Move Scanner - Automated Vulnerability Detection

Advanced automated security scanning tool designed specifically for Move smart contracts, leveraging AI and static analysis to identify vulnerabilities and security issues in Move-based blockchain applications.

AI-Powered Security Scanning

BitsLabAI Scanner Technology

Move Scanner uses machine learning models trained on Move vulnerabilities to provide:

• Pattern Matching: Detection of known vulnerability types in Move code
• AI-Powered Detection: Machine learning models trained on Move vulnerabilities for novel attack pattern identification
• Context-Aware Analysis: Intelligent vulnerability identification with reduced false positives
• Static Analysis: Automated code analysis without execution including control flow and data flow analysis
• Taint Analysis: Tracking of security-sensitive data through code

Proven Performance

The BitsLabAI Scanner demonstrated exceptional performance in the SuiDex public audit competition, securing second place and outperforming numerous manual audit participants. This validates the effectiveness of MoveBit's AI-driven scanning capabilities in real-world security analysis.

Vulnerability Detection

Common Move Vulnerabilities

• Access control issues
• Resource leaks and improper resource handling
• Integer overflow/underflow risks
• Reentrancy patterns (where applicable)
• Unprotected state modifications
• Missing capability checks
• Improper error handling

Move-Specific Issues

• Resource safety violations
• Ability/capability misuse
• Object ownership issues (Sui)
• Global storage access patterns
• Module publishing and upgrade risks
• Native function misuse

Code Quality Analysis

• Gas inefficiencies
• Dead code detection
• Unused variables and imports
• Best practice violations
• Code complexity metrics
• Naming convention issues

Integration Options

Standalone Tool

• Web-based interface for quick scans
• Upload Move source code or package
• Instant vulnerability reports
• Downloadable scan results

CI/CD Integration

• Automated scanning in build pipelines
• GitHub Actions integration
• GitLab CI support
• Pre-deployment security gates
• Webhook notifications for findings

IDE Integration

• Real-time scanning in development environment
• Integration with Move Analyzer extensions
• Inline vulnerability warnings
• Quick fix suggestions

Comprehensive Reporting

Scan Reports Include

• Severity classification (Critical, High, Medium, Low, Info)
• Detailed vulnerability descriptions
• Line-by-line code references
• Remediation recommendations
• Code examples for fixes
• Impact assessment

Metrics & Statistics

• Overall security score
• Vulnerability breakdown by type
• Code quality metrics
• Complexity analysis
• Test coverage insights (if tests provided)

Advanced Features

Continuous Monitoring

• Regular re-scanning of deployed contracts
• Notification of newly discovered vulnerability patterns
• Tracking fixes over time
• Historical scan comparison

Custom Rules

• Project-specific security rules
• Organization security policies
• Custom pattern detection
• Whitelist for false positives

Multi-Chain Support

• Sui Move contract scanning
• Aptos Move contract scanning
• Framework-specific analysis
• Chain-specific vulnerability patterns

Complementary to Manual Audits

While Move Scanner provides powerful automated analysis, MoveBit recommends combining automated scanning with professional manual audits for comprehensive security coverage. The scanner excels at quick initial security assessment, continuous monitoring during development, catching common mistakes early, and providing fast feedback loops.