Soteria

Soteria is a Security Scan Service for smart contracts. Today Soteria analyses all types of Solidity based contracts (on any EVM based chains or Layer 2) and will soon identically perform Rust based smart contracts scans (Coswasm, Solana). Soteria at a glance:
  • Helps developers to detect all known security vulnerabilities on the fly and suggest fixes.
  • Provides Gas optimization alerts and fixes.
  • Enables smart contracts continuous integration checks.
  • All this is now available at a fraction of the cost of a traditional smart contract Audit.

Get Started

Product

What is Soteria ?

Soteria automatically scans for security vulnerabilities in Ethereum and other EVM-based blockchain smart contracts. Soteria uses security analysis techniques—including static analysis, dynamic analysis, and symbolic execution—can accurately detect security vulnerabilities to provide an in-depth analysis report. Soteria can be utilized in all phases of your project's lifecycle.



How does it works ?


1 - Submit your code

The analysis requests are encrypted with TLS and the code you submit is accessed only by you. Submit both the source code and the compiled bytecode of your smart contracts for best results.

2 - Run the security scan

Fast and regularly updated with the latest vulnerabilities.

3 - Generate a detailed analysis report

Soteria detects majority of vulnerabilities listed in the SWC Registry. The report will return a listing of all the weaknesses found in your code, including the exact position of the issue and its SWC ID. Reports generated can be only accessed by you.

Vulnerabilities Coverage

Soteria scanning tool covers all the vulnerabilities listed in the SWC registry and much more. The tool is updated regurarly each time new vulnerabilities are added to the list.



See the Full Coverage List

Benchmark

Soteria scanning tool has been benchmarked against some of the biggest hacks that have happens on both Ethereum and EVM projects. Soteria has been used to scan the smart contracts involved in those hacks. The vulnerabilities have been successfully detected and they could have been fixed before those contracts were deployed in the blockchain. Scanning your smart contracts with Soteria can avoid you hacks and serious financial loss in the future.

The DAO

Smart Contract Code:    DAO.sol

Date:    17 June 2016

Loss Amount:    $50M USD

Vulnerabilities Involved:     SWC-107     (Reentrancy)

Know more about this hack:    [-1-]  [-2-]  [-3-]

Fei Protocol

Smart Contract Address:
0xE39f3C40966DF56c69AA508D8AD459E77B8a2bc1

Date:    30 April 2022

Loss Amount:    $80M USD

Vulnerabilities Involved:     SWC-107     (Reentrancy)

Know more about this hack:    [-1-]  [-2-]  [-3-]

BeautyChain (BEC)

Smart Contract Code:    BECToken.sol

Smart Contract Address:
0xC5d105E63711398aF9bbff092d4B6769C82F793D

Date:    22 April 2018

Loss Amount:    10^58 BEC

Vulnerabilities Involved:     SWC-101     (Integer Overflow and Underflow)

Know more about this hack:    [-1-]  [-2-]

Parity Multi-Sig Wallets

Smart Contract Code:    WalletLibrary.sol

Date:    19 July 2017

Loss Amount:    587 wallets frozen holding a total amount of 513,774 Ethers

Vulnerabilities Involved:     SWC-106     (Unprotected SELFDESTRUCT Instruction)

Know more about this hack:    [-1-]  [-2-]  [-3-]

Rubixi

Smart Contract Code:    Rubixi.sol

Date:    March 2016

Smart Contract Address:
0xe82719202e5965Cf5D9B6673B7503a3b92DE20be

Loss Amount:    Accumulated Fees in the financial pyramid stolen because the constructor function had an incorrect name, allowing anyone to become the owner

Vulnerabilities Involved:     SWC-105     (Unprotected Ether Withdrawal)

Know more about this hack:    [-1-]  [-2-]  [-3-]

King of the Ether Throne (KotET)

Smart Contract Code:    KingOfTheEtherThrone.sol

Date:    February 2016

Loss Amount:    Payment failure

Vulnerabilities Involved:     SWC-128     (Denial of Service With Block Gas Limit)

Know more about this hack:    [-1-]  [-2-]  [-3-]

Try Soteria Security Scanning Tool

You can try the Soteria security scanning tool with a sample smart contract. Two samples are available for you to test and visualise the detected vulnerabilities.

Select a contract sample

Sample 1 Sample 2

Contract Code Sample 1

1  pragma solidity ^0.4.19;
2  
3  contract Private_Bank
4  {
5      mapping (address => uint) public balances;
6  
7      uint public MinDeposit = 1 ether;
8  
9      Log TransferLog;
10  
11      function Private_Bank(address _log)
12      {
13          TransferLog = Log(_log);
14      }
15  
16      function Deposit()
17      public
18      payable
19      {
21          if(msg.value > MinDeposit)
22          {
23              balances[msg.sender]+=msg.value;
24              TransferLog.AddMessage(msg.sender,msg.value,"Deposit");
25          }
26      }
27  
28      function CashOut(uint _am)
29      public
30      payable
31      {
32          if(_am<=balances[msg.sender])
33          {
34          //   REENTRANCY
35          //   UNCHECKED_LL_CALLS
36          msg.sender.call.value(_am)();
37          balances[msg.sender]-=_am;
38          TransferLog.AddMessage(msg.sender,_am,"CashOut");
39          }
40      }
41  
42      function() public payable{}
43  }
44 
45 contract Log
46 {
47 
48     struct Message
49     {
50         address Sender;
51         string  Data;
52         uint Val;
53         uint  Time;
54     }
55 
56     Message[] public History;
57 
58     Message LastMsg;
59 
61     function AddMessage(address _adr,uint _val,string _data)
62     public
63     {
64         LastMsg.Sender = _adr;
65         LastMsg.Time = now;
66         LastMsg.Val = _val;
67         LastMsg.Data = _data;
68         History.push(LastMsg);
69     }
70 }

Detected Vulnerabilities

Pricing

Soteria automatically scans for security vulnerabilities in Ethereum and other EVM-based blockchain smart contracts. Soteria uses security analysis techniques—including static analysis, dynamic analysis, and symbolic execution—can accurately detect security vulnerabilities to provide an in-depth analysis report. Soteria can be utilized in all phases of your project's lifecycle.

On Demand

USD $4.99

  

  • For Test & Evaluation
  • 1 scan with all the options included
Buy Now

Developer

USD $19

monthly

  • For individual
  • Daily development usage
  • 200 scans max per month
Buy Now

Professional

USD $149

monthly

  • For small to medium size team
  • Daily development usage
  • 3,000 scans max per month
Buy Now

Enterprise

Custom Need

  

  • For large team and enterprises
  • Monthly scans according to your needs
  • Daily development usage
Contact us
  • Monthly Allocated Credits
  • Credits Expiration
  • Smart Contract Scans
  • Scan Option 1 :
    Gas Optimization
  • Scan Option 2 :
    Contract Class Diagram
  • Estimated Cost per Scan
    (scan without options)
  • Security Report Review (30 mins)
    1 to 1 call with our security expert.
  • Create Projects
    Easier collaborative work
  • Manage Members
    Easier collaborative work

On Demand

USD $4.99
  • Monthly Allocated Credits
  • 15 days Credits Expiration

  •   1 scan Smart Contract Scans

  •   Included Scan Option 1 :
    Gas Optimization

  •   Included Scan Option 2 :
    Contract Class Diagram
  • Estimated Cost per Scan
    (scan without options)     USD $4.99

  • On demand
    USD $100/session Security Report Review (30 mins)
    1 to 1 call with our security expert.

  • Create Projects Easier collaborative work

  • Manage Members Easier collaborative work

Developer

USD $19
  • 200 credits Monthly Allocated Credits
  • 45 days Credits Expiration

  •   1 credit/scan Smart Contract Scans

  •   +1 credit Scan Option 1 :
    Gas Optimization

  •   +1 credit Scan Option 2 :
    Contract Class Diagram
  • Estimated Cost per Scan
    (scan without options)     USD $0.1

  • On demand
    USD $100/session Security Report Review (30 mins)
    1 to 1 call with our security expert.

  • Create Projects Easier collaborative work

  • Manage Members

Professional

USD $149
  • 3,000 credits Monthly Allocated Credits
  • 90 days Credits Expiration

  •   1 credit/scan Smart Contract Scans

  •   +1 credit Scan Option 1 :
    Gas Optimization

  •   +1 credit Scan Option 2 :
    Contract Class Diagram
  • Estimated Cost per Scan
    (scan without options)     USD $0.05

  • On demand
    USD $100/session Security Report Review (30 mins)
    1 to 1 call with our security expert.

  • Create Projects Easier collaborative work

  • Manage Members Easier collaborative work

Enterprise

Custom Need
  • Customizable Monthly Allocated Credits
  • 90 days Credits Expiration

  •   1 credit/scan Smart Contract Scans

  •   +1 credit Scan Option 1 :
    Gas Optimization

  •   +1 credit Scan Option 2 :
    Contract Class Diagram
  • Estimated Cost per Scan
    (scan without options)     < USD $0.05

  • On demand
    USD $100/session Security Report Review (30 mins)
    1 to 1 call with our security expert.

  • Create Projects Easier collaborative work

  • Manage Members Easier collaborative work

Frequently Asked Questions

Check out our commonly asked questions to find the answer to your most common question.

Soteria automatically scans for security vulnerabilities in Ethereum and other EVM-based blockchain smart contracts. Soteria uses security analysis techniques—including static analysis, dynamic analysis, and symbolic execution—can accurately detect security vulnerabilities to provide an in-depth analysis report. Soteria can be utilized in all phases of your project's lifecycle.

Use Soteria through 3 simple steps :

1 - Submit your code. The analysis requests are encrypted with TLS and the code you submit is accessed only by you. Submit both the source code and the compiled bytecode of your smart contracts for best results.

2 - Run the security scan. The analysis requests are encrypted with TLS and the code you submit is accessed only by you. Submit both the source code and the compiled bytecode of your smart contracts for best results.

3 - Generate a detailed analysis report. Soteria detects majority of vulnerabilities listed in the SWC Registry. The report will return a listing of all the weaknesses found in your code, including the exact position of the issue and its SWC ID. Reports generated can be only accessed by you.

The SWC is a smart contract specific software weakness classification scheme for developers, tool vendors and security practitioners. The SWC is loosely aligned to the terminologies and structure used in the Common Weakness Enumeration - CWE scheme while overlaying a wide range of weakness variants that are specific to smart contracts.
The goals of the SWC scheme are as follows:
Provide a straightforward way to classify weaknesses in smart contract systems.
Provide a straightforward way to identify the weakness(es) that lead to a vulnerability in a smart contract system.
Define a common language for describing weaknesses in smart contract systems’ architecture, design and code.
Train and increase the performance of smart contract security analysis tools.

Top 8 of the EVM compatible blochains :
1 - Ethereum
2 - Tron
3 - BSC
4 - Arbitrum
5 - Polygon
6 - Avalanche
7 - Optimism
8 - Fantom

The Ethereum Virtual Machine or EVM is a piece of software that executes smart contracts and computes the state of the Ethereum or networks having a compatible EVM after each new block is added to the chain. The EVM sits on top of Ethereum's hardware and node network layer.
 

Partnership


Build your Security Tool

1 - Build your Security Tool

Build your own scan security tool service and offer it to your customers.

Build your Security Tool

2 - Integrate Soteria API

Use Soteria API and integrate security scanning capabilities inside your own product.

Get Revenue Sharing

3 - Get Revenue Sharing

Get a revenue sharing each time your customers scan a contract.



Become a Partner

Contact Us

Soteria's Research and Developements Lab is located in Asia.

Get in touch

Send us a message.

Location:

Bangkok Sukhumvit Thonglor

Email:

info@soteria.io

Loading
Your message has been sent. Thank you!