Chain-Fox

To better understand the current Solana security ecosystem, We tested Fender, Eloizer, and X-Ray on over 200 real Anchor bugs. The report is here: https://t.co/DVgz0YqqGb Here’s what we saw: Fender catches almost everything with very high recall. X-Ray gives cleaner output but misses quite a few bugs. Eloizer lands somewhere in between. But in real projects, precision drops to about 6%. That means you need to look at 10 to 15 alerts to find one real issue. So a practical workflow right now: Run Fender, apply some filtering, then manually review. It’s still early. Tools are getting better quickly. We’re not done. We are testing other tools esp LLM-based ones.

I think this is real progress for Solana security. Respect to the researchers from Germany. https://t.co/gYlmgxVbbr The ability to analyze deployed contracts without requiring source code makes the approach actually usable in practice. Symbolic execution is powerful for uncovering low-level bugs, but business logic vulnerabilities remain difficult to detect. The next step is clear: combining code-level analysis with intent-based LLM reasoning.

Our approach is different: start small and collect real-world signals. For the past week, an OpenClaw instance has been running 24/7, using cron jobs to continuously collect public information and build a real-world Solana security dataset. Every command we issue improves the pipeline: Program discovery -> Data collection -> Automated analysis

Those who are engaging web3 security should read the two articles by MagicGrants and Kleros. Takeaway: AI can flag “bugs” that aren’t bugs, while tools miss real issues. Neither alone meets our auditing needs. Chain-Fox leverages verification to get the best of both worlds: AI and expert tools. https://t.co/SKGMTCk7cZ https://t.co/PKArM5GEhf

To test the ability of agentic checkers, I tried running old Sealevel-Attacks demos on Anchor 0.32.1 in a restricted network. Biggest headaches: 1. Downloads often fail: had to manually download and fix. 2. Old demos incompatible with new Anchor Forked the project, fixing compatibility with Anchor 0.32. Will upstream once stable. https://t.co/xNg6SIVUio

While researching open-source rug-pull detectors, I found something worrying. Some don’t work. Some are outright malicious. hippo7598/rug-pull-detector Looks professional. README is clean. At first glance, no obvious issue. But check the raw file: https://t.co/XklDN0xBCf You’ll find: Obfuscated bytecode Encrypted payload exec() on decrypted content That’s NOT how security tools are written. The byte-encoded payload expands to: ``` os.system('pip install cryptography') os.system('pip install requests') os.system('pip install fernet') import requests from fernet import Fernet exec(Fernet(b'<key>').decrypt(b'<encrypted_payload>')) ``` Because the decrypted payload is executed directly: Arbitrary code execution is possible Credential theft is possible Wallet key exfiltration is possible The impact surface is unbounded. Use a trustworthy tool in Chain-Fox. The rug-pull tool testing will be online in hours.

WARNING: MALICIOUS CODE FOUND INSIDE 🦂https://t.co/A2g5iU2Acx A reminder: malicious code often disguises itself as “security tools.” Be careful what you run. This is exactly why we’re building Chain-Fox: Open logic. Auditable code. No hidden execution. Our rug-pull inner test will be online soon. No fear of malicious detectors. Stay safe.

Chain-Fox is being built with a long-term view. We’re focusing on designing security systems that reflect how real Web3 risks evolve, not just running surface-level checks. Some phases take more groundwork than visibility. Updates will be shared when there’s something concrete to show.

Chain-Fox is moving beyond code-only audits. Most Web3 exploits don’t start with a single contract bug. They start with behavior, fake sites, and gradual risk signals. That’s why our roadmap now focuses on agent-based risk analysis: • Rug pull detection • Web3 website risk checks • Skill-based contract auditing • Continuous signals, not yes/no labels Full roadmap is live and development is underway.