A DFS-based AI security auditor for Solidity. The lead auditor reads code, builds a structured context map, extracts value-flow call paths, then delegates each path to a hunt agent for line-by-line depth-first analysis. Findings are merged, deduplicated, and validated.

Pipeline

1. Reconnaissance — discover .sol files, resolve skill references, create temp dir
2. Context & Analysis — subagent builds context map + threat model + agent allocation plan
3. Delegated Hunting — parallel hunt agents do DFS on assigned call paths
4. Merge & Dedup — deduplicate findings, assess coverage against entry point census
5. Adversarial [deep] — falsifier agent challenges every finding with source verification
6. Report — severity-ranked findings + honest coverage summary

Design Philosophy

• Coverage, not constraint — The primary job is structural: build a context map of every entry point, every state variable, every value flow. An agent that never reads a function cannot find a bug in it.
• Domain knowledge as a reference, not a script — The checklist is a curated set of Solidity vulnerability patterns that agents consult when they encounter matching code.
• Validation as discipline — Every finding passes a 3-gate false-positive check + 6D adversarial scoring.

Track Record

$21K earned on Immunefi

Install

# Tell Claude Code:
Install skill https://github.com/DarkNavySecurity/web3-skills/

Usage

# Scan the full repo
/contract-auditor

# Deep: adds adversarial falsifier after merge
/contract-auditor deep

# Review specific file(s)
/contract-auditor src/Vault.sol