NafuSec — Stellar Soroban Smart Contract Security Scanner

NafuSec provides deep vulnerability scanning and security scanning for Soroban smart contracts on the Stellar blockchain. Our scanner performs WASM bytecode inspection, on-chain risk analysis, deployer trust verification, and produces comprehensive scan reports with risk scores from 0 to 100.

Key features: Soroban smart contract security scan, Stellar blockchain vulnerability scanner, WASM bytecode analysis, on-chain heuristics, require_auth verification, upgradeability detection, admin centralization checks, mint and burn control analysis, cross-contract call risk assessment, storage TTL persistence checks, DeFi token scan, and Nafuloo ecosystem integration.

NAFU
Stellar Network Security Tool
Powered by
Nafuloo
Nafuloo

Scan Soroban
Smart Contracts

Deep vulnerability scanning and security scanning for Stellar's Soroban smart contracts. WASM bytecode inspection, static analysis, on-chain risk heuristics, and comprehensive scan reports — all powered by a nominal fee of 10,000 NAFU per scan (currently valued at a few cents in USD).

10
Check Categories
0–100
Risk Score
A–F
Grade System

Soroban Smart Contract Security Analysis

Purpose-built security analysis engine for Soroban smart contracts on the Stellar blockchain. WASM bytecode inspection, on-chain risk heuristics, and vulnerability detection — all checks follow Stellar ecosystem best practices.

NAFU

Static Analysis

10-category Soroban-specific checks: auth, upgradeability, mint/burn control, storage TTL, cross-contract risks, and more.

On-Chain Heuristics

Deployer age analysis, invocation patterns, admin centralization detection, and upgrade history tracking via Horizon.

Risk Scoring

0–100 score with letter grade (A–F), confidence level, and explainable deductions per finding severity.

Detailed Reports

Every finding includes severity, why it matters, how to fix it, code context, and Soroban best-practice references.

Payment Gated

A nominal fee of 10,000 NAFU per scan (currently valued at a few cents in USD) with on-chain payment verification, anti-replay invoice binding, and treasury routing.

Scan History

Full scan history of all your scans with filtering, downloadable reports, and invoice tracking.

10 Soroban Security Check Categories

Every smart contract scan runs through a comprehensive ruleset covering Soroban-specific vulnerabilities, Stellar on-chain risk patterns, and WASM bytecode analysis.

Missing require_auth on privileged functions
Upgradeability & admin control risks
Mint/burn supply manipulation
Blacklist/freeze/clawback logic
Storage TTL state persistence risks
Cross-contract call vulnerabilities
Precision & rounding issues
DoS via unbounded loops
Event transparency gaps
Deployer account age heuristics

Smart Contract Risk Grading System

Clear, actionable security grades for Soroban contracts backed by explainable score deductions per vulnerability finding.

A90–100Minimal risk
B75–89Low risk
C60–74Moderate risk
D45–59High risk
F0–44Critical risk

How It Works

01

Connect Wallet

Link your Stellar wallet via Freighter or paste your public key.

02

Enter Contract

Paste the Soroban contract ID and select mainnet or testnet.

03

Pay 10,000 NAFU

Send a nominal 10,000 NAFU (currently valued at a few cents in USD) to treasury with the scan invoice memo.

04

Get Report

Receive a full vulnerability report with score, findings, and fixes.

Ready to Scan Your Contract?

Join the Nafuloo ecosystem and secure your Soroban smart contracts on the Stellar blockchain today. A nominal 10,000 NAFU per security scan (currently valued at a few cents in USD) — transparent, on-chain, and verifiable.