cosmos-vulnerability-scanner

Installation

Summary

Scans Cosmos SDK blockchains and CosmWasm contracts for 9 consensus-critical vulnerabilities.

Detects non-determinism, incorrect signers, ABCI panics, rounding errors, missing validations, and reentrancy patterns that cause chain halts or fund loss
Supports Go (Cosmos SDK modules) and Rust (CosmWasm contracts) with automatic platform detection via file extensions and import markers
Provides detailed findings with vulnerable code snippets, attack scenarios, and step-by-step remediation guidance
Includes scanning workflow covering non-determinism sweeps, ABCI method analysis, message validation, and arithmetic bookkeeping checks

SKILL.md

Cosmos Vulnerability Scanner

Purpose

Scan Cosmos SDK modules and CosmWasm contracts for vulnerabilities that cause chain halts, consensus failures, or fund loss. Spawns parallel scanning agents — each specializing in a vulnerability category — that return findings to the main skill, which then writes them as individual markdown files to an output directory.

Output directory: defaults to .bughunt_cosmos/. If the user specifies a different directory in their prompt, use that instead.

When to Use

Auditing Cosmos SDK modules (custom x/ modules)
Reviewing CosmWasm smart contracts
Pre-launch security assessment of Cosmos chains
Investigating chain halt incidents

When NOT to Use

Pure Solidity/EVM audits without Cosmos SDK — use Solidity-specific tools
CometBFT consensus engine internals — this covers SDK modules, not the consensus layer itself

Related skills

More from trailofbits/skills

Installs

2.2K

Repository

trailofbits/skills

GitHub Stars

5.1K

First Seen

Jan 19, 2026

Security Audits

Gen Agent Trust HubPass

SocketPass

SnykPass

cosmos-vulnerability-scanner

Cosmos Vulnerability Scanner

Purpose

When to Use

When NOT to Use

More from trailofbits/skills

ask-questions-if-underspecified

semgrep

modern-python

codeql

insecure-defaults

secure-workflow-guide