The first wave of AI-based smart contract auditing tools was a mistake. Large language models, prompted with a Solidity contract and asked to find vulnerabilities, produce plausible-sounding reports that routinely hallucinate issues that do not exist and miss issues that do. For protocols holding real money, that is not an audit — that is a liability dressed up in markdown.
Our approach starts from the opposite direction: push the audit logic into deterministic primitives wherever possible, use language models only where genuine judgment is required, and ground every judgment-layer call in a curated knowledge graph of real vulnerabilities and real fixes. The result is a system that produces reproducible findings with clear citations — the kind you can hand to a security committee without a disclaimer.
Why LLM-Only Auditing Fails
A language model asked to find reentrancy in a contract does not actually run a control-flow analysis. It pattern-matches against examples in its training data and generates prose that describes what it thinks might be happening. Sometimes it is right. Often it is confidently wrong. And because it is probabilistic, the same contract analyzed twice can produce different findings — which is disqualifying for a security workflow that needs to be defensible.
The second failure mode is that LLMs optimize for plausible language, not truthful language. When they hallucinate a vulnerability, the hallucination is often structurally convincing: references to CEI, invocations of the Checks-Effects-Interactions pattern, pseudocode that looks correct. A reviewer without deep expertise accepts the finding. A reviewer with deep expertise spends an hour proving it is wrong. Either way the tool has cost you time without producing value.
How We Approach Smart Contract Audit
We built deterministic auditor modules for the vulnerability classes where the analysis can actually be structural — reentrancy patterns, access control modifiers, arithmetic overflow checks, state variable exposure, external call ordering. These modules produce an answer in milliseconds with zero probability of hallucination, because they are not guessing. They are walking the contract and checking against a rule.
For the deeper judgment calls — economic exploits, oracle manipulation, novel attack compositions — we use a local language model grounded in a curated knowledge graph of real audit findings, real exploits, and real remediations. Every judgment the model makes is anchored in cited prior art the reviewer can follow. Nothing is invented from whole cloth.
Capabilities
- Reentrancy auditor. Deterministic analysis of external call ordering and state-variable handling across functions. Flags classic and cross-function reentrancy patterns with the specific call trace.
- Access control auditor. Enumeration of privileged functions, modifiers, and role-based access patterns. Flags missing checks, stale modifiers, and inherited-role exposures.
- Arithmetic and overflow auditor. Deterministic analysis of arithmetic operations against Solidity version semantics, with explicit handling of unchecked blocks and SafeMath patterns.
- State exposure and storage layout checks. Automatic verification of visibility modifiers, storage slot collisions, and upgrade-safety invariants for proxy patterns.
- Grounded deep-audit reasoning. Judgment-layer analysis for economic exploits, oracle patterns, and complex multi-contract interactions, grounded in a curated audit knowledge graph so every finding has citations.
- Reproducible audit reports. Every run against the same contract produces the same findings. Rerun the audit a month later and the output is diffable against the previous version.
Who We Build For
We are a fit for protocol teams, DAOs, and security shops that need audit tooling that (a) is honest about what it can and cannot prove, (b) produces reproducible outputs a reviewer can trust, and (c) scales to continuous pre-deployment checks rather than one-shot reviews. We are not a replacement for a human auditor on a first-deployment review of a novel protocol. We are a force multiplier for the continuous auditing work that should be happening between human reviews — regression checks on every commit, diff audits on every upgrade, continuous monitoring on every deployed contract.
The honest framing: Our auditors are rigorous on the vulnerability classes they cover and explicit about the ones they do not. We would rather tell you "we do not audit for this" than hallucinate a finding for it. That is a different product from the LLM-based contract auditors currently on the market, and it is the one we think the space actually needs.
Engagement Model
We typically start with a sample contract from the customer's deployment pipeline and run the audit swarm against it to demonstrate the output shape and the specific findings. From there, engagements range from one-shot contract audits to continuous integration pipelines that run the audit swarm on every PR and produce diff-reports against the prior commit. All of it runs on infrastructure the customer controls.
If you run security for a protocol or are tired of LLM-based audit reports you cannot hand to anyone, we would like to walk you through how our swarm would look on your contracts.
Auditing a protocol?
We walk security leads, protocol engineers, and auditors through how a deterministic-first audit swarm handles real Solidity contracts.
Start a Conversation