DOCUMENTATION

AlgoSec Docs

Technical documentation covering Algorand contract analysis, detectors, scoring, and CI integration.

How AlgoSec Works

AlgoSec is an Algorand-native smart contract security scanner that combines multiple detection techniques to identify vulnerabilities in PyTeal, TEAL, and Beaker contracts. It runs 16 static analysis detectors against your contract code and produces a structured report with severity classifications and fix recommendations.

The scanner operates in a deterministic pipeline: code parsing → AST analysis → detector execution → severity scoring → report generation.

Detection Engine

AlgoSec includes the following built-in detector categories:

Reentrancy Detection

Identifies state changes after inner transaction calls that could allow recursive exploitation of contract logic.

Access Control Analysis

Detects missing sender verification, unprotected UpdateApplication and DeleteApplication handlers.

Arithmetic Safety

Flags unchecked integer operations on uint64 that may overflow or underflow without SafeMath guards.

AVM Resource Analysis

Checks opcode budget usage, state schema validation, and inner transaction flow tracing.

Severity & Scoring

Each finding is assigned a severity level based on its potential impact on the Algorand contract:

Critical

Unrestricted update/delete, reentrancy allowing fund drain.

High

Missing access control, unchecked inner txn returns, integer overflow.

Medium

Opcode budget exhaustion, state key collisions.

Low

Informational findings, best practice recommendations.

Security Methodology

AlgoSec's scanning methodology follows Algorand-specific security practices:

1. Parsing — PyTeal AST construction, TEAL opcode parsing, and contract fingerprinting.

2. Static Analysis — 16 detectors scan for vulnerabilities across all supported contract types.

3. Severity Classification — Findings are ranked using Algorand-specific impact criteria.

4. Reporting — Structured output with line-level annotations and remediation guidance.

All analysis is read-only and does not interact with any network.

Quick Start

Get started in three steps:

1

Install

pip install algosec-cli
2

Analyze

algosec analyze contracts/Vault.py
3

Review

Open the generated report to review findings

CI/CD Integration

AlgoSec integrates into CI pipelines with exit codes and JSON output. Use severity thresholds to fail builds that don't meet your security policy. The CLI returns: 0 for pass, 1 for findings above threshold, 2 for errors.