Aderyn

Aderyn is a Rust-based static analyzer built specifically for Solidity smart contracts, developed by Cyfrin (a leading smart contract security audit firm). It compiles and analyzes the AST of Solidity contracts to detect vulnerability patterns including reentrancy, unchecked return values, weak randomness, centralization risks, and dozens of other known vulnerability classes. Unlike general-purpose linters, Aderyn understands Solidity semantics deeply — including storage layout, function visibility, and call graph analysis. It supports Foundry and Hardhat project layouts with zero configuration, outputting reports in Markdown, JSON, or SARIF for CI/CD integration. The tool also exposes an MCP server interface (tagged in GitHub topics, though minimally documented) enabling AI agents to invoke contract analysis directly.

Evaluated Mar 01, 2026 (50d ago) v0.6.8

Homepage ↗ Repo ↗ Security solidity smart-contracts security static-analysis rust foundry hardhat blockchain mcp-server cyfrin web3

⚙ Agent Friendliness

/ 100

Can an agent use this?

🔒 Security

/ 100

Is it safe for agents?

⚡ Reliability

N/A

Not evaluated

Does it work consistently?

Best When

An agent or CI/CD pipeline needs fast, automated detection of known Solidity vulnerability patterns before deployment or during code review, integrated with Foundry or Hardhat build systems.

Avoid When

You are working with non-Solidity contracts, need dynamic/runtime analysis of deployed contracts, or require comprehensive audit coverage that only manual review can provide.

Use Cases

• Automated pre-deployment security scanning of Solidity contracts in CI/CD pipelines
• Generating SARIF reports for GitHub Code Scanning integration to show vulnerability annotations inline
• AI-assisted smart contract review: agent runs Aderyn, interprets findings, and proposes fixes
• Security audit preparation: pre-screen contracts to identify low-hanging fruit before a full manual audit
• DeFi protocol monitoring: scan contracts when new code is pushed via GitHub Actions

Not For

• Non-Solidity smart contract languages (Vyper, Rust/Anchor, Move, Cairo)
• Runtime monitoring or dynamic analysis of deployed on-chain contracts
• Full security audits — Aderyn catches known patterns but misses novel vulnerabilities and business logic flaws
• Ethereum mainnet live contract bytecode analysis (requires source and compilation)

Alternatives

{'id': 'slither', 'reason': 'Python-based, broader detector coverage, better for complex inter-contract analysis'} {'id': 'mythril', 'reason': 'Symbolic execution for deeper vulnerability discovery including novel attack paths'} {'id': 'solhint', 'reason': 'Lighter-weight linter for style and basic security rules, faster but less deep'}

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for Aderyn.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo

API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-01.