rashmor

🧵/1 There are already multiple free AI auditors for smart contracts But there are almost none focused on blockchain / DLT systems themselves: clients, consensus, execution, bridges, mempools, state sync, resource accounting, and protocol logic. I spent 7 weeks worth of ChatGPT Pro 20x tokens building DLT Auditor v1 Now I’m sharing it for free: https://t.co/905WCfCBvc

🧵/6 This is only v1. There is still a lot of work to do, and a lot of room for improvement: better designs, bigger corpus coverage, stronger validation, more target classes, and better reporting. But I think this direction matters. Wait for DLT Auditor v2. Let’s raise the security bar for DLT projects and make this space safer together

🧵/5 The designs are not generic prompts. Each one starts from a default audit design and is trained into a specialized prompt pack against a specific audit competition or target class. The AI runs the design, compares its output with confirmed findings, studies what it missed, and refines the prompts. That loop repeats until the design can find all, or almost all, of the confirmed findings.

A different way of exploring the codebase, not a better checklist. The results were inconclusive — it performed roughly in line with some other AI auditors. Some did better, some worse, but bug coverage wasn’t really the goal here, so it’s hard to measure this approach in a traditional way.

Have you tested any hybrid open+closed setups? Not really — I do not have access to closed-source ones. The closest I’ve seen was Majeur (https://t.co/nnDYgxVW7N), but unfortunately the agents there were run on different versions of the codebase: one agent ran, issues were found and fixed, then the next agents ran, and so on. Because of that, it is hard to build a fair comparison table of which auditor found what. Or seen protocols combine multiple OSS auditors like you suggest in your thread? No, and that makes sense to me. Teams write the protocol, run AI agents over it, fix the issues those agents find, and then proceed to a real human audit. Since that is routine internal workflow, it would be unusual for teams to make that process public.

8/🧵 That’s exactly why I think open-source AI auditors complement each other — kinda like an audit contest. Different tools catch different things, and together they make protocols safer. This release is just that: not a silver bullet, just one more useful lens. https://t.co/rXsBl3boO7