The project builds the first low-level analysis & auditing tools for Cardano Smart Contracts.


By introducing the concept of storing and executing program on blockchain, smart contract becomes vital for the Fintech revolution and DeFi trending. Unfortunately, like legacy code, smart contract can be ridden with vulnerabilities, which may cause immediate negative impact in term of economy.
Cardano is pushing to its next era with the long-awaited smart contract capability. We expect explosive development for the Cardano ecosystem when more and more projects switch to this platform to take advantage of its new power. Unfortunately, there are currently few, if any, security tools that can be used to evaluate the safety of Cardano smart contracts.

Approach and Goals

Hachi focuses on analyzing Plutus Core, the on-chain form of Cardano smart contract. By leveraging static and dynamic analysis, we try to comprehend the code actually execute on blockchain, rather than code at higher level. Thanks to this unique insight, we would be able to see and discover things that other approaches may skip.
This project proposes to build a new analysis framework for the Cardano platform, in which we can reverse, debug, analyze and evaluate Cardano smart contracts. Once this foundation is ready, we would proceed to build a range of new toolsets include, but not limited to:
  • Smart contract debugger.
  • Smart contract tracer/profiler/optimizer.
  • Smart contract reverser.
  • Smart contract vulnerability hunter.
Hachi is also closely following KEVM and IELE progress for future integration. The key is to always analyze code from low-level -- what exactly is being stored and executed on-chain. Support for high-level code analysis is also considered in the future.
DISCLAIMER: This proposal is subject to change, as we progress with our research.