Aderyn

A Rust-based static analyzer built specifically for Solidity smart contracts by Cyfrin. Analyzes AST of Solidity contracts to detect vulnerability patterns including reentrancy, unchecked return values, weak randomness, and centralization risks. Supports Foundry and Hardhat project layouts with zero configuration, outputting reports in Markdown, JSON, or SARIF.

Evaluated Mar 06, 2026 (0d ago) v0.6.8
Homepage ↗ Repo ↗ Security solidity smart-contracts security static-analysis rust foundry hardhat blockchain mcp-server cyfrin web3
⚙ Agent Friendliness
65
/ 100
Can an agent use this?
🔒 Security
86
/ 100
Is it safe for agents?
⚡ Reliability
54
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
35
Documentation
72
Error Messages
55
Auth Simplicity
100
Rate Limits
80

🔒 Security

TLS Enforcement
85
Auth Strength
90
Scope Granularity
80
Dep. Hygiene
82
Secret Handling
90

Local CLI tool with excellent security posture - no network exposure, no secrets required. Rust implementation reduces memory-safety vulnerabilities. Maintained by professional security audit firm.

⚡ Reliability

Uptime/SLA
30
Version Stability
70
Breaking Changes
68
Error Recovery
50
AF Security Reliability

Best When

An agent or CI/CD pipeline needs fast, automated detection of known Solidity vulnerability patterns before deployment.

Avoid When

You are working with non-Solidity contracts, need dynamic/runtime analysis, or require comprehensive audit coverage.

Use Cases

  • Automated pre-deployment security scanning of Solidity contracts in CI/CD pipelines
  • Generating SARIF reports for GitHub Code Scanning integration
  • AI-assisted smart contract review: agent runs Aderyn, interprets findings, and proposes fixes
  • Security audit preparation: pre-screen contracts before a full manual audit
  • DeFi protocol monitoring via GitHub Actions

Not For

  • Non-Solidity smart contract languages (Vyper, Rust/Anchor, Move, Cairo)
  • Runtime monitoring or dynamic analysis of deployed on-chain contracts
  • Full security audits - Aderyn catches known patterns but misses novel vulnerabilities
  • Ethereum mainnet live contract bytecode analysis (requires source and compilation)

Interface

REST API
No
GraphQL
No
gRPC
No
MCP Server
Yes
SDK
No
Webhooks
No

Authentication

Methods: none
OAuth: No Scopes: No

Runs entirely locally as a CLI tool and MCP server. No authentication, API keys, or network calls required.

Pricing

Model: open_source
Free tier: Yes
Requires CC: No

Agent Metadata

Pagination
none
Idempotent
Full
Retry Guidance
Not documented

Known Gotchas

  • MCP server capability is GitHub-tagged but not documented - no published tool definitions or schemas
  • Requires complete Foundry or Hardhat project structure - won't analyze standalone .sol files
  • Windows requires WSL
  • GPL-3.0 copyleft license: linking into larger system may require GPL-3.0
  • Analysis time scales with codebase size - large DeFi protocols may exceed MCP timeouts
  • False positives for centralization risk detectors - agents should flag for human review

Alternatives

slither mythril solhint

Full Evaluation Report

Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for Aderyn.

$99
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-06.

5215
Packages Evaluated
26151
Need Evaluation
173
Need Re-evaluation
Community Powered