swcregistry.io

What It Is

SWC Registry, short for Smart Contract Weakness Classification, is a weakness taxonomy and test-case catalog for smart contract security. The content lists entries from SWC-100 to SWC-136, covering common issues such as default function visibility, integer overflow/underflow, outdated compilers, reentrancy, unprotected Ether withdrawal, signature replay, weak randomness, DoS, hardcoded gas, and unencrypted private data on-chain. Some entries are also mapped to CWE.

Core Capabilities and Analysis

In terms of protection type, SWC is more of a security knowledge base and vulnerability classification standard than a scanner, WAF, RASP, or on-chain monitoring product. Its value lies in providing security audit and development teams with unified IDs, weakness names, CWE parent relationships, and links to test cases, making it easy to reference in reports, training, and code reviews. As for deployment, the content only appears to be a MkDocs-generated documentation site, with no information about local deployment, a SaaS console, APIs, or CI/CD plugins. Management and alerting capabilities are also not shown, so it cannot provide an operational closed loop after vulnerabilities are discovered.

Pricing and Compliance

The content does not mention commercial pricing, subscriptions, payment methods, or enterprise licensing, and overall it appears to be public reference material. From a compliance perspective, SWC is mapped to CWE, which helps place smart contract weaknesses within a broader software security weakness framework. However, SWC itself is not a compliance certification. The page also clearly states that the content has not been thoroughly updated since 2020, is no longer actively maintained, and may contain errors, incomplete information, and important omissions. The official recommendation is to refer to actively maintained resources such as EEA EthTrust Security Levels, SCSVS, and Smart Contract Security Field Guide.

Pros and Cons

Its strengths are a concise structure, clear numbering, and coverage of many classic Solidity and Ethereum security issues, making it suitable as an audit checklist, training material, and historical vulnerability classification reference. The drawbacks are also obvious: it is not sufficiently maintained and cannot reflect the latest attack surface; it provides no automated detection, risk scoring, alerts, reports, remediation suggestions, or team management features; and its integration capabilities are limited to documentation links and classification references.

Who It’s For and Access from China

It is suitable for smart contract developers, security auditors, and researchers to reference in learning materials and reports, but it is not suitable as the core tool for an enterprise-grade smart contract security governance platform. The content does not provide information about access from China, so network availability and payment methods cannot be assessed. If you need currently maintained alternatives, you should prioritize EEA EthTrust, SCSVS, or Smart Contract Security Field Guide, and use them together with practical audit tools.