Audit smart contracts
in minutes.

Eight AI agents, verified by Foundry.

8 specialist agentsSlither + Semgrep + FoundryIPFS-pinned reports

Marketplace.sol — audit reportComplete

OVERALL RISK

HIGH

1C1H0M1L0I

Critical

Reentrancy in withdraw flow

Vault.sol · L42

High

Unbounded approval on transfer path

Marketplace.sol · L118

Low

Missing event emission on parameter change

Config.sol · L77

Report.pdfbafybeif…zk4m0xa3…e1f2

THE PIPELINE

Seven stages. Every audit.

Same pipeline, every time. Output is byte-identical across runs — enforced by a determinism harness on every release.

X-Ray

Threat model · invariants

Chunking

Call-graph subgraphs

RAG

Historical vuln corpus

8 Agents

Parallel specialists

Critic

4-gate refutation

Foundry

Counterexamples

Aggregator

Deterministic clustering

Audit-grade rigor, runnable on every push.

THE SPECIALISTS

Eight lenses. One report.

Each agent reasons over your code with a different threat model. A critic refutes the noise. Foundry confirms the rest.

FirstPrinciples

Novel attack patterns the others miss — fresh review against the pashov taxonomy.

Novel surfacesFresh eyes

VectorScan

Known vulnerability patterns: reentrancy, unchecked calls, CEI, RNG.

ReentrancyCEI

MathPrecision

Overflow, precision loss, division order, rounding.

OverflowRounding

AccessControl

Missing modifiers, tx.origin, privilege escalation paths.

PrivilegeModifiers

EconomicSecurity

Oracle manipulation, flash loans, AMM invariants, MEV.

OracleMEV

ExecutionTrace

External-call flow, return-value handling, callbacks.

Call flowCallbacks

Invariant

Threat-model violations and protocol invariants.

InvariantsThreat model

Periphery

Library and interface misuse, ERC conformance.

ERCLibraries

A SAMPLE FINDING

Findings you can act on.
Proofs you can verify.

Every Critical or High finding ships with a Foundry test that proves the bug — and a counterexample showing the exact transaction sequence that breaks your invariants.

CriticalFoundry-verifiedF-001

Reentrancy in withdraw() allows fund drainage

Vault.sol · L42 → L48

The external call in withdraw()is executed before the user's balance is decremented. A malicious contract can re-enter withdraw() inside its receive() hook and drain the vault.

ATTACK STEPS

1Attacker deposits 1 ETH into the vault
2Attacker calls withdraw() from a malicious contract
3Vault sends ETH; attacker's receive() re-enters withdraw()
4Loop drains every other depositor's balance to zero

RECOMMENDED FIX

Apply the checks-effects-interactions pattern: decrement balances[msg.sender] before the external .call, or wrap the function with OpenZeppelin's nonReentrant modifier.

Vulnerable codeVault.sol

function withdraw(uint256 amount) external {
  require(balances[msg.sender] >= amount, "low");

  // ⚠️ external call before state update
  (bool ok, ) = msg.sender.call{value: amount}("");
  require(ok, "transfer failed");

  balances[msg.sender] -= amount;
}

Auto-generated Foundry testinvariant_no_drain

function invariant_no_drain() public {
  uint256 totalBalances = 0;
  for (uint i = 0; i < users.length; i++) {
    totalBalances += vault.balances(users[i]);
  }
  assertLe(totalBalances, address(vault).balance);
}

Counterexample — forge test outputrun #1

[FAIL] invariant_no_drain
  Counterexample:
    sender:    0xa11ce
    sequence:  [
      vault.deposit{value: 1 ether}(),
      attacker.attack(),     // re-enters withdraw
    ]
    invariant_no_drain():  totalBalances=1e18 > vault.balance=0

THREE GUARANTEES

What other audits don't give you.

On-chain escrow

Refunded automatically if anything fails.

Your ETH is held in a smart contract until the audit is delivered. Failed audits trigger an on-chain refund — no support tickets, no waiting.

wallet

escrow

audit

Foundry-verified

Bugs come with a counterexample.

Critical findings ship with a Foundry test that executes the exploit against your own code. Not a theory — a reproducible failure.

$ forge test --match invariant_no_drain

[FAIL] invariant_no_drain

counterexample: vault.deposit + reenter

result: balance > vault.balance

IPFS-pinned

A permanent, verifiable artifact.

Reports are pinned to IPFS and signed. Your audit lives on the network — show it to investors, partners, or your users.

ipfs://bafybeigd...kkk7z

signed0xa3...e1f2

Refunded automatically on failure

Audit your next contract
before lunch.

Eight specialist agents, Foundry-verified findings, and a signed report you can take to production.

Audit smart contractsin minutes.