🍣 Chonky - A Superhuman LLM Auditing Agent for Solidity

Chonky is a VS Code extension that transforms GitHub Copilot into a specialized smart contract security auditing agent.

---

VS Code Marketplace:

• tintinweb.chonky
• #> ext tintinweb.chonky

TLDR;

• Agent Augmented Auditing
• Automated Scoping
• Automated In-Depth Security Analysis
• Agentic Tooling for Deep Smart Contract Insights
• Extending Agent capabilities with General Purpose LLM Tooling
• Your Smart Contract Auditing Side-Kick!

Extends GitHub/Copilot Model Capabilities

🚀 Quick Start Guide

💬 Use Chonky's Tools in Copilots Agentic Mode

Open Copilot Chat → switch to Agent mode → Ask the agent

// list availabler tools
List chonky available llm tools

💬 Chat with Chonky

Use Agent mode for day-to-day use. The agent will decide when to invoke any of Chonky's tools. Use the @chonky chat participant for specialized operations.

📊 Scope Solidity Projects

Generate comprehensive project scoping reports

🤖 Agent Automated Audits

Run comprehensive automated security analysis

**@chonky** #autoaudit Full security scan

🎯 Custom Chat Modes

Specialized chat modes for different audit phases

🔍 Discover Tools

Explore all available features for your tier

📜 Agentic Auditor Prompt Template

Pre-prompt your action with our agentic security auditor template.

⚡ Early Access / Sponsors / Professional

♥️ Sign In for Early Access Features (Sponsors)

Sponsor and get Early Access to experimental future features 😊. Ping me if you run into any problems 🤗.

⚡⚡ Custom Agentic Workflows

Ready-to-go Scoping/Auditing workflows, easy to extend and customize.

**@chonky** ...

⚡⚡ Access to a comprehensive list of Security Primers

Get access to our curated list of Solidity security primers to augment and automate your security auditing.

**@chonky** ...

---

🆕 What's New in v0.6.6

✨ Highlights

• 🔧 Improved .chonky Directory Discovery
• 📁 Flexible File Placement Support

🚀 Improvements

• ▸ Fixed discovery of files in .chonky root directory (e.g., .chonky/xxx.workflow.md)
• ▸ Simplified validation logic for better file placement flexibility
• ▸ Enhanced workspace resource detection

---

🆕 What's New in v0.6.5

✨ Highlights

• 📁 Auto-Discovery of .chonky Workspace Folders
• 🎯 Repository Filtering with repositoryId
• 🔍 Pattern-Based Resource Discovery
• 📊 Enhanced Discovery Output

🌟 New Features

• ▸ Automatic workspace .chonky folder detection for project-specific security resources
• ▸ Repository filtering for targeted primer/workflow discovery
• ▸ Flexible file extension matching (*.primer.md, .workflow.md, tools/.yml)
• ▸ Repository information display in discovery results

🚀 Improvements

• ▸ Better project-specific security resource management
• ▸ Enhanced filtering capabilities for large repositories
• ▸ More intuitive workspace-based resource organization

---

🆕 What's New in v0.6.5

✨ Highlights

• 🎨 Enhanced Visual Code Annotation System
• 🎯 Accurate Line Targeting with Code Validation
• 🛡️ Advanced Security-Focused Decorations
• ✨ Custom Styling with Full Validation

---

🆕 What's New in v0.6.0

✨ Highlights

• 🚀 Advanced Security Analysis Features
• 🛡️ Enhanced AI-Powered Vulnerability Detection
• ⚡ Improved Tier-Based Feature Access

🌟 New Features

• ▸ Security primer discovery and loading system
• ▸ Workflow repository with pre-built analysis templates
• ▸ Tool configuration repository access
• ▸ Interactive Solidity REPL (Chisel) integration
• ▸ Comprehensive differential analysis orchestrator
• ▸ AI-powered function similarity detection
• ▸ Advanced vulnerability database search
• ▸ MetaMask Snap security analysis
• ▸ Multi-language scoping (Go, Rust, Solidity)
• ▸ Etherscan and Sourcify integration
• ▸ Semgrep static analysis integration

🚀 Improvements

• ▸ Faster contract analysis
• ▸ Improved tooltip experience
• ▸ Enhanced sponsorship integration

---

🛠️ Feature Catalog

🆓 Base Features (21 tools)

Available to everyone

Feature	Description
🔹 Chonky Chat Participant	AI-powered @chonky chat participant for intelligent assistance
🔹 Solidity Metrics & Scoping	Comprehensive project analysis and scoping reports
🔹 Contract Structure Analysis	Deep dive into contract architecture and patterns
🔹 Inheritance Tree Analysis	Visualize and analyze inheritance relationships
🔹 Contract Flattening	Flatten complex contract hierarchies
🔹 Access Control Analysis	Identify permission patterns and vulnerabilities
🔹 Storage Layout Analysis	Optimize storage packing and layout
🔹 Deployable Contract Discovery	Find contracts ready for deployment
🔹 Import Dependency Analysis	Map external dependencies and risks
🔹 External Calls Analysis	Map and analyze all external interactions
🔹 ERC Compliance Checker	Verify token standard implementations
🔹 Semgrep Security Analysis	Advanced static analysis with custom rules
🔹 Surya Visualization Suite	Generate graphs and visual contract analysis
🔹 Solhint Code Quality	Automated code quality and style checks
🔹 JSON Processing Tools	Advanced JSON parsing and analysis
🔹 DateTime Utilities	Timestamp and date manipulation tools
🔹 Memory Store	Persistent data storage across sessions
🔹 Available Tools Discovery	Explore all available Chonky capabilities
🔹 Workspace File Search	Intelligent file discovery and search
🔹 Workspace Integration	Auto-discovery of .chonky folders with pattern-based resource matching
🔹 Editor Decorator Tool	Advanced visual code annotation with accurate line targeting and custom styling
🔹 Diagnostic View Manager	Read and create VS Code diagnostics with code snippet validation

⚡ Early Access Features (12 tools)

Available earlier to sponsors

💡 Support development to get early access - Become a Sponsor

Feature	Description
🔸 Custom Chat Modes	Specialized chat modes for auditing workflows and scoping
🔸 Solidity REPL (Chisel)	Interactive Solidity execution environment
🔸 Reentrancy Detection	Comprehensive reentrancy vulnerability analysis
🔸 Oracle Risk Analysis	Identify oracle manipulation vulnerabilities
🔸 Event Pattern Analysis	Verify event emission completeness
🔸 Function Similarity Detector	AI-powered function pattern matching
🔸 Inconsistency Reporter	Find security pattern discrepancies
🔸 Differential Analysis Orchestrator	Comprehensive security pattern comparison
🔸 Smart Contract Invariants	Verify contract invariant properties
🔸 Function Analysis Engine	Deep function behavior and pattern analysis
🔸 Contract Call Graph Generator	Advanced interaction flow visualization
🔸 Function Path Tracer	Execution path analysis with wildcard selectors

⚡ Professional Features (12 tools)

For security teams and researchers

🚀 Professional tools for advanced security research - Upgrade to Professional

Feature	Description
⚡ Security Primer Discovery	Discover and search security analysis primers
⚡ Security Primer Loading	Load comprehensive security primers for AI analysis
⚡ Workflow Repository Access	Access pre-built security analysis workflows
⚡ Tool Repository Access	Access security tool configurations and templates
⚡ Vulnerability Database Search	Query Solodit for known vulnerabilities
⚡ Diligence Vulnerability Database	Access ConsenSys Diligence research database
⚡ Go Codebase Scoping	Security analysis for Go blockchain projects
⚡ Rust Codebase Scoping	Security analysis for Rust blockchain projects
⚡ MetaMask Snap Analysis	Comprehensive MetaMask Snap security review
⚡ Etherscan Integration	On-chain contract verification and analysis
⚡ Sourcify Integration	Source code verification and metadata analysis
⚡ Public Codebase Search	Search GitHub for similar contract patterns

---

📖 Documentation

Getting Started

1. Install the Extension: Search for "Chonky" in VS Code Extensions
2. Start Chatting: Use @chonky in any chat window (ask Mode)
3. Discover Tools: Switch to Copilot Agentic Mode, ask about Chonky's available tools in natural language
4. Scope Your Project: In Agentic or Scoping Mode, ask to scope the project

Chat Modes

Chonky supports specialized chat modes for different agentic workflows:

• Scoping - Project scoping and analysis
• Audit - Security auditing workflows

Tool Categories

• 🔒 Security Analysis: Access control, reentrancy, external calls, oracle analysis
• 🏗️ Contract Structure: Structure analysis, imports, inheritance, flattening
• 📊 Code Quality: Events, ERC compliance, functions, invariants
• 🌐 External Services: Etherscan, Sourcify, vulnerability databases
• 🛠️ Utilities: Surya graphs, Solhint, scoping, memory store

---

🎯 Use Cases

Security Auditors

• Comprehensive vulnerability detection
• Automated pattern analysis
• AI-assisted code review
• Integration with external databases

Development Teams

• Project scoping and metrics
• Code quality assurance
• ERC standard compliance
• Continuous security monitoring

Security Researchers

• Advanced vulnerability research
• Pattern similarity detection
• Multi-language analysis
• Custom primer development

---

🔧 Installation

VS Code Marketplace

1. Open VS Code
2. Go to Extensions (Ctrl+Shift+X)
3. Search for "Chonky"
4. Click Install

Manual Installation

1. Download the latest .vsix file from releases
2. Open VS Code
3. Run Extensions: Install from VSIX...
4. Select the downloaded file

---

🤝 Contributing

We welcome contributions! Here's how you can help:

1. Report Bugs: Open an issue with detailed information
2. Feature Requests: Suggest new features or improvements
3. Documentation: Help improve our docs
4. Sponsorship: Support development through GitHub Sponsors

Development Setup

git clone https://github.com/tintinweb/vscode-chonky.git
cd chonky
npm install
npm run compile

---

💝 Support Development

Chonky is developed and maintained by passionate security researchers. Your support helps us:

• 🔬 Research new vulnerabilities
• 🛠️ Develop advanced tools
• 📚 Create educational content
• 🌍 Keep tools free for everyone

Sponsorship Tiers

• 🔹 Base: Core features for everyone
• 🔸 Early Access (see Sponsor page): Early access to new features
• ⚡ Professional (contact me): Advanced research tools

---

📄 License & Credits

Created by tintinweb - Security researcher and smart contract auditor with 7+ years in Blockchain security.

---

📞 Support & Community

• GitHub Issues: Report bugs and request features
• Twitter: @tintinweb
• Website: Visit our website

---