Live Demo
See Garrison In Action
A real audit run against a deliberately vulnerable DeFi smart contract. Explore the full report, interactive attack graph, and all output formats.
51.5/100
Risk Score
Report Formats
Security Audit Report — HTML
Interactive Attack Path Graph
Key Findings
| # | Finding | Severity | Rule ID | Location |
|---|---|---|---|---|
| 1 | Flash Loan Reentrancy | Critical | FLASH_LOAN_REENTRANCY | VulnerableVault.sol:240 |
| 2 | Oracle Staleness Check (×4) | Critical | ORACLE_STALENESS_CHECK | VulnerableVault.sol:22,23,214,219 |
| 3 | Unchecked External Call (×6) | Critical | UNCHECKED_EXTERNAL_CALL | VulnerableVault.sol:76,88,116… |
| 4 | Signature Replay Attack | High | SIGNATURE_REPLAY | VulnerableVault.sol:234 |
| 5 | Missing Slippage Protection | High | MISSING_SLIPPAGE_PROTECTION | VulnerableVault.sol:209 |
| 6 | Delegatecall Usage | High | DELEGATECALL_USAGE | VulnerableVault.sol:110 |
| 7 | tx.origin Authentication | High | TX_ORIGIN_USAGE | VulnerableVault.sol:103 |
| 8 | Hidden Mint Path | High | HIDDEN_MINT | VulnerableVault.sol:156,159 |
| 9 | Arbitrary External Call | High | ARBITRARY_EXTERNAL_CALL | VulnerableVault.sol:0 |
| 10 | Centralization Risk (×2) | Medium | CENTRALIZATION_RISK | VulnerableVault.sol:255,259 |
| 11 | Block Timestamp Randomness (×3) | Medium | BLOCK_TIMESTAMP_RANDOMNESS | VulnerableVault.sol:67,126,202 |
| 12 | Divide Before Multiply (×4) | Medium | DIVIDE_BEFORE_MULTIPLY | Multiple locations |
Output Formats
HTML Report
Full interactive audit report with collapsible findings, severity badges, and code snippets. Ideal for sharing with stakeholders.
.html
Attack Graph
D3.js force-directed graph visualizing vulnerability relationships, call chains, and attack paths across contracts.
.html (D3.js)
Markdown Report
Plain Markdown output for embedding in GitHub PRs, wikis, or any documentation system. Human-readable and version-control friendly.
.md
SARIF Output
Static Analysis Results Interchange Format — integrates natively with GitHub Code Scanning, VS Code, and any SARIF-compatible CI/CD pipeline.
.sarif
Ready to Audit Your Own Contracts?
Run Garrison against your smart contracts in minutes. Open source and free to use.