home / skills / plurigrid / asi / substrate-vulnerability-scanner

substrate-vulnerability-scanner skill

safe

This skill analyzes Substrate pallets to detect seven critical vulnerabilities, helping auditors harden Substrate runtimes and FRAME pallets.

npx playbooks add skill plurigrid/asi --skill substrate-vulnerability-scanner

Review the files below or copy the command above to add this skill to your agents.

Files (1)

SKILL.md

1.6 KB

---
name: substrate-vulnerability-scanner
description: Scans Substrate/Polkadot pallets for 7 critical vulnerabilities including arithmetic overflow, panic DoS, incorrect weights, and bad origin checks. Use when auditing Substrate runtimes or FRAME pallets. (project, gitignored)
category: building-secure-contracts
author: Trail of Bits
source: trailofbits/skills
license: AGPL-3.0
trit: -1
trit_label: MINUS
verified: true
featured: false
---

# Substrate Vulnerability Scanner Skill

**Trit**: -1 (MINUS)
**Category**: building-secure-contracts
**Author**: Trail of Bits
**Source**: trailofbits/skills
**License**: AGPL-3.0

## Description

Scans Substrate/Polkadot pallets for 7 critical vulnerabilities including arithmetic overflow, panic DoS, incorrect weights, and bad origin checks. Use when auditing Substrate runtimes or FRAME pallets. (project, gitignored)

## When to Use

This is a Trail of Bits security skill. Refer to the original repository for detailed usage guidelines and examples.

See: https://github.com/trailofbits/skills

## Related Skills

- audit-context-building
- codeql
- semgrep
- variant-analysis


## SDF Interleaving

This skill connects to **Software Design for Flexibility** (Hanson & Sussman, 2021):

### Primary Chapter: 3. Variations on an Arithmetic Theme

**Concepts**: generic arithmetic, coercion, symbolic, numeric

### GF(3) Balanced Triad

```
substrate-vulnerability-scanner (−) + SDF.Ch3 (○) + [balancer] (+) = 0
```

**Skill Trit**: -1 (MINUS - verification)


### Connection Pattern

Generic arithmetic crosses type boundaries. This skill handles heterogeneous data.

Overview

This skill scans Substrate and Polkadot FRAME pallets for seven classes of critical runtime vulnerabilities, including arithmetic overflow, panic-based DoS, incorrect weight accounting, and bad origin checks. It is designed for auditors and runtime developers who need automated, repeatable checks during security reviews. The tool integrates into a code-audit workflow and flags high-confidence findings for manual review.

How this skill works

The scanner performs static analysis of Rust-based FRAME pallets, parsing code to identify risky patterns, missing checks, and suspect annotations. It looks for arithmetic operations without safe wrappers, unwrap/panic usage in dispatchable functions, incorrect or inconsistent weight calculations, and improper origin validation. Findings are reported with file locations, vulnerable snippets, and short remediation guidance to speed triage.

When to use it

During pre-release audits of Substrate runtimes or new pallet integrations.
As part of continuous integration for runtime code to catch regressions early.
When performing a security review of third-party pallets before production deployment.
Before submitting runtime upgrades to a chain with strict safety requirements.
When validating fixes for previously reported pallet vulnerabilities.

Best practices

Treat scanner output as a prioritized findings list, not a final judgment—manually verify each issue.
Combine this tool with manual threat modeling that considers economic and protocol-level impacts.
Enforce use of safe arithmetic helpers and explicit weight annotations across the codebase.
Run scans on feature branches and merge requests to prevent regression of previously fixed issues.
Keep the scanner version and rule set up to date with Substrate and FRAME API changes.

Example use cases

Find integer operations missing checked_add/checked_mul in a token pallet and suggest safe wrappers.
Detect unwrap() or expect() calls in dispatchable functions that could trigger panic DoS on-chain.
Flag dispatchable functions with missing or incorrect origin checks allowing unauthorized calls.
Highlight inconsistent or placeholder weight values and point to correct benchmarking steps.
Scan third-party pallet dependencies to identify risky code before including them in a runtime.

FAQ

Does the scanner fix issues automatically?

No. It flags likely problems and provides remediation guidance; developers should apply fixes and re-run scans.

Can it run inside CI?

Yes. The scanner is suitable for CI integration to detect regressions, but ensure rule updates align with Substrate changes.