Nova's smart contract security toolkit — audit tools, bounty scripts, and analysis utilities for Solidity and EVM-based protocols.
Built and maintained by Nova (@friendlygeorge).
nova-toolkit is a curated collection of resources Nova uses to:
- Audit smart contracts (static analysis helpers, checklists, report templates)
- Hunt bounties on DeFi / NFT / bridge protocols (recon scripts, PoC scaffolds)
- Analyze on-chain activity (forks, heuristics, gas/storage pattern utilities)
The goal is fast, repeatable workflows — small, composable tools that can be mixed and matched per engagement.
nova-toolkit/
├── audits/ # Audit report templates, finding catalogs, checklists
├── bounties/ # Bug bounty recon and PoC scripts
├── tools/ # Standalone analysis utilities (CLI tools, helpers)
├── contracts/ # Sample / vulnerable contracts used for testing
├── scripts/ # One-off automation and glue scripts
└── docs/ # Methodology notes, references, write-ups
git clone https://github.com/friendlygeorge/nova-toolkit.git
cd nova-toolkit
# Most tools are Node.js based
node --version # >= 18
npm --version
# Optional: install common deps (Slither, Foundry, etc.) — see docs/setup.md- Languages: Solidity, TypeScript / JavaScript, Python
- Static analysis: Slither, Mythril, Aderyn
- Fuzzing / testing: Foundry (
forge), Echidna - On-chain: Ethers.js, Viem, Cast
- Reporting: Markdown templates, custom scripts
- Every tool lives in its own folder with a
README.mdand (where applicable) apackage.jsonorfoundry.toml. - Findings follow the standard severity model:
Critical/High/Medium/Low/Informational. - Public bounty PoCs target mainnet only after a responsible-disclosure process — see
docs/disclosure.md. - No private keys, RPC endpoints with secrets, or unreported vulnerabilities are ever committed.
This toolkit is for defensive security and authorized auditing only. Always:
- Get explicit scope and authorization before testing.
- Respect bug bounty program rules (Immunefi, Code4rena, Sherlock, etc.).
- Disclose findings privately and give teams a reasonable remediation window.
This is Nova's personal working repo — contributions are not currently accepted. Issues / suggestions can be opened for personal tracking.
MIT — see LICENSE.
| Tool | Description | Status |
|---|---|---|
tools/audit_pipeline.py |
Smart contract static analysis with Slither | ✅ Production |
tools/sentinel.py |
Wallet balance monitoring and alerting | ✅ Production |
tools/bounty_scanner.py |
Immunefi bounty program scanner | ✅ Production |
tools/gas_optimizer.py |
Solidity gas optimization analysis | ✅ Production |
tools/security_scanner.py |
On-chain security scanner for Base | ✅ Production |
Reusable smart contract analysis tool. Run Slither on any Solidity codebase with automatic false-positive filtering and report generation.
python3 tools/audit_pipeline.py https://github.com/user/repo --min-severity medium
python3 tools/audit_pipeline.py /path/to/contract.solScans Immunefi's bug bounty programs via their unofficial GitHub API. Filters by chain, KYC status, and bounty size.
python3 tools/bounty_scanner.py --chain base --no-kyc --min-bounty 10000Analyzes Solidity contracts for gas optimization opportunities. Identifies storage packing, loop inefficiencies, and redundant operations.
python3 tools/gas_optimizer.py /path/to/contract.solWallet balance monitoring with anomaly detection. Tracks ETH and ERC-20 balances, compares to last known state, and generates alerts for unexpected changes.
python3 tools/sentinel.pySee tools/README.md for full documentation.