SFA VectorEyes is a powerful tool for vulnerability report vectorization and detection library building for smart contract security analysis. It enables security researchers, auditors, and blockchain developers to create, manage, and apply sophisticated vulnerability detection templates to identify security issues in smart contracts.
- Accept vulnerability reports from URLs, Markdown files, or GitHub repositories
- Extract and analyze vulnerability types, patterns, and insights
- Generate detection patterns and templates using LLM analysis
- Aggregate vectorized reports by vulnerability category
- Generate comprehensive detection templates with LLM enhancement
- Create a robust vulnerability detection library for smart contract scanning
- Session-only API key storage with no disk persistence
- Support for both local (Ollama) and cloud (OpenRouter) LLM services
- Easy switching between different LLM providers during runtime
- SQLite-based storage for vulnerability reports and detection patterns
- Tools to view, manage, and clean database entries
- Export and import capabilities for sharing vulnerability knowledge
- Python 3.8 or higher
- Astral uv for dependency management and running the application
- Ollama (optional, for local LLM processing)
- OpenRouter API key (optional, for cloud LLM processing)
SFA VectorEyes is designed as a single file application with dependencies specified at the top of the file. This makes installation and usage straightforward:
- Clone the repository or download the SFA_VectorEyes.py file
- Ensure you have Astral uv installed (
pip install uv) - Run the application using uv
# Run the application
uv run SFA_VectorEyes.pyNo separate installation steps are required as uv will handle all dependencies automatically.
When you first launch SFA VectorEyes, you'll be prompted to choose between local (Ollama) or cloud (OpenRouter) LLM services:
╭────────────── Welcome to SFA VectorEyes ─────────────────╮
│ API Key Selection │
│ │
│ You can use Ollama (local) or OpenRouter (cloud) for LLM │
│ services. │
│ OpenRouter provides access to more powerful models but │
│ requires an API key. │
│ For security, your API key will only be stored in memory │
│ for this session. │
╰──────────────────────────────────────────────────────────╯
Would you like to use OpenRouter? [yes/no] (no):
If you choose OpenRouter, you'll be prompted to enter your API key, which will be stored securely in memory only for the current session.
The main menu provides access to all SFA VectorEyes features:
╭─────────────────────────────────────────────────╮
│ │
│ SFA VectorEyes │
│ │
╰─────────────────────────────────────────────────╯
╭────────────────── Main Menu ──────────────────╮
│ │
│ 1. Vectorize Report │
│ │
│ 2. View Reports │
│ │
│ 3. Delete Reports │
│ │
│ 4. Build & Save Detection Library │
│ │
│ 5. View Detection Library │
│ │
│ 6. Delete Detection Library Entries │
│ │
│ 7. Update API Keys │
│ │
│ 8. Exit │
│ │
╰───────────────────────────────────────────────╯
- Select option 1 from the main menu
- Enter the URL of a vulnerability report (GitHub issues, blog posts, etc.)
- The report will be downloaded, analyzed, and vectorized
- The resulting vulnerability data will be stored in the database
- Select option 4 from the main menu
- SFA VectorEyes will process all vectorized reports
- Reports will be categorized by vulnerability type
- Advanced detection templates will be generated for each vulnerability type
- The complete detection library will be saved to the database
SFA VectorEyes uses a secure, session-only approach to API key management:
- Select option 7 from the main menu
- View current API settings (with masked API key for security)
- Update your OpenRouter API key
- Switch between local (Ollama) and cloud (OpenRouter) providers
- Update the default model for either provider
API keys are never saved to disk, ensuring maximum security.
╭────────── Session-Based API Key Management ──────────╮
│ API Key Management │
│ │
│ Update your API keys for the current session. │
│ For security, keys are only stored in memory and not │
│ saved to disk. │
╰──────────────────────────────────────────────────────╯
API Provider openrouter
OpenRouter API Key sk-o*********************…
Default Model deepseek/deepseek-r1-distill-l…
1. Update OpenRouter API Key
2. Switch to Ollama (local)
3. Switch to OpenRouter (cloud)
4. Update Default Model
5. Back to Main Menu
SFA VectorEyes is designed to work seamlessly with DeepCurrent:
- Use SFA VectorEyes to create a robust vulnerability detection library
- Transfer templates to DeepCurrent using the
copy_templates.pyscript - DeepCurrent can then use these templates for vulnerability scanning
# Copy templates from VectorEyes to DeepCurrent
uv run copy_templates.py- Vectorize multiple vulnerability reports (option 1)
- Build and save the detection library (option 4)
- Copy templates to DeepCurrent for vulnerability scanning
- Scan smart contracts using DeepCurrent's vulnerability detection
- Use
remove_unknown_reports.pyto clean up the database - Rebuild the detection library with clean data
- Copy updated templates to DeepCurrent
- Security: Use the session-based API key management for maximum security
- Model Selection: For detailed analysis, use powerful OpenRouter models; for quick analysis, use local Ollama models
- Regular Updates: Regularly add new vulnerability reports to improve detection capabilities
- Clean Data: Periodically clean the database of unknown or low-quality reports
- LLM Connection Issues: Verify your internet connection and API keys
- Database Errors: Ensure you have appropriate permissions for file access
- Template Generation Failures: Try using a more powerful model or simplifying the report
- Developed by pxng0lin/ThΞ CxgΞ
- Enhanced with secure API key management for improved security
- Leveraging cutting-edge LLM technology for vulnerability analysis