Skip to main content
Analyses are comprehensive security assessments that analyze your smart contracts for vulnerabilities, gas optimization opportunities, and best practices. Each analysis produces detailed findings with severity classifications to help you prioritize security improvements.

What Analyses Produce

Analyses generate two main types of findings:

Security Findings

Comprehensive analysis of potential security vulnerabilities including:
  • Critical: Immediate threats that could lead to loss of funds or contract compromise
  • High: Significant security risks that should be addressed promptly
  • Medium: Moderate security concerns that warrant attention
  • Low: Minor issues or best practice violations
  • Info: Informational findings and recommendations

Gas Findings

Optimization opportunities to improve contract efficiency:
  • Gas Optimization: Recommendations to reduce gas consumption
  • Storage Optimization: Suggestions for more efficient storage patterns
  • Function Optimization: Tips for optimizing function execution costs
Human Oversight Required: While AI-powered analyses provide comprehensive analysis, they should always be complemented with human review. Security experts should validate findings, assess business logic risks, and make final decisions about remediation priorities.

Analysis Scope

When creating an analysis, you can specify the scope in order to focus on specific areas of your codebase. We constrain these to what we consider “auditable” functions, which are are entry points to your smart contract that meet specific criteria:
  • Public Accessibility: Functions that can be called by external users or contracts
  • State Modification: Functions that read or write contract state
  • Entry Points: Functions that serve as the primary interface to your contract’s functionality
Contracts can inherit or override functions, so the context in which functions are called is important for accurate analysis. BevorAI considers inheritance chains and function overrides when determining analysis scope.

Creating Analyses

Basic Analysis Creation

curl -X POST https://api.bevor.io/v1/analyses \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "project_id": "proj_1234567890",
    "code_version_id": "cv_1234567890",
    "scope": "entire_codebase"
  }'

Scoped Analysis Creation

curl -X POST https://api.bevor.io/v1/analyses \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "project_id": "proj_1234567890",
    "code_version_id": "cv_1234567890",
    "scope": "specific_functions",
    "function_names": [
      "transfer",
      "approve",
      "mint"
    ]
  }'

Analysis Lifecycle

1. Analysis Creation

  • Specify project, code version, and scope
  • Analysis is queued for processing
  • Receive analysis ID for tracking

2. Processing

  • AI models analyze your code
  • Security and gas findings are generated
  • Results are compiled and categorized

3. Results

  • Review findings by severity
  • Analyze gas optimization opportunities
  • Plan remediation strategy

4. Iteration

  • Address findings in your code
  • Create new code version
  • Run additional analyses to verify fixes

Best Practices

Multiple Analyses

Since analyses are non-deterministic, create multiple analyses for the same code version: 
# Create multiple analyses for comprehensive coverage
for i in {1..3}; do
  curl -X POST https://api.bevor.io/v1/analyses \
    -H "Authorization: Bearer YOUR_API_KEY" \
    -H "Content-Type: application/json" \
    -d '{
      "project_id": "proj_1234567890",
      "code_version_id": "cv_1234567890",
      "scope": "entire_codebase"
    }'
done

Scope Selection

Choose appropriate scope based on your needs:
  • Development Phase: Use entire codebase scope for comprehensive analysis
  • Feature Testing: Use specific functions scope for targeted analysis
  • Large Projects: Use specific contracts scope for manageable analysis

Human Review Process

  1. Automated Analysis: Let BevorAI identify potential issues
  2. Expert Review: Have security experts validate findings
  3. Business Logic: Assess findings in context of your specific use case
  4. Prioritization: Focus on critical and high-severity issues first
  5. Remediation: Implement fixes and verify with follow-up analyses

Continuous Improvement

We’re constantly working on improving the functionality and performance of analyses. New analysis techniques, expanded vulnerability detection, and enhanced gas optimization recommendations are regularly added to provide more comprehensive and accurate results.

What We’re Improving

  • Detection Accuracy: Enhanced AI models for better vulnerability detection
  • Performance: Faster analysis processing and more efficient analysis
  • Coverage: Expanded support for new Solidity features and patterns
  • Gas Analysis: More sophisticated gas optimization recommendations
  • Integration: Better integration with development workflows

Integration Examples

CI/CD Integration

# .github/workflows/security-analysis.yml
name: Security Analysis
on: [push, pull_request]
jobs:
  analysis:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: Run BevorAI Analysis
        run: |
          curl -X POST https://api.bevor.io/v1/analyses \
            -H "Authorization: Bearer ${{ secrets.BEVOR_API_KEY }}" \
            -H "Content-Type: application/json" \
            -d '{
              "project_id": "${{ secrets.BEVOR_PROJECT_ID }}",
              "code_version_id": "${{ github.sha }}",
              "scope": "entire_codebase"
            }'

Development Workflow

# Create analysis after major changes
git commit -m "Add new token functionality"
git push

# Create analysis for new code version
curl -X POST https://api.bevor.io/v1/analyses \
  -H "Authorization: Bearer $BEVOR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "project_id": "proj_1234567890",
    "code_version_id": "'$(git rev-parse HEAD)'",
    "scope": "entire_codebase"
  }'

Getting Started

  1. Create a Project: Set up a project in your team
  2. Upload Code: Create a code version with your smart contract code
  3. Run Initial Analysis: Start with entire codebase scope
  4. Review Findings: Analyze security and gas findings
  5. Iterate: Address issues and run follow-up analyses

Start Your First Analysis

Create a project and run your first security analysis