Agentic Security Auditor v2.0

Agentic Security Auditor v2.0 Problem Smart contract vulnerabilities cost the DeFi industry billions annually. Manual security audits are expensive ($10K–$100K per contract) and slow (weeks). Existing automated tools lack depth — they flag patterns but miss subtle business logic flaws. Solution Agentic Security Auditor v2.0 uses Google ADK to orchestrate a 5-agent pipeline: ScannerAgent — Fetches contract source from Etherscan API V2 (6 chains) StaticAnalyzer — Runs Slither control-flow + pattern matching AIReviewerAgent — Deep Gemini-powered reasoning audit ReportAgent — Generates Immunefi-grade professional reports CoordinatorAgent — Orchestrates the pipeline end-to-end Why 5 Agents? Traditional security tools use a single-pass approach — either pure static analysis (Slither) or pure AI reasoning (GPT-4). Both have critical blind spots: Static analyzers catch known patterns but miss novel attack vectors Single AI agents hallucinate on complex multi-step exploits Our 5-Agent ADK pipeline solves this by specialization + cross-verification. Each agent does one thing exceptionally well, and the Coordinator ensures the whole pipeline is greater than the sum of its parts. Stage Agent Role 1 ScannerAgent Fetch & normalize contract data 2 StaticAnalyzer Deterministic pattern matching 3 AIReviewerAgent Deep reasoning & novel detection 4 ReportAgent Structured output generation 5 CoordinatorAgent Orchestration & quality control Prior Work Disclosure This submission reuses pre-existing infrastructure components from an earlier v1.0 security-auditing prototype. These components are disclosed as supporting utilities, not claimed as hackathon-created work: Component Status Notes Etherscan API retrieval Reused Pre-existing data-source utility Slither static analysis Reused Pre-existing tool wrapper OpenRouter model access Reused Pre-existing model-access layer Hackathon-Created Work (Built during May 5–6, 2026) The following components were newly created during the Google Cloud Rapid Agent Hackathon: Google ADK multi-agent orchestration layer — New Coordinator + 4 specialized agents Vertex AI / Gemini backend integration — Migrated from OpenRouter to Google Cloud-native AI Cloud Run deployment path — Containerized cloud-native deployment v2 API workflow — RESTful endpoints for the ADK pipeline Complete documentation & validation package — README, CI/CD, acceptance report Commit evidence: github.com/yuzengbaao/agentic-security-auditor/commits Key Features ✅ Real vulnerability detection — Verified against reentrancy, access control flaws ✅ Multi-chain support — Ethereum, Base, BSC, Polygon, Arbitrum, Optimism ✅ Professional reports — Severity scoring, evidence, fix code, SWC references ✅ Cloud-native — Deployed on Google Cloud Run with auto-scaling ✅ ADK-native — Built entirely with Google Agent Development Kit How We Built It Framework: Google ADK v1.32 with Vertex AI Gemini 2.5 Flash (hackathon choice) Static Analysis: Slither 0.11.5 (Trail of Bits) (reused infrastructure) Blockchain: Etherscan API V2 (reused infrastructure) Deployment: Google Cloud Run (us-central1) (hackathon-created) Language: Python 3.10 MCP Integration: Etherscan, Slither, OpenRouter as MCP tools Challenges Vertex AI SDK migration (old vertexai → new google.genai) ADK Session management for multi-turn agent pipelines Headless browser limitations for social platform interactions Accomplishments 🎯 3 Gate validation: Gemini API ✅ | ADK Agent ✅ | Cloud Run ✅ 🎯 Real vulnerability detection: Critical Reentrancy + High Access Control 🎯 Production deployment: Live Cloud Run endpoint serving requests What's Next ADK Studio integration for visual agent orchestration Agent Garden blueprint for community reuse Real-time blockchain monitoring agent Links 🔗 GitHub: https://github.com/yuzengbaao/agentic-security-auditor-v2 🎥 Video Demo: youtu.be/0Vwf5bO0L0g 🌐 Live App: agentic-security-auditor-270892092095.us-central1.run.app

Built With

• cloud
• etherscan
• gemini
• google-adk
• google-cloud-run
• python
• slither
• vertex-ai