EthAudit Pro

EthAudit Pro finds and fixes smart contract security vulnerabilities. Get an instant audit, select fixes, and generate a secure, patched contract in seconds. Deploy with confidence.

Comment

EthAudit Pro

Inspiration


During Soham's time building smart contracts in college, he realized how fragile blockchain security can be. A single overlooked vulnerability can cost users millions — and since deployed contracts are often immutable, prevention is everything. He wanted to explore how modern AI could make that process more accessible and automated. The hackathon was the perfect opportunity to combine his background in smart contract development with cutting-edge GenAI technology to create a practical, developer-friendly auditing assistant.

What It Does


EthAudit Pro is an intelligent, browser-based smart contract auditing tool that simulates a multi-agent workflow. It analyzes Solidity code, identifies vulnerabilities, suggests secure patches, and then — through a human-in-the-loop review — generates a corrected version of the contract based on the selected suggestions.


Users can upload or paste Solidity-based smart contracts, and the app performs a full AI-powered audit using the Google Gemini API. It highlights potential issues, provides structured explanations, and proposes line-specific patches. Developers can review the AI’s suggestions in a visual diff view, selectively apply them, and export the finalized, patched version of their contract.


The goal is to make smart contract auditing faster, safer, and more transparent — all within a single-page app that runs entirely in the browser.

How We Built It


- EthAudit Pro is built as a React + TypeScript single-page application, styled with Tailwind CSS, and designed for simplicity and portability.


- Zero Build Setup: We used an importmap architecture so dependencies like React and @google/genai are fetched directly from CDNs. This removes the need for a bundler or node_modules — simply open the index.html file and run.


- Finite State Machine Flow: A single auditState variable orchestrates the user interface through distinct phases — from idle to analyzing to reporting — creating a guided, predictable audit workflow.


- Gemini API Integration: Uses the Gemini 2.5 Pro model for reasoning over Solidity code.


- A structured JSON schema enforces type-safe and deterministic responses, minimizing AI hallucinations.


- Carefully crafted prompts define the AI’s role as a world-class smart contract security auditor.


- Patch Application Algorithm: Patches are applied from the bottom up to prevent line-index conflicts — a small but crucial detail that ensures accuracy.


- Human-in-the-Loop Design: A clear diff viewer allows developers to manually review and approve every AI suggestion before applying changes.

Challenges We Ran Into


- Strict JSON control: Getting the AI to consistently produce valid, schema-matching JSON required extensive prompt tuning — small wording changes had large effects.


- Patch accuracy: Managing overlapping code edits and preserving line structure demanded a custom patching algorithm.


- No build system constraints: Building a modular React app without a bundler (like Webpack or Vite) required rethinking imports and state management.


- AI hallucinations: Tackling inconsistencies in model output involved multiple strategies, including:

    - Human-in-the-loop verification
    - Enforcing structured JSON responses
    - Detailed and highly specific prompting

Accomplishments That We’re Proud Of


- Built a fully functional, AI-powered auditing tool that runs entirely in the browser — no backend required (leveraging BaaS).


- Integrated Gemini 2.5 Pro using a formally defined JSON schema for reliable, type-safe responses.


- Created a smooth and visual audit workflow with agent-like states, making the process intuitive and user-friendly.


- Designed a “human + AI” feedback loop that feels like a real auditing team — precise, transparent, and developer-centered.

What We Learned


- Prompt engineering is both an art and a science — constraining model behavior with schemas and deterministic parameters is essential for reliability.


- Building without a traditional frontend toolchain can actually improve portability and reproducibility.


- AI can complement human security engineers, but must be grounded with strict output control to avoid risky automation.

What’s Next for EthAudit Pro


- Multi-file auditing: Extend support to handle larger, multi-contract projects.


- Replace Gemini with a smaller language model (SLM): Improve performance and reduce dependency on large APIs.


- AI explanations and learning mode: Add educational insights to help developers understand why each issue matters.


- Integration with GitHub and CI/CD pipelines: Enable automated audits as part of the development workflow.


- Multi-agent simulation: Introduce parallel expert roles (e.g., static analyzer, patch verifier, compliance checker) for deeper, multi-perspective audits.

Built With

Share this project:

Updates