🛡️ SolForge Security Lab
contract.sol

Write or paste a Solidity contract and hit Audit. Real solc compile + SWC vulnerability scan, 100% in your browser. Try the sample — it hides a reentrancy and an ownership backdoor.

Pattern-level static analysis (SWC catalog) — surfaces known red flags, not a substitute for a full professional audit.

Vulnerability Academy

Each entry loads straight into the Auditor — run it and watch the detector catch (or clear) it.

Safe Token Builder

Generate a clean OpenZeppelin-pattern ERC-20, then audit it to learn what each power does.

Features

Bytecode Scanner

No source published? Paste a deployed contract's runtime bytecode (0x… from eth_getCode) — flags backdoor opcodes (SELFDESTRUCT, DELEGATECALL) and known rug/honeypot function selectors, with zero Solidity. 100% in your browser.

runtime bytecode

Paste runtime bytecode and hit Scan. Pure opcode + selector analysis — no compiler, no backend. Useful for unverified coins where no source is available.

Shallow bytecode heuristics — surfaces dangerous opcodes and known selectors, not a decompilation or full audit.

Batch Scanner

Audit many real coins at once — each address is pulled live (verified source) and run through all detectors, then ranked worst-first so you see which coins are bad and exactly why. One address per line (Ethereum).

Each coin is compiled + audited 100% in your browser from its live verified source. Risk research, not financial advice.

Token Scanner

Vet a deployed token by address — rug-risk verdict from live on-chain data.

Risk research, not financial advice. A clean scan means no detected red flags — never a guarantee of safety.