GasGuard is an open-source static analysis tool built to secure and optimize the Stellar ecosystem (Soroban), with extended support for Ethereum and Layer 2 networks. By identifying inefficient storage patterns and redundant operations during development, GasGuard enables developers to ship leaner code, reducing end-user transaction costs by an estimated 15-30%.
In the high-stakes world of smart contracts, inefficient code is more than a nuisanceβit's an expense. GasGuard analyzes codebases to find "gas-heavy" patterns before they reach the mainnet. Specifically optimized for Soroban's resource limits, it ensures that Stellar developers can maximize their contract's efficiency and reach.
As Web3 scales, transaction costs remain a significant barrier to entry.
- Legacy Patterns: Many developers use outdated coding patterns that result in "bloated" contracts.
- Tooling Gap: Existing tools are often too complex for junior developers or lack native support for modern environments like Soroban or Optimism.
- Resource Exhaustion: On Stellar, exceeding CPU or Ledger limits can cause contract failure; developers need early-warning systems to prevent this.
- π Static Analysis: Scans code for common gas-heavy patterns (e.g., inefficient loops, unoptimized storage slots).
- π‘ Auto-Refactor Suggestions: Provides "Copy-Paste" ready code snippets to replace inefficient logic instantly.
- π€ CI/CD Integration: A dedicated GitHub Action that runs on every push, ensuring no "gas regressions" are introduced.
- π Educational Tooltips: Every suggestion includes a link to documentation explaining why the change saves money, fostering developer growth.
- Phase 1: Complete the Core CLI tool for local developer use (Rust/Soroban focus).
- Phase 2: Launch the GitHub Action Marketplace integration for automated PR reviews.
- Phase 3: Establish a "Community Ruleset" allowing users to contribute new optimization patterns via Pull Requests.
- Public Good: The core engine is 100% free and MIT-licensed to benefit the entire developer community.
- Scalability: The modular design allows us to add support for 3 new languages (Rust, Vyper, Move) over the next 6 months.
- Sustainability: We use Drips to "pass through" 15% of our funding to the foundational security libraries (like Slither or Cargo-Audit) that power our engine.
GasGuard/
βββ apps/
β βββ api/ # Nest.js backend handling remote scan requests
β βββ api-service/ # Enhanced API service with database and E2E testing
βββ libs/
β βββ engine/ # Core logic for parsing Rust, Solidity, and Vyper
βββ packages/
β βββ rules/ # Library of optimization rules and logic
βββ .gitignore # Optimized for Node.js and Rust
βββ LICENSE # MIT Licensed
The public API includes IP-based rate limiting to protect against abuse and ensure fair usage.
| Setting | Value | Description |
|---|---|---|
| Limit | 10 requests | Maximum requests per IP address |
| Window | 60 seconds | Time window for rate limit |
| Response | HTTP 429 | Returned when limit is exceeded |
Rate limiting is implemented using @nestjs/throttler and applies globally to all public API endpoints.
cd apps/api
npm install
npm run startThe API will be available at http://localhost:3000.
The GasGuard API uses NestJS built-in versioning with URI-based versioning strategy. All endpoints require a version prefix.
- Type: URI-based versioning
- Current Version:
v1 - Format: All endpoints must include
/v1/prefix - Unversioned Requests: Return
404 Not Found
# β
Correct - Versioned endpoint
GET /v1/example
# β Incorrect - Unversioned (returns 404)
GET /exampleWhen creating new controllers, always include the @Version('1') decorator:
import { Controller, Get, Version } from '@nestjs/common';
@Controller('users')
@Version('1')
export class UsersController {
@Get()
findAll() {
// Accessible at GET /v1/users
}
}Versioning is configured in apps/api/src/main.ts:
app.enableVersioning({
type: VersioningType.URI,
// No defaultVersion - unversioned requests return 404
});This ensures all API consumers explicitly specify the version, making the API future-proof for version migrations.
GasGuard includes comprehensive end-to-end testing to ensure reliable gasless transaction flows across all services.
- Framework: Jest with Supertest for API testing
- Blockchain: Hardhat local network for contract interactions
- Services: Dockerized PostgreSQL, Redis, and mock RPC providers
- Coverage: Full gasless transaction workflows and failure scenarios
# Install dependencies
pnpm install
# Start test environment
docker-compose -f apps/api-service/docker-compose.e2e.yml up -d
# Run E2E tests
cd apps/api-service
pnpm run test:e2e
# Or run from root
pnpm run test:e2eapps/api-service/test/
βββ e2e/ # E2E test suites
β βββ basic-api.e2e-spec.ts
β βββ gasless-transaction.e2e-spec.ts
β βββ failure-scenarios.e2e-spec.ts
β βββ contract-interaction.e2e-spec.ts
βββ utils/ # Test utilities
β βββ test-helpers.ts
β βββ blockchain-setup.ts
βββ fixtures/ # Test data fixtures
For detailed information, see:
- Node.js 18+
- Docker & Docker Compose
- pnpm package manager
- Rust toolchain (for core engine)
# Clone the repository
git clone https://github.com/your-username/GasGuard.git
cd GasGuard
# Install dependencies
pnpm install
# Run tests
pnpm run test
# Start the API
cd apps/api
npm run start:devWe welcome contributions! Please see our contributing guidelines for more details.
This project is licensed under the MIT License - see the LICENSE file for details.