Tameshi

Appearance

TameshiSmart Contract Security Analysis

Unified vulnerability scanning framework for Solidity with multi-tier analysis and AI-powered detection

Get Started
Quick Start
Tameshi LogoTameshi Logo

Multi-Tier Analysis

14 source + 10 IR + 1 LLM scanner working together. Optional AI validation for higher confidence findings

Fast Analysis

Scans incomplete, under-construction code in <1 second. No compilation required. Works on syntactically invalid Solidity

25 Vulnerability Scanners

Comprehensive coverage of reentrancy, access control, integer overflows, DoS patterns, and more

Real-Time VSCode Integration

Inline diagnostics, findings triage, and smart AI rescan as you type. No manual scan triggers needed

What is Tameshi?

Tameshi (試し, Japanese: "test" or "trial") reflects the practice of testing a blade's sharpness. Like a swordsmith meticulously examining their work, Tameshi tests smart contracts with precision and thoroughness.

Tameshi is a real-time vulnerability scanner for Solidity smart contracts. It combines:

  • Source-level scanning - Fast AST analysis, works on incomplete/invalid code (<1s)
  • IR-level scanning (via ThalIR) - Semantic analysis through intermediate representation
  • LLM-powered analysis (optional) - AI validates and augments deterministic findings

Works on incomplete code: Tree-sitter parser handles syntactically invalid Solidity during active development. No compilation required. Get security feedback as you type.

Who is Tameshi for?

Solidity Developers - Get instant security feedback as you type. No waiting for compilation. Catch vulnerabilities in incomplete code during active development.

Security Researchers - Run comprehensive audits combining deterministic pattern matching with optional LLM analysis for higher confidence.

Smart Contract Auditors - Generate detailed reports with severity ratings, confidence scores, and SARIF export for client deliverables.

Analysis Pipeline

Key Capabilities

Real-Time Analysis on Incomplete Code

Fast scans (<1s) on code under construction:

  • Works on syntactically invalid Solidity
  • No compilation required
  • Tree-sitter parser handles partial code
  • Get feedback during active development, not just on complete code

Multi-Tier Detection

Three complementary analysis layers:

  • 14 source-level scanners for fast AST analysis
  • 10 IR-level scanners for semantic precision
  • 1 LLM scanner (optional) for validation and novel pattern discovery
  • Finding correlation engine links related issues across scanners

Vulnerability Coverage

9 major security categories:

  • Reentrancy (classic, cross-function, read-only)
  • Access control and privilege escalation
  • Integer arithmetic vulnerabilities
  • Dangerous operations (delegatecall, selfdestruct)
  • Denial of Service patterns
  • Unchecked external calls
  • Time dependencies and miner manipulation
  • Price manipulation and oracle attacks
  • State modification issues

VSCode Integration

Security feedback as you type:

  • Inline diagnostics appear instantly (<1s)
  • Smart AI rescan on modified lines only
  • Findings triage with correlation grouping
  • SARIF export for GitHub Code Scanning

Get Started

  1. Install Tameshi - Set up the CLI and VSCode extension
  2. Run your first scan - 5-minute tutorial
  3. Explore scanners - See what vulnerabilities Tameshi detects

Released under the MIT License.

Copyright © 2025 Tameshi Contributors