How does it handle non-determinism checks?

It performs a comprehensive sweep for patterns like map ranges, floating-point arithmetic, and non-deterministic serialization within consensus-critical code paths like ABCI methods.

Is this tool useful for CosmWasm developers?

Yes, it includes 9 specific patterns for CosmWasm, including IBC packet validation, reply handling, and administrative authorization checks.

Can it detect issues that lead to chain halts?

Yes, it specifically targets non-determinism in map iterations, platform-dependent types, and unbounded loops, which are the primary causes of consensus-breaking chain halts.

Does it provide actionable fixes for the vulnerabilities found?

Absolutely. For every vulnerability detected, the skill provides the exact file location, an explanation of the attack scenario, and a recommended code fix to mitigate the risk.

What specific blockchain frameworks does this skill support?

This skill is optimized for any blockchain built on the Cosmos SDK using Go, as well as smart contracts utilizing the CosmWasm framework written in Rust.

Cosmos Blockchain Security Scanner

Name: Cosmos Blockchain Security Scanner
Author: monmacllcapp

bymonmacllcapp

0•

Security & Testing

Audits Cosmos SDK modules and CosmWasm smart contracts for consensus-critical vulnerabilities and security risks.

The Cosmos Vulnerability Scanner is a specialized security tool designed for developers and auditors working within the Cosmos ecosystem. It systematically scans Go-based SDK modules and Rust-based CosmWasm contracts to detect nine critical vulnerability patterns, including non-determinism, improper ABCI method implementations, and authorization failures. By identifying issues that could lead to catastrophic chain halts or fund loss, this skill ensures the stability and integrity of decentralized networks during pre-launch assessments or incident investigations.

Key Features

01Analyzes ABCI methods like BeginBlocker and EndBlocker for computational complexity.

020 GitHub stars

03Identifies incorrect GetSigners() implementations and missing authorization checks.

04Provides automated remediation reports with severity levels and suggested code fixes.

05Audits CosmWasm smart contracts for reentrancy, overflow, and submessage risks.

06Detects non-deterministic patterns that cause consensus failures and chain halts.

Use Cases

01Conducting pre-launch security audits for custom Cosmos SDK modules and zones.

02Investigating the root cause of blockchain halts or consensus divergence incidents.

03Validating CosmWasm smart contract logic for common Rust-based vulnerabilities.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add monmacllcapp/skill-forks cosmos-vulnerability-scanner

For use in Claude.ai and ChatGPT

Download Skill