Greybox: An Open Source Smart Contract Security Scanner

Why Greybox?

Smart contracts are high stakes. Billions of dollars depend on code that’s often written and shipped at breakneck speed. One overlooked bug can mean disaster. Yet, most security tools either overwhelm you with noise or miss the real threats.

Greybox is different. Built for the EthSydney 2024 hackathon (and chosen as a winner), it’s an open-source framework that helps you catch vulnerabilities before they become headlines.

How It Works

Greybox takes a two-step approach. First, it scans your contract’s source code for known vulnerability patterns. These patterns are defined in simple YAML templates, so anyone can contribute new checks as the threat landscape changes.

If something looks risky, Greybox doesn’t just flag it and move on. It spins up a local Hardhat network and actually tries to exploit the issue, simulating a real attack. This way, you get fewer false alarms and more meaningful results.

Built for Developers

You don’t need to be a security expert to use Greybox. The browser-based interface makes it easy to scan contracts and get clear, detailed reports. Instead of cryptic warnings, you get context and practical advice for fixing issues.

Extensible by Design

Security is always evolving. With Greybox, adding new detection patterns is as simple as writing a template—no need to dig into the core code.

Try It

Greybox is open source and ready for you to use or extend. See it on GitHub.

The main dashboard provides an overview of your contract scans.

Detailed vulnerability reports with context and suggested fixes.