🍣 Chonky - A Superhuman LLM Auditing Agent for Solidity

---

VS Code Marketplace:

• tintinweb.chonky
• #> ext tintinweb.chonky

TLDR;

• Agent Augmented Auditing
• Automated Scoping
• Automated In-Depth Security Analysis
• Agentic Tooling for Deep Smart Contract Insights
• Extending Agent capabilities with General Purpose LLM Tooling
• Your Smart Contract Auditing Side-Kick!

Extends GitHub/Copilot Model Capabilities

🚀 Quick Start Guide

💬 Chat with Chonky

Use the @chonky chat participant for AI-assisted auditing

📊 Scope Solidity Projects

Generate comprehensive project scoping reports

🤖 Agent Automated Audits

Run comprehensive automated security analysis

**@chonky** #autoaudit Full security scan

🎯 Custom Chat Modes

Specialized chat modes for different audit phases

🔍 Discover Tools

Explore all available features for your tier

📜 Agentic Auditor Prompt Template

Pre-prompt your action with our agentic security auditor template.

⚡ Early Access / Sponsors / Professional

♥️ Sign In for Early Access Features (Sponsors)

Sponsor and get Early Access to experimental future features 😊. Ping me if you run into any problems 🤗.

⚡⚡ Custom Agentic Workflows

Ready-to-go Scoping/Auditing workflows, easy to extend and customize.

**@chonky** ...

⚡⚡ Access to a comprehensive list of Security Primers

Get access to our curated list of Solidity security primers to augment and automate your security auditing.

**@chonky** ...

---

🆕 What's New in v0.6.0

✨ Highlights

• 🚀 Advanced Security Analysis Features
• 🛡️ Enhanced AI-Powered Vulnerability Detection
• ⚡ Improved Tier-Based Feature Access

🌟 New Features

• ▸ Security primer discovery and loading system
• ▸ Workflow repository with pre-built analysis templates
• ▸ Tool configuration repository access
• ▸ Interactive Solidity REPL (Chisel) integration
• ▸ Comprehensive differential analysis orchestrator
• ▸ AI-powered function similarity detection
• ▸ Advanced vulnerability database search
• ▸ MetaMask Snap security analysis
• ▸ Multi-language scoping (Go, Rust, Solidity)
• ▸ Etherscan and Sourcify integration
• ▸ Semgrep static analysis integration

🚀 Improvements

• ▸ Faster contract analysis
• ▸ Improved tooltip experience
• ▸ Enhanced sponsorship integration

---

🛠️ Feature Catalog

🆓 Base Features (16 tools)

Available to everyone

Feature	Description
✅ Chonky Chat Participant	AI-powered @chonky chat participant for intelligent assistance
✅ Solidity Metrics & Scoping	Comprehensive project analysis and scoping reports
✅ Contract Structure Analysis	Deep dive into contract architecture and patterns
✅ Inheritance Tree Analysis	Visualize and analyze inheritance relationships
✅ Contract Flattening	Flatten complex contract hierarchies
✅ Access Control Analysis	Identify permission patterns and vulnerabilities
✅ Storage Layout Analysis	Optimize storage packing and layout
✅ Deployable Contract Discovery	Find contracts ready for deployment
✅ Import Dependency Analysis	Map external dependencies and risks
✅ Surya Visualization Suite	Generate graphs and visual contract analysis
✅ Solhint Code Quality	Automated code quality and style checks
✅ JSON Processing Tools	Advanced JSON parsing and analysis
✅ DateTime Utilities	Timestamp and date manipulation tools
✅ Memory Store	Persistent data storage across sessions
✅ Available Tools Discovery	Explore all available Chonky capabilities
✅ Workspace File Search	Intelligent file discovery and search

⚡ Early Access Features (15 tools)

Available earlier to sponsors

💡 Support development to get early access - Become a Sponsor

Feature	Description
⚡ Custom Chat Modes	Specialized chat modes for auditing workflows and scoping
⚡ Semgrep Security Analysis	Advanced static analysis with custom rules
⚡ Solidity REPL (Chisel)	Interactive Solidity execution environment
⚡ Reentrancy Detection	Comprehensive reentrancy vulnerability analysis
⚡ Oracle Risk Analysis	Identify oracle manipulation vulnerabilities
⚡ ERC Compliance Checker	Verify token standard implementations
⚡ External Calls Analysis	Map and analyze all external interactions
⚡ Event Pattern Analysis	Verify event emission completeness
⚡ Function Similarity Detector	AI-powered function pattern matching
⚡ Inconsistency Reporter	Find security pattern discrepancies
⚡ Differential Analysis Orchestrator	Comprehensive security pattern comparison
⚡ Smart Contract Invariants	Verify contract invariant properties
⚡ Function Analysis Engine	Deep function behavior and pattern analysis
⚡ Contract Call Graph Generator	Advanced interaction flow visualization
⚡ Function Path Tracer	Execution path analysis with wildcard selectors

👑 Professional Features (12 tools)

For security teams and researchers

🚀 Professional tools for advanced security research - Upgrade to Professional

Feature	Description
👑 Security Primer Discovery	Discover and search security analysis primers
👑 Security Primer Loading	Load comprehensive security primers for AI analysis
👑 Workflow Repository Access	Access pre-built security analysis workflows
👑 Tool Repository Access	Access security tool configurations and templates
👑 Vulnerability Database Search	Query Solodit for known vulnerabilities
👑 Diligence Vulnerability Database	Access ConsenSys Diligence research database
👑 Go Codebase Scoping	Security analysis for Go blockchain projects
👑 Rust Codebase Scoping	Security analysis for Rust blockchain projects
👑 MetaMask Snap Analysis	Comprehensive MetaMask Snap security review
👑 Etherscan Integration	On-chain contract verification and analysis
👑 Sourcify Integration	Source code verification and metadata analysis
👑 Public Codebase Search	Search GitHub for similar contract patterns

---

📖 Documentation

Getting Started

1. Install the Extension: Search for "Chonky" in VS Code Extensions
2. Start Chatting: Use @chonky in any chat window (ask Mode)
3. Discover Tools: Switch to Copilot Agentic Mode, ask about Chonky's available tools in natural language
4. Scope Your Project: In Agentic or Scoping Mode, ask to scope the project

Chat Modes

Chonky supports specialized chat modes for different agentic workflows:

• Scoping - Project scoping and analysis
• Audit - Security auditing workflows

Tool Categories

• 🔒 Security Analysis: Access control, reentrancy, external calls, oracle analysis
• 🏗️ Contract Structure: Structure analysis, imports, inheritance, flattening
• 📊 Code Quality: Events, ERC compliance, functions, invariants
• 🌐 External Services: Etherscan, Sourcify, vulnerability databases
• 🛠️ Utilities: Surya graphs, Solhint, scoping, memory store

---

🎯 Use Cases

Security Auditors

• Comprehensive vulnerability detection
• Automated pattern analysis
• AI-assisted code review
• Integration with external databases

Development Teams

• Project scoping and metrics
• Code quality assurance
• ERC standard compliance
• Continuous security monitoring

Security Researchers

• Advanced vulnerability research
• Pattern similarity detection
• Multi-language analysis
• Custom primer development

---

🔧 Installation

VS Code Marketplace

1. Open VS Code
2. Go to Extensions (Ctrl+Shift+X)
3. Search for "Chonky"
4. Click Install

Manual Installation

1. Download the latest .vsix file from releases
2. Open VS Code
3. Run Extensions: Install from VSIX...
4. Select the downloaded file

---

🤝 Contributing

We welcome contributions! Here's how you can help:

1. Report Bugs: Open an issue with detailed information
2. Feature Requests: Suggest new features or improvements
3. Documentation: Help improve our docs
4. Sponsorship: Support development through GitHub Sponsors

Development Setup

git clone https://github.com/tintinweb/vscode-chonky.git
cd chonky
npm install
npm run compile

---

💝 Support Development

Chonky is developed and maintained by passionate security researchers. Your support helps us:

• 🔬 Research new vulnerabilities
• 🛠️ Develop advanced tools
• 📚 Create educational content
• 🌍 Keep tools free for everyone

Sponsorship Tiers

• 🆓 Base: Core features for everyone
• ⚡ Early Access (see Sponsor page): Early access to new features
• 👑 Professional (contact me): Advanced research tools

---

📄 License & Credits

Created by tintinweb - Security researcher and smart contract auditor with 7+ years in Blockchain security.

---

📞 Support & Community

• GitHub Issues: Report bugs and request features
• Twitter: @tintinweb
• Website: Visit our website

---