Your First Scan
This guide walks you through uploading a smart contract and running your first security scan. Make sure you have: - A BlockSecOps account (create one) - A...
Your First Scan
This guide walks you through uploading a smart contract and running your first security scan.
Before You Start
Make sure you have:
- A BlockSecOps account (create one)
- A smart contract file (.sol, .vy, or .rs)
Don't have a contract? Use our sample contract to test the platform.
Step 1: Access the Dashboard
- Log in at app.blocksecops.com
- You'll land on the Dashboard
The dashboard shows:
- Recent scans
- Vulnerability trends
- Quick actions
Step 2: Upload Your Contract
Single File Upload
For a single contract file:
- Click New Scan or drag your file to the upload area
- Select your
.sol,.vy, or.rsfile - The file appears in the upload list
File requirements:
- Maximum size: 1 MB (Free), 5 MB (Developer+)
- Supported extensions:
.sol,.vy,.rs
Project Upload
For projects with multiple files (Foundry, Hardhat):
- Create a ZIP archive of your project folder
- Upload the
.zipfile - BlockSecOps detects your framework automatically
Framework detection:
foundry.toml→ Foundry projecthardhat.config.js→ Hardhat project
See Uploading Projects for details.
Step 3: Select Scanners
After uploading, choose which scanners to run.
Scan Presets
| Preset | Description | Scanners | Time |
|---|---|---|---|
| Quick | Fast feedback | Slither, Aderyn | ~1 min |
| Standard | Balanced coverage | + Semgrep, Solhint, Wake | ~3 min |
| Deep | Comprehensive | All 17+ scanners | ~10 min |
Manual Selection
Click Custom to select individual scanners:
Static Analysis:
- Slither - Industry standard, 93 detectors
- Aderyn - Fast Rust-based analyzer, 88 detectors
- SolidityDefend - 204+ detectors (Developer+)
- Semgrep - Pattern-based analysis
- Solhint - Linting and best practices
- Wake - Framework-aware analysis
- Mythril - Symbolic execution
Fuzzing (project mode only):
- Echidna - Property-based fuzzing
- Medusa - Fast fuzzing
- Halmos - Symbolic testing
Step 4: Start the Scan
- Review your selections
- Click Start Scan
The scan begins immediately. You'll see:
- Real-time progress for each scanner
- Estimated time remaining
- Scanner status (running, complete, failed)
Tip: You can navigate away - the scan continues in the background.
Step 5: View Results
When the scan completes, you'll see the results page.
Summary View
The top of the page shows:
- Total findings - Number of vulnerabilities found
- By severity - Critical, High, Medium, Low counts
- Scanners run - Which scanners completed
Findings List
Each finding includes:
- Title - What the vulnerability is
- Severity - Critical, High, Medium, or Low
- Location - File and line number
- Scanner - Which tool found it
- Description - Detailed explanation
- Recommendation - How to fix it
Code Context
Click any finding to see:
- Source code snippet
- Highlighted vulnerable lines
- Full file context
Understanding Severity Levels
| Level | Icon | Meaning | Example |
|---|---|---|---|
| Critical | Red | Immediate exploitation risk | Reentrancy, access control bypass |
| High | Orange | Serious security issue | Integer overflow, unchecked call |
| Medium | Yellow | Moderate concern | Missing events, gas issues |
| Low | Blue | Minor issue | Code style, informational |
Example Results
Here's what a typical scan might show:
Summary: 1 Critical, 3 High, 5 Medium, 12 Low
Critical (1):
- Reentrancy in withdraw() - Line 45
High (3):
- Unchecked transfer return value - Line 78
- Missing access control - Line 23
- Integer overflow possible - Line 112
Medium (5):
- Missing event emission - Line 34
- Floating pragma - Line 1
- ...
Low (12):
- Variable naming - Line 15
- Unused variable - Line 89
- ...
What to Do Next
Triage Findings
- Start with Critical - These need immediate attention
- Review High - Plan to fix before deployment
- Evaluate Medium - Determine if actionable
- Consider Low - Fix if time permits
Mark Finding Status
For each finding, you can:
- Acknowledge - Issue noted, will address
- Fix - Mark when resolved
- False Positive - Not actually a vulnerability
Export Results
Download your results in:
- PDF - Share with team or auditors
- JSON - Process programmatically
- SARIF - Import into other tools
Next Steps
- Understanding Results - Deep dive into findings
- Scanner Catalog - Learn about each scanner
- Managing Findings - Triage and track
- Next Steps - Where to go from here