing collaboration on knowledge transfer and open-source projects with the University of Buenos Aires.

License

Scout is licensed and distributed under a MIT license. Contact us if you're looking for an exception to the terms.