FAQs
General Information
What's LISA?
LISA is designed for detecting logic vulnerabilities in smart contracts, particularly complex flaws (e.g., business logic bugs) that traditional static analysis tools struggle to identify. By combining GPT's semantic understanding with static analysis precision, it effectively detects Web3 security vulnerabilities missed by conventional tools.
What if there is a false positive?
LISA is powered by LLMs, which means it is not perfect and may sometimes generate false positives. If you find a false positive, we welcome you to report it to us by email at [email protected].
Scan & Results
What smart contract languages are supported?
LISA currently supports the following smart contract languages:
- Solidity
We are currently working on supporting more languages like Rust, Vyper, etc. and the support for these languages will be available soon.
Are my scan results public?
The visibility of a scan result depends on the chat session it belongs to. Pro users can change the visibility of their chat sessions, which in turn changes the visibility of the scan results. Users on a free plan can only have public scan sessions.
However, any chat session can be permanently removed by its owner, whereas all associated scan results will be deleted as well.
How can I submit files to LISA?
You can provide files to LISA in the following ways:
- Uploading files directly from your local machine
- Providing a URL to a file
- Providing the source code inline in the chat
- (Coming soon) Providing a URL to a GitHub repository
How long does it take to analyze a file?
The time it takes to analyze a file depends on the size of the file and the complexity of the code. Generally, it takes about 3-7 minutes to analyze a file. Code summary and protocol diagram generation normally takes less than 1 minute.
What is the difference between a "partial" and "full" disclosure for a scan result?
A "partial" disclosure means only the title of the findings / issues in a public scan result are visible publicly, the details like description, recommendation, etc. are redacted.
A "full" disclosure means all the details of the findings / issues in a public scan result are visible publicly.
By default, all public scan results are only partially disclosed to avoid information that can be used to exploit the vulnerability. When you switch the result to a full disclosure, we encourage you to be responsible and take extra precautions to avoid exposing sensitive information.
You can switch the disclosure level of a scan result in the detail view of the scan result.
Plans & Credits
How many credits does a scan cost?
Credit consumption is currently based on the total number of effective lines of smart contracts. You can see the actual usage in the detail view of each individual scan.
What's the difference between the free (starter) and pro subscription plans?
Here is a detailed comparison between the free (starter) and pro subscriptions:
| Feature | Free (starter) | Pro |
|---|---|---|
| Scan capacity | Shared Instance, Rate limited | Prioritized Scan, High throughput |
| Scan timeout | 10 minutes | 60 minutes |
| Multi-file scan | No | Yes |
| Session history | 7 Days | Unlimited |
| Credits | One-time starter credits | Monthly credits |
Can I buy credits separately?
Yes, you can purchase top-up credits separately. Click "Buy Credits" in the dropdown menu of Credit Status, located at the top-right corner of the interface.