How it works
Detectors & Corpus
16 custom Slither detectors plus a 98-pattern exploit corpus — the layer a generic Slither wrapper doesn’t have.
Custom detectors
| Group | Detectors |
|---|---|
| Agent-context | agent-reentrancy · agent-callback-loop |
| Mantle-specific | arsia-anti-patterns · calldata-bloat · l1block-unchecked-read · operator-fee-outlier |
| Exploit patterns | single-dvn-verifier · donation-attack · init-unprotected · oracle-no-staleness · proxy-storage-collision · approval-abuse-arbitrary-call · signature-replay-bypass · amm-spot-oracle-dependency · vault-share-rounding |
| Meta | corpus-match |
Agent-context detectors are net-new IP for ERC-8004 contract patterns. The exploit-pattern detectors each encode a real incident — KelpDAO/LayerZero DVN ($292M), Euler donation ($197M), Nomad init ($190M), and more.
The corpus
- →98 vetted exploits, $7.1B in documented losses, 13 chains, 2020–2026.
- →Regenerated from raw research dumps by
build_corpus.py— the moat stays current cheaply. - →Matched by TF-IDF cosine similarity (Jaccard fallback) with a vulnerability-class boost and a detection-difficulty downgrade, surfacing the threat actor + linked incident.
The demo line: “your code is 84% similar to the $292M KelpDAO drain — linked to Radiant Capital, DPRK Citrine Sleet cluster.” That’s memory of every major exploit since 2020, not generic LLM output.
Reproducible
The benchmark suite runs the detectors + corpus (no LLM) against known-vulnerable and clean fixtures: precision 100%, recall 100%, F1 1.00.