🍣 Chonky - A Superhuman LLM Auditing Agent for Solidity

Your AI-Powered Smart Contract Auditing Assistant


VS Code Marketplace:
TLDR;
- Agent Augmented Auditing
- Automated Scoping
- Automated In-Depth Security Analysis
- Agentic Tooling for Deep Smart Contract Insights
- Extending Agent capabilities with General Purpose LLM Tooling
- Your Smart Contract Auditing Side-Kick!
Extends GitHub/Copilot Model Capabilities
🚀 Quick Start Guide
💬 Chat with Chonky
Use the @chonky chat participant for AI-assisted auditing

📊 Scope Solidity Projects
Generate comprehensive project scoping reports

🤖 Agent Automated Audits
Run comprehensive automated security analysis
**@chonky** #autoaudit Full security scan
🎯 Custom Chat Modes
Specialized chat modes for different audit phases

Explore all available features for your tier

📜 Agentic Auditor Prompt Template
Pre-prompt your action with our agentic security auditor template.

Sponsor and get Early Access to experimental future features 😊. Ping me if you run into any problems 🤗.

⚡⚡ Custom Agentic Workflows
Ready-to-go Scoping/Auditing workflows, easy to extend and customize.
**@chonky** ...
⚡⚡ Access to a comprehensive list of Security Primers
Get access to our curated list of Solidity security primers to augment and automate your security auditing.
**@chonky** ...
🆕 What's New in v0.6.0
✨ Highlights
- 🚀 Advanced Security Analysis Features
- 🛡️ Enhanced AI-Powered Vulnerability Detection
- ⚡ Improved Tier-Based Feature Access
🌟 New Features
- ▸ Security primer discovery and loading system
- ▸ Workflow repository with pre-built analysis templates
- ▸ Tool configuration repository access
- ▸ Interactive Solidity REPL (Chisel) integration
- ▸ Comprehensive differential analysis orchestrator
- ▸ AI-powered function similarity detection
- ▸ Advanced vulnerability database search
- ▸ MetaMask Snap security analysis
- ▸ Multi-language scoping (Go, Rust, Solidity)
- ▸ Etherscan and Sourcify integration
- ▸ Semgrep static analysis integration
🚀 Improvements
- ▸ Faster contract analysis
- ▸ Improved tooltip experience
- ▸ Enhanced sponsorship integration
🛠️ Feature Catalog
Available to everyone
Feature |
Description |
✅ Chonky Chat Participant |
AI-powered @chonky chat participant for intelligent assistance |
✅ Solidity Metrics & Scoping |
Comprehensive project analysis and scoping reports |
✅ Contract Structure Analysis |
Deep dive into contract architecture and patterns |
✅ Inheritance Tree Analysis |
Visualize and analyze inheritance relationships |
✅ Contract Flattening |
Flatten complex contract hierarchies |
✅ Access Control Analysis |
Identify permission patterns and vulnerabilities |
✅ Storage Layout Analysis |
Optimize storage packing and layout |
✅ Deployable Contract Discovery |
Find contracts ready for deployment |
✅ Import Dependency Analysis |
Map external dependencies and risks |
✅ Surya Visualization Suite |
Generate graphs and visual contract analysis |
✅ Solhint Code Quality |
Automated code quality and style checks |
✅ JSON Processing Tools |
Advanced JSON parsing and analysis |
✅ DateTime Utilities |
Timestamp and date manipulation tools |
✅ Memory Store |
Persistent data storage across sessions |
✅ Available Tools Discovery |
Explore all available Chonky capabilities |
✅ Workspace File Search |
Intelligent file discovery and search |
Available earlier to sponsors
💡 Support development to get early access - Become a Sponsor
Feature |
Description |
⚡ Custom Chat Modes |
Specialized chat modes for auditing workflows and scoping |
⚡ Semgrep Security Analysis |
Advanced static analysis with custom rules |
⚡ Solidity REPL (Chisel) |
Interactive Solidity execution environment |
⚡ Reentrancy Detection |
Comprehensive reentrancy vulnerability analysis |
⚡ Oracle Risk Analysis |
Identify oracle manipulation vulnerabilities |
⚡ ERC Compliance Checker |
Verify token standard implementations |
⚡ External Calls Analysis |
Map and analyze all external interactions |
⚡ Event Pattern Analysis |
Verify event emission completeness |
⚡ Function Similarity Detector |
AI-powered function pattern matching |
⚡ Inconsistency Reporter |
Find security pattern discrepancies |
⚡ Differential Analysis Orchestrator |
Comprehensive security pattern comparison |
⚡ Smart Contract Invariants |
Verify contract invariant properties |
⚡ Function Analysis Engine |
Deep function behavior and pattern analysis |
⚡ Contract Call Graph Generator |
Advanced interaction flow visualization |
⚡ Function Path Tracer |
Execution path analysis with wildcard selectors |
For security teams and researchers
🚀 Professional tools for advanced security research - Upgrade to Professional
Feature |
Description |
👑 Security Primer Discovery |
Discover and search security analysis primers |
👑 Security Primer Loading |
Load comprehensive security primers for AI analysis |
👑 Workflow Repository Access |
Access pre-built security analysis workflows |
👑 Tool Repository Access |
Access security tool configurations and templates |
👑 Vulnerability Database Search |
Query Solodit for known vulnerabilities |
👑 Diligence Vulnerability Database |
Access ConsenSys Diligence research database |
👑 Go Codebase Scoping |
Security analysis for Go blockchain projects |
👑 Rust Codebase Scoping |
Security analysis for Rust blockchain projects |
👑 MetaMask Snap Analysis |
Comprehensive MetaMask Snap security review |
👑 Etherscan Integration |
On-chain contract verification and analysis |
👑 Sourcify Integration |
Source code verification and metadata analysis |
👑 Public Codebase Search |
Search GitHub for similar contract patterns |
📖 Documentation
Getting Started
- Install the Extension: Search for "Chonky" in VS Code Extensions
- Start Chatting: Use
@chonky
in any chat window (ask
Mode)
- Discover Tools: Switch to Copilot
Agentic
Mode, ask about Chonky's available tools in natural language
- Scope Your Project: In
Agentic
or Scoping Mode, ask to scope the project
Chat Modes
Chonky supports specialized chat modes for different agentic workflows:
Scoping
- Project scoping and analysis
Audit
- Security auditing workflows
- 🔒 Security Analysis: Access control, reentrancy, external calls, oracle analysis
- 🏗️ Contract Structure: Structure analysis, imports, inheritance, flattening
- 📊 Code Quality: Events, ERC compliance, functions, invariants
- 🌐 External Services: Etherscan, Sourcify, vulnerability databases
- 🛠️ Utilities: Surya graphs, Solhint, scoping, memory store
🎯 Use Cases
Security Auditors
- Comprehensive vulnerability detection
- Automated pattern analysis
- AI-assisted code review
- Integration with external databases
Development Teams
- Project scoping and metrics
- Code quality assurance
- ERC standard compliance
- Continuous security monitoring
Security Researchers
- Advanced vulnerability research
- Pattern similarity detection
- Multi-language analysis
- Custom primer development
🔧 Installation
VS Code Marketplace
- Open VS Code
- Go to Extensions (Ctrl+Shift+X)
- Search for "Chonky"
- Click Install
Manual Installation
- Download the latest
.vsix
file from releases
- Open VS Code
- Run
Extensions: Install from VSIX...
- Select the downloaded file
🤝 Contributing
We welcome contributions! Here's how you can help:
- Report Bugs: Open an issue with detailed information
- Feature Requests: Suggest new features or improvements
- Documentation: Help improve our docs
- Sponsorship: Support development through GitHub Sponsors
Development Setup
git clone https://github.com/tintinweb/vscode-chonky.git
cd chonky
npm install
npm run compile
💝 Support Development
Chonky is developed and maintained by passionate security researchers. Your support helps us:
- 🔬 Research new vulnerabilities
- 🛠️ Develop advanced tools
- 📚 Create educational content
- 🌍 Keep tools free for everyone

- 🆓 Base: Core features for everyone
- ⚡ Early Access (see Sponsor page): Early access to new features
- 👑 Professional (contact me): Advanced research tools
📄 License & Credits
Created by tintinweb - Security researcher and smart contract auditor with 7+ years in Blockchain security.