Home

Awesome

L3X - AI-driven Static Analyzer

L3X detects vulnerabilities in Rust and Solidity code based on patterns and AI code analysis. Various LLMs act as validators for vulnerabilities detected by patterns and validate each other's results in AI code analysis. Vulnerabilities are confirmed when they receive confirmation from a majority of validators. As a result, a report with validated vulnerabilities and detected safe patterns is generated.

Supported Languages and Smart Contracts:

Design

design

How It Works

Current limitations

Currently it's MVP

  1. Vulnerabilities detects only based on vuln patterns
  2. GPT-3.5/4 act as validators for vulnerabilities detected by patterns

LLM supported

Set API Keys

Set the openai api key as an environment variable OPENAI_KEY in your operating system

Linux/Mac

export OPENAI_KEY=sk-ApiKeyExample

Windows

set OPENAI_KEY=sk-ApiKeyExample

If you want to specify particular OpenAI org or project, set up OPENAI_ORG_ID and OPENAI_PROJECT_ID environment variables.

How to Use ❓

  1. Build
cargo build
  1. Compile
cargo run
  1. Run
l3x smart-contracts-folder-to-analyse [--all-severities] [--no-validation] [--model=MODEL]

Usage Example 🏁

exec!

gif!

Report example - Rust

Report example - Solana

Report example - Ethereum

Roadmap 🗓️

Contact 📧

All suggestions write to contact contact@vulnplanet.com or yevhsec1@gmail.com