Bug Hunter Security Detectors
Bug Hunter is an automated code review engine for Solidity codebases. It combines multiple machine-learning layers with program analysis tools to mimic an auditor’s workflow and confirm vulnerabilities with very low false positives (<5%). Analysis of popular Ethereum projects highlights Bug Hunter’s superior accuracy, speed, and coverage.
These reference docs catalogue the 40+ detector rules used by Bug Hunter and manual auditors when reviewing modern Solidity (≥0.8.25) smart contracts.
What you’ll find in the GitBook
- Plain-language explanations of 40+ detector rules used in professional audits
- Minimal Solidity snippets (0.8.25) that showcase each issue
- Context on the consequences of these security issues
Detector buckets
| Bucket | Themes included |
|---|---|
| Math & Accounting | rounding errors, token accounting, randomness flaws, DoS-via-gas |
| Oracle & State | stale prices, sequencer liveness, improper admin/oracle checks, invalid state transitions |
| Control-Flow & Misc | reentrancy, delegatecall abuse, tx.origin, self-destruct patterns, visibility mistakes |
A complete list of detectors is available in the GitBook’s left-hand navigation.