{"id":"aderyn","name":"Aderyn","homepage":"https://cyfrin.gitbook.io/cyfrin-docs/aderyn-cli/readme","repo_url":"https://github.com/Cyfrin/aderyn","category":"security","subcategories":["smart-contract-security","static-analysis","solidity"],"tags":["solidity","smart-contracts","security","static-analysis","rust","foundry","hardhat","blockchain","mcp-server","cyfrin","web3"],"what_it_does":"Aderyn is a Rust-based static analyzer built specifically for Solidity smart contracts, developed by Cyfrin (a leading smart contract security audit firm). It compiles and analyzes the AST of Solidity contracts to detect vulnerability patterns including reentrancy, unchecked return values, weak randomness, centralization risks, and dozens of other known vulnerability classes. Unlike general-purpose linters, Aderyn understands Solidity semantics deeply — including storage layout, function visibility, and call graph analysis. It supports Foundry and Hardhat project layouts with zero configuration, outputting reports in Markdown, JSON, or SARIF for CI/CD integration. The tool also exposes an MCP server interface (tagged in GitHub topics, though minimally documented) enabling AI agents to invoke contract analysis directly.","use_cases":["Automated pre-deployment security scanning of Solidity contracts in CI/CD pipelines","Generating SARIF reports for GitHub Code Scanning integration to show vulnerability annotations inline","AI-assisted smart contract review: agent runs Aderyn, interprets findings, and proposes fixes","Security audit preparation: pre-screen contracts to identify low-hanging fruit before a full manual audit","DeFi protocol monitoring: scan contracts when new code is pushed via GitHub Actions"],"not_for":["Non-Solidity smart contract languages (Vyper, Rust/Anchor, Move, Cairo)","Runtime monitoring or dynamic analysis of deployed on-chain contracts","Full security audits — Aderyn catches known patterns but misses novel vulnerabilities and business logic flaws","Ethereum mainnet live contract bytecode analysis (requires source and compilation)"],"best_when":"An agent or CI/CD pipeline needs fast, automated detection of known Solidity vulnerability patterns before deployment or during code review, integrated with Foundry or Hardhat build systems.","avoid_when":"You are working with non-Solidity contracts, need dynamic/runtime analysis of deployed contracts, or require comprehensive audit coverage that only manual review can provide.","alternatives":[{"id":"slither","reason":"Python-based, broader detector coverage, better for complex inter-contract analysis"},{"id":"mythril","reason":"Symbolic execution for deeper vulnerability discovery including novel attack paths"},{"id":"solhint","reason":"Lighter-weight linter for style and basic security rules, faster but less deep"}],"af_score":71.3,"security_score":80.0,"reliability_score":null,"package_type":"mcp_server","discovery_source":["github"],"priority":"low","status":"evaluated","version_evaluated":"0.6.8","last_evaluated":"2026-03-01T09:50:05.177693+00:00","performance":{"latency_p50_ms":3000,"latency_p99_ms":30000,"uptime_sla_percent":null,"rate_limits":null,"data_source":"llm_estimated","measured_on":null}}