I’ve been working on a tool that uses a mix of static analysis techniques and an LLM reasoning layer to analyze Solidity smart contracts. The goal isn’t to replace formal audits, but to make basic security analysis more accessible to individuals and small teams who can’t afford a $20k+ audit every time they deploy a contract.
What it currently does
Parses Solidity contracts and generates a human-readable explanation of each function
ninjafromqueens•2mo ago
I’ve been working on a tool that uses a mix of static analysis techniques and an LLM reasoning layer to analyze Solidity smart contracts. The goal isn’t to replace formal audits, but to make basic security analysis more accessible to individuals and small teams who can’t afford a $20k+ audit every time they deploy a contract.
What it currently does
Parses Solidity contracts and generates a human-readable explanation of each function
Flags potential vulnerabilities (reentrancy, missing access control, unchecked external calls, integer issues, etc.)
Highlights risky or unconventional patterns and explains why they may be unsafe
Suggests possible fixes or safer patterns
Produces a structured audit-style report
Early Hardhat integration (run analysis locally during development)
Why I built it
Most new developers deploying smart contracts are:
Copying code without understanding critical details
Publishing contracts with preventable vulnerabilities
Unable to justify the cost of a full audit for smaller or experimental projects
My hope is that an automated assistant can help:
Catch basic issues before they reach mainnet
Make smart contract security education more accessible
Support professional auditors by giving them a first-pass overview
How it works
A rule-based layer detects known vulnerability patterns
An LLM layer evaluates contract logic, context, and interactions
Outputs are combined into a structured report
No code is uploaded to a public server (local/private deployment is planned)
What I’m looking for
Feedback from people who build smart contracts or work in security is extremely valuable to me right now. Specifically:
What types of vulnerabilities or patterns should be prioritized?
Should it integrate with existing tools like Slither, Mythril, Echidna, or Foundry fuzzing?
What would make this useful in real development workflows?
Is there interest in a CLI version or VS Code extension?
Any concerns about over-reliance on AI for security analysis?
If anyone wants to see the demo version, I can share it privately — I’m not posting links here to avoid violating HN guidelines.
Happy to answer technical questions and open to constructive criticism.