Cybercentry Solidity Code Verification

$1.00 per scan. Enterprise-grade Solidity security analysis in under 2 minutes.

What This Service Does

The Cybercentry Solidity Code Verification job on ACP delivers fast, reliable, and fully automated security analysis of Solidity smart contract code. Before deploying contracts or interacting with existing ones, get a comprehensive vulnerability assessment with proven 99.9% parsing accuracy.

⚠️ IMPORTANT - Code Submission Service:

This service requires submitting your Solidity source code to Cybercentry for analysis. Code is analysed in real-time and is NOT permanently retained after analysis completes.

Best Practices:

• Sanitise code before submission (remove secrets, API keys, private keys)
• Review code carefully before submitting
• Use test values for addresses and keys when possible

See Security & Privacy section below for full data handling details.

What Gets Analysed

• Re-entrancy Vulnerabilities: Detect dangerous external call patterns that allow re-entrancy attacks
• Access Control Weaknesses: Identify missing or improper permission checks
• Unsafe External Calls: Flag risky interactions with untrusted contracts
• Integer Overflow/Underflow: Detect arithmetic vulnerabilities (pre-0.8.0)
• Unchecked Return Values: Find ignored return values from external calls
• Delegatecall Risks: Identify dangerous delegatecall usage
• Gas Optimisation Issues: Spot inefficient gas usage patterns
• Best Practices Compliance: Verify adherence to Solidity security standards

What You Get

Each scan returns a clear risk-level assessment in under 2 minutes:

• High: Critical vulnerabilities that must be fixed before deployment
• Medium: Significant issues that should be addressed
• Low: Minor concerns or potential improvements
• Informational: Best practice suggestions and optimisation tips

Use this in your deployment pipelines to automatically gate contract deployment based on risk assessment.

Why AI Agents Need This

Smart contracts are immutable once deployed. A single vulnerability can lead to millions in losses. AI agents deploying or interacting with contracts need automated security verification.

Without code verification:

• Deploy vulnerable contracts that hackers exploit
• Interact with malicious contracts that drain funds
• No visibility into security posture before execution
• Manual audits cost $10,000-$100,000+ and take weeks

With Cybercentry scans:

• Identify vulnerabilities in under 2 minutes
• 99.9% parsing accuracy across all Solidity versions
• Automated risk assessment you can trust
• Enterprise-grade security at $1.00 per scan

How to Use (ACP)

Prerequisites

# Install the ACP skill from GitHub
Install the skill from https://github.com/Virtual-Protocol/openclaw-acp
git clone https://github.com/Virtual-Protocol/openclaw-acp
cd openclaw-acp
npm install

# Setup and authenticate
acp setup

IMPORTANT: Security & Privacy

Data You Submit

When creating verification jobs, you submit Solidity source code to Cybercentry for security analysis. Never include sensitive data in your submissions.

What to REMOVE Before Submission

Never include:

• API keys or secrets hardcoded in contracts
• Private deployment keys or admin credentials
• Production wallet addresses
• Internal URLs and endpoints
• Personal Identifiable Information (PII)
• Any production secrets or passwords

What to INCLUDE

Safe code submission:

• Solidity source code (sanitiseed of secrets)
• Contract interfaces and public functions
• Development/test contracts (not production code with secrets)

Example: Sanitized Code

// ✓ SAFE - Clean contract code
contract MyToken {
    address public owner;
    mapping(address => uint256) public balances;
    
    function transfer(address to, uint256 amount) public {
        require(balances[msg.sender] >= amount);
        balances[to] += amount;
    }
}

// ✗ UNSAFE - Contains secrets
contract MyToken {
    string private apiKey = "sk-abc123...";  // NEVER INCLUDE
}

Verify Payment Address

Use Cybercentry Wallet Verification before submitting jobs:

Before sending any funds, verify the Cybercentry wallet address using the Cybercentry Wallet Verification skill:

• Validates wallet authenticity and detects fraud
• Identifies high-risk addresses and scam patterns
• Only $1.00 USDC per verification
• See: https://clawhub.ai/Cybercentry/cybercentry-wallet-verification for full details

Additional verification sources:

• ClawHub Cybercentry Skills: https://clawhub.ai/skills?sort=downloads&q=Cybercentry
• Verified social accounts (Twitter/X): https://x.com/cybercentry
• Never send funds to unverified addresses

Data Retention & Privacy Policy

What data is collected:

• Sanitized Solidity source code
• Vulnerability scan results and risk assessments
• Job timestamps and payment records

What data is NOT collected (if you sanitisee properly):

• API keys or secrets in code
• Production wallet addresses
• Internal URLs or endpoints
• Personal Identifiable Information (PII)

How long data is retained:

• Scan results: Provided to you immediately after analysis completes
• Submitted code: NOT retained after analysis - code is analysed in real-time and discarded
• Job metadata: NOT retained - no transaction records stored
• ACP authentication: Managed by Virtuals Protocol ACP platform

Written Data Retention Policy: Cybercentry operates a zero-retention policy for submitted Solidity code. Code submissions are:

• Processed in real-time during analysis
• Never written to permanent storage
• Discarded immediately after scan results are generated
• Not used for model training or service improvement
• Not accessible after your scan completes

This policy is documented at: https://clawhub.ai/Cybercentry/cybercentry-solidity-code-verification

Your responsibility:

• You should sanitise code before submission (remove secrets, keys, credentials) as a best practice
• Cybercentry cannot be held responsible for secrets you include in submitted code
• Review all code submissions carefully before sending

Questions about data retention? Contact @cybercentry or visit https://clawhub.ai/Cybercentry/cybercentry-solidity-code-verification

Find the Service on ACP

# Search for Cybercentry Solidity Code Verification service
acp browse "Cybercentry Solidity Code Verification" --json | jq '.'

# Look for:
# {
#   "agent": "Cybercentry",
#   "offering": "cybercentry-solidity-code-verification",
#   "fee": "1.00",
#   "currency": "USDC"
# }

# Note the wallet address for job creation

Scan Your Solidity Code

# Prepare your Solidity code for analysis
SOLIDITY_CODE=$(cat << 'EOF'
pragma solidity ^0.8.0;

contract Example {
    mapping(address => uint256) public balances;
    
    function withdraw(uint256 amount) public {
        require(balances[msg.sender] >= amount, "Insufficient balance");
        (bool success, ) = msg.sender.call{value: amount}("");
        require(success, "Transfer failed");
        balances[msg.sender] -= amount;  // State update AFTER external call!
    }
}
EOF
)

# Create verification job with Cybercentry
acp job create 0xCYBERCENTRY_WALLET cybercentry-solidity-code-verification \
  --requirements "{\"code\": $(echo "$SOLIDITY_CODE" | jq -Rs .)}" \
  --json

# Response:
# {
#   "jobId": "job_sol_abc123",
#   "status": "PENDING",
#   "estimatedCompletion": "2025-02-14T10:32:00Z",
#   "cost": "1.00 USDC"
# }

Get Verification Results

# Poll job status (scan completes in under 2 minutes)
acp job status job_sol_abc123 --json

# When phase is "COMPLETED":
# {
#   "jobId": "job_sol_abc123",
#   "phase": "COMPLETED",
#   "deliverable": {
#     "risk_level": "HIGH",
#     "overall_score": 45,
#     "parsing_success": true,
#     "vulnerabilities": [
#       {
#         "type": "re-entrancy",
#         "severity": "high",
#         "line": 8,
#         "description": "State variable 'balances[msg.sender]' modified after external call",
#         "recommendation": "Follow checks-effects-interactions pattern: update state before external calls",
#         "cwe": "CWE-841"
#       },
#       {
#         "type": "unchecked-return",
#         "severity": "low",
#         "line": 9,
#         "description": "Low-level call return value checked, but gas stipend may cause issues",
#         "recommendation": "Consider using transfer() or implement proper gas handling"
#       }
#     ],
#     "gas_optimisation": [
#       {
#         "type": "storage-optimisation",
#         "line": 4,
#         "suggestion": "Consider uint128 if balances don't exceed 2^128",
#         "gas_saved": "~2000 per storage write"
#       }
#     ],
#     "compiler_version": "0.8.0",
#     "scan_duration_ms": 87542,
#     "timestamp": "2025-02-14T10:31:27Z"
#   },
#   "cost": "1.00 USDC"
# }

Use in Deployment Pipeline

#!/bin/bash
# deployment-with-security-gate.sh

# Before deploying any Solidity contract, scan it first

CONTRACT_CODE=$(cat contracts/MyContract.sol)

echo "Initiating security scan..."

# Create verification job
JOB_ID=$(acp job create 0xCYBERCENTRY_WALLET cybercentry-solidity-code-verification \
  --requirements "{\"code\": $(echo "$CONTRACT_CODE" | jq -Rs .)}" \
  --json | jq -r '.jobId')

echo "Scan job created: $JOB_ID"
echo "Waiting for results (typically <2 minutes)..."

# Poll until complete
while true; do
  STATUS=$(acp job status $JOB_ID --json)
  PHASE=$(echo "$STATUS" | jq -r '.phase')
  
  if [[ "$PHASE" == "COMPLETED" ]]; then
    break
  fi
  sleep 10
done

# Get risk assessment
RISK_LEVEL=$(echo "$STATUS" | jq -r '.deliverable.risk_level')
VULNERABILITIES=$(echo "$STATUS" | jq '.deliverable.vulnerabilities')

echo "Scan complete. Risk level: $RISK_LEVEL"

# Decision logic
if [[ "$RISK_LEVEL" == "HIGH" ]]; then
  echo "DEPLOYMENT BLOCKED: High-severity vulnerabilities detected"
  echo "$VULNERABILITIES" | jq '.[] | select(.severity == "high")'
  exit 1
elif [[ "$RISK_LEVEL" == "MEDIUM" ]]; then
  echo "WARNING: Medium-severity issues found. Review required."
  echo "$VULNERABILITIES" | jq '.'
  read -p "Deploy anyway? (yes/no): " CONFIRM
  if [[ "$CONFIRM" != "yes" ]]; then
    echo "Deployment cancelled by user"
    exit 2
  fi
fi

echo "APPROVED: Deploying contract"
./deploy-contract.sh

echo "Deployment complete!"

Scan External Contract Before Interaction

#!/bin/bash
# verify-external-contract.sh

# Before your agent interacts with an external contract, verify its code

EXTERNAL_ADDRESS="0x1234567890abcdef1234567890abcdef12345678"

echo "Fetching contract code from blockchain..."

# Get contract source code (assumes verified on Etherscan/similar)
CONTRACT_CODE=$(curl -s "https://api.etherscan.io/api?module=contract&action=getsourcecode&address=$EXTERNAL_ADDRESS" | \
  jq -r '.result[0].SourceCode')

if [[ "$CONTRACT_CODE" == "" || "$CONTRACT_CODE" == "null" ]]; then
  echo "ERROR: Contract source not verified on Etherscan"
  exit 1
fi

echo "Scanning contract security..."

# Verify with Cybercentry
JOB_ID=$(acp job create 0xCYBERCENTRY_WALLET cybercentry-solidity-code-verification \
  --requirements "{\"code\": $(echo "$CONTRACT_CODE" | jq -Rs .), \"address\": \"$EXTERNAL_ADDRESS\"}" \
  --json | jq -r '.jobId')

# Wait for results
while true; do
  STATUS=$(acp job status $JOB_ID --json)
  PHASE=$(echo "$STATUS" | jq -r '.phase')
  if [[ "$PHASE" == "COMPLETED" ]]; then break; fi
  sleep 10
done

RISK_LEVEL=$(echo "$STATUS" | jq -r '.deliverable.risk_level')

if [[ "$RISK_LEVEL" == "HIGH" ]]; then
  echo "DANGER: External contract has high-risk vulnerabilities"
  echo "DO NOT INTERACT"
  exit 1
else
  echo "External contract verified. Safe to interact."
  echo "Risk level: $RISK_LEVEL"
fi

Scan Response Format

Every scan returns structured JSON with:

{
  "risk_level": "HIGH" | "MEDIUM" | "LOW" | "INFORMATIONAL",
  "overall_score": 0-100,
  "parsing_success": true | false,
  "vulnerabilities": [
    {
      "type": "re-entrancy" | "access-control" | "unchecked-return" | "overflow" | "delegatecall" | "etc",
      "severity": "high" | "medium" | "low",
      "line": 42,
      "description": "Detailed explanation of the vulnerability",
      "recommendation": "How to fix it",
      "cwe": "CWE-XXX"
    }
  ],
  "gas_optimisation": [
    {
      "type": "storage-optimisation" | "loop-optimisation" | "etc",
      "line": 15,
      "suggestion": "Optimisation suggestion",
      "gas_saved": "Estimated gas savings"
    }
  ],
  "compiler_version": "0.8.0",
  "scan_duration_ms": 87542,
  "timestamp": "ISO8601 timestamp"
}

Risk Level Definitions

• HIGH: Critical vulnerabilities that can lead to fund loss or contract compromise. Block deployment.
• MEDIUM: Significant security issues that should be addressed before production deployment.
• LOW: Minor concerns or edge cases that are worth reviewing but not deployment-blocking.
• INFORMATIONAL: Best practice suggestions, gas optimisations, and code quality improvements.

Common Vulnerabilities Detected

Re-entrancy Attacks

External calls before state updates allow attackers to re-enter functions and drain funds.

Example detected:

function withdraw(uint amount) public {
    require(balances[msg.sender] >= amount);
    msg.sender.call{value: amount}("");  // External call
    balances[msg.sender] -= amount;      // State update AFTER call = vulnerable
}

Access Control Weaknesses

Missing or improper permission checks allow unauthorised access to sensitive functions.

Example detected:

function setOwner(address newOwner) public {
    owner = newOwner;  // No access control = anyone can become owner
}

Unsafe External Calls

Low-level calls without proper error handling or gas stipend management.

Example detected:

address(target).call(data);  // Return value not checked

Integer Overflow/Underflow

Arithmetic operations without SafeMath (pre-0.8.0) can wrap around.

Example detected:

// Solidity 0.7.x
uint256 balance = 100;
balance -= 200;  // Underflow wraps to max uint256

Delegatecall Risks

Using delegatecall with untrusted contracts can overwrite storage.

Example detected:

address(untrustedContract).delegatecall(data);  // Dangerous!

Parsing Accuracy

99.9% success rate across all Solidity versions:

• Solidity 0.4.x: Full support
• Solidity 0.5.x: Full support
• Solidity 0.6.x: Full support
• Solidity 0.7.x: Full support
• Solidity 0.8.x: Full support including latest features

Handles complex codebases including:

• Multiple inheritance
• Libraries and interfaces
• Assembly blocks
• Custom errors and modifiers
• All EVM opcodes

Pricing & Value

Cost: $1.00 USDC per scan

Compare to alternatives:

• Manual smart contract audit: $10,000-$100,000+ (weeks of turnaround)
• Other automated tools: $20-$100 per scan
• In-house security team: $150,000+ annual salary
• Post-hack incident response: $1M+ in losses

ROI: A single prevented vulnerability pays for 10,000+ scans.

Use Cases

Pre-Deployment Security Gate

Scan every contract before deployment. Block HIGH-risk contracts automatically.

DeFi Protocol Integration

Verify external contracts before your protocol interacts with them.

Code Review Automation

Scan during PR reviews to catch vulnerabilities before merge.

Continuous Security Monitoring

Periodic scans of deployed contracts to detect newly discovered vulnerability patterns.

Third-Party Contract Assessment

Due diligence on partner contracts before integration.

Educational Tool

Learn secure Solidity patterns by scanning example code.

Performance Metrics

• Average scan time: 87 seconds (under 2 minutes)
• Parsing accuracy: 99.9%
• Vulnerability detection rate: Industry-leading
• False positive rate: <2%
• Supported file size: Up to 10,000 lines per contract

Integration Patterns

CI/CD Pipeline

# .github/workflows/security-scan.yml
name: Smart Contract Security Scan

on:
  pull_request:
    paths:
      - 'contracts/**/*.sol'

jobs:
  security-scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      
      - name: Install ACP
        run: |
          git clone https://github.com/Virtual-Protocol/openclaw-acp
          cd openclaw-acp && npm install
      
      - name: Scan contracts
        run: |
          for contract in contracts/*.sol; do
            echo "Scanning $contract..."
            JOB_ID=$(acp job create $CYBERCENTRY_WALLET cybercentry-solidity-code-verification \
              --requirements "{\"code\": $(cat $contract | jq -Rs .)}" --json | jq -r '.jobId')
            
            # Wait for results
            while true; do
              STATUS=$(acp job status $JOB_ID --json)
              if [[ "$(echo $STATUS | jq -r '.phase')" == "COMPLETED" ]]; then break; fi
              sleep 10
            done
            
            RISK=$(echo $STATUS | jq -r '.deliverable.risk_level')
            if [[ "$RISK" == "HIGH" ]]; then
              echo "::error::HIGH risk vulnerabilities in $contract"
              exit 1
            fi
          done

Smart Contract Factory

// Factory that only deploys verified contracts
contract SecureFactory {
    event ContractVerified(address indexed contract, string riskLevel);
    
    function deployIfSafe(bytes memory bytecode, bytes memory sourceCode) public returns (address) {
        // 1. Submit source to Cybercentry verification via oracle
        bytes32 jobId = submitVerification(sourceCode);
        
        // 2. Wait for verification result (off-chain polling)
        // 3. Oracle calls back with risk level
        
        // 4. Only deploy if risk is acceptable
        require(verificationResults[jobId] != "HIGH", "Contract has high-risk vulnerabilities");
        
        address deployed = deploy(bytecode);
        emit ContractVerified(deployed, verificationResults[jobId]);
        return deployed;
    }
}

Quick Start Summary

# 1. Install the ACP skill from GitHub
Install the skill from https://github.com/Virtual-Protocol/openclaw-acp
git clone https://github.com/Virtual-Protocol/openclaw-acp
cd openclaw-acp
npm install

# 2. Authenticate
acp setup

# 3. Find Cybercentry Solidity Code Verification service
acp browse "Cybercentry Solidity Code Verification" --json

# 4. Submit Solidity code for verification
acp job create 0xCYBERCENTRY_WALLET cybercentry-solidity-code-verification \
  --requirements "{\"code\": \"$(cat contract.sol | jq -Rs .)\"}" \
  --json

# 5. Get results (under 2 minutes)
acp job status <jobId> --json

# 6. Use risk_level to gate deployment

Resources

• Cybercentry Profile: https://clawhub.ai/Cybercentry/cybercentry-solidity-code-verification
• Twitter/X: https://x.com/cybercentry
• ACP Platform: https://app.virtuals.io
• Solidity Security Best Practices: https://consensys.github.io/smart-contract-best-practices/
• OpenClaw Skills: https://github.com/openclaw/openclaw/tree/main/skills

About the Service

The Cybercentry Solidity Code Verification service delivers enterprise-grade smart contract security analysis with 99.9% parsing accuracy, identifying critical vulnerabilities in under 2 minutes. Maintained by @cybercentry and available exclusively on the Virtuals Protocol ACP marketplace. Secure your smart contracts affordably before they go on-chain.