Why does the analyzer exclude read-only functions?

Read-only functions (like view or pure) cannot directly modify state or cause loss of funds, so they are excluded to keep the audit focus on high-risk state-changing logic.

How does the skill handle Solidity codebases specifically?

It first checks for the availability of Slither. If detected, it uses Slither's printer to extract high-accuracy entry point data before performing supplementary manual analysis.

Which smart contract languages are supported by this skill?

The skill supports a wide range of languages including Solidity (.sol), Vyper (.vy), Rust for Solana, Move (Aptos/Sui), TON (FunC/Tact), and CosmWasm.

How are access levels classified in the final report?

Entry points are categorized into Public (Unrestricted), Role-Restricted (e.g., admin or owner), Restricted (Review Required) for complex patterns, and Contract-Only for internal integrations.

Does this tool detect specific vulnerabilities like reentrancy?

No, this skill is specifically for attack surface mapping and entry point identification. It helps auditors find where to look, rather than flagging specific bugs.

Smart Contract Entry Point Analyzer

Name: Smart Contract Entry Point Analyzer
Author: pathvanasoftware

bypathvanasoftware

Security & Testing

Identifies and categorizes state-changing entry points in smart contract codebases to streamline security audits and map attack surfaces.

About

The Smart Contract Entry Point Analyzer is a specialized auditing tool designed to systematically map the attack surface of decentralized applications across multiple ecosystems, including Ethereum, Solana, Move, TON, and CosmWasm. It focuses exclusively on state-changing functions, filtering out read-only calls to highlight privileged operations, role-restricted functions, and public entry points. By integrating with tools like Slither and performing manual pattern matching, it generates structured reports that classify access control levels, helping security researchers and developers identify potential vulnerabilities and understand the trust boundaries of their smart contracts.

Key Features

0 GitHub stars
Automatic classification of functions into Public, Role-Restricted, and Contract-Only categories
Multi-language support for Solidity, Vyper, Rust (Solana), Move, TON, and CosmWasm
Seamless integration with Slither for automated entry point extraction in Solidity
Structured Markdown report generation for comprehensive security documentation
Strict filtering to exclude view/pure functions and focus on state-modifying logic

Use Cases

Documenting external interfaces for complex multi-contract DeFi protocols
Auditing access control patterns to verify administrative and privileged operations
Mapping the attack surface at the start of a smart contract security audit

About

Key Features

0 GitHub stars
Automatic classification of functions into Public, Role-Restricted, and Contract-Only categories
Multi-language support for Solidity, Vyper, Rust (Solana), Move, TON, and CosmWasm
Seamless integration with Slither for automated entry point extraction in Solidity
Structured Markdown report generation for comprehensive security documentation
Strict filtering to exclude view/pure functions and focus on state-modifying logic

Use Cases

Documenting external interfaces for complex multi-contract DeFi protocols
Auditing access control patterns to verify administrative and privileged operations
Mapping the attack surface at the start of a smart contract security audit