Scooby

Just like Scooby uncovers hidden mysteries, scooby uncovers hidden vulnerabilities inside your smart contracts before attackers do.

Comment

Inspiration

Smart contract exploits on Solana have drained hundreds of millions of dollars, yet traditional audits remain slow, expensive, and inaccessible to indie builders. I wanted to create something that democratizes security a tool that’s instant, affordable, and verifiable onchain. The idea was inspired by Scooby: uncovering hidden mysteries before attackers do.

What it does

Scooby is an AI powered smart contract auditing platform for Solana. Developers connect their Phantom wallet, submit Anchor/Rust code, pay a small fee, and receive an instant vulnerability report. If the contract passes the safety threshold, Scooby mints a permanent, verifiable on-chain audit badge proof of security that anyone can check.

How we built it

  • Frontend: Vite + Bun + React + Tailwind CSS for a fast, clean UI
  • Backend: Bun & Express, handling fee verification and AI analysis
  • Blockchain: Anchor smart contract on Solana Devnet, enforcing payments and minting attestations
  • Database: NeonDB (PostgreSQL) for storing profiles and reports
  • AI: Google Gemini (with Claude as fallback), prompted for 13 Solana specific vulnerability categories
  • Wallet Integration: Phantom wallet adapter for identity and transaction signing

Challenges we ran into

  • Prompt engineering for Solana-specific vulnerabilities generic AI models missed critical issues like PDA seed collisions
  • Ensuring atomic fee collection and profile updates onchain
  • Designing a workflow that feels frictionless while still enforcing strict security guarantees
  • Debugging Anchor deployment and PDA derivations during contract testing

Accomplishments that we're proud of

  • Built a fully functional end-to-end pipeline: wallet connect → fee payment → AI audit → on-chain badge
  • Achieved instant audit turnaround (~30 seconds) compared to weeks with traditional firms
  • Created immutable, composable audit records stored on-chain
  • Made security accessible to hackathon teams and indie builders at just 0.008 SOL per audit

What we learned

  • Solana’s account model and Anchor constraints require specialized security checks beyond generic tools
  • AI can be highly effective when carefully prompted for domain-specific vulnerabilities
  • On-chain attestations are powerful they transform audits from private PDFs into public, composable trust signals
  • Building wallet-native flows dramatically reduces friction compared to traditional account systems

What's next for Scooby

  • Deploy to Solana mainnet
  • Expand vulnerability dataset and benchmarking
  • Add Claude as a primary AI provider for diversity
  • Launch a public audit registry and verification explorer
  • Build an on-chain reputation leaderboard for developers
  • Introduce an enterprise tier with human review layered on top of AI
  • Explore an arbitration DAO for disputed audits

Built With

  • anchor
  • solana
  • vite
Share this project:

Updates