Sentinel Agent: Autonomous Smart Contract Auditor

🛡️ Sentinel Agent: Autonomous Smart Contract Auditor

💡 Inspiration

Smart contract vulnerabilities like re-entrancy have led to billions in lost funds. Traditional static analysis tools find bugs but don't prove them, and manual auditing is slow. We wanted to build a "self-healing" security agent that doesn't just find a bug—it proves it with an exploit and fixes it automatically.

🧠 How We Built It

Sentinel Agent is powered by Gemini 1.5 Pro. We utilized its high-reasoning capabilities to create a "Reasoning Engine" that follows a strict 4-phase loop:

1. Analysis: Reading Solidity ASTs to find logical flaws.
2. Exploit Planning**: Writing Hardhat test suites to confirm the vulnerability.
3. Correction: Applying the Check-Effects-Interactions pattern to the code.
4. Verification: Re-running tests to ensure the fix works and no regressions were introduced.

The backend uses Node.js and Express to stream the agent's internal monologue via Server-Sent Events (SSE) to a React dashboard.

🔒 Thought Signatures

A unique challenge was ensuring the agent didn't "hallucinate" a fix. We implemented Thought Signatures—cryptographically simulated state markers. The agent must generate a unique signature after a successful exploit to "unlock" the authority to modify the contract code.

🚀 Challenges We Faced

• Real-time Streaming: Managing long-running Hardhat processes while keeping the UI updated via SSE.
• Environment Stability: Ensuring the agent could safely modify files in a sandbox environment on Render without crashing the server.

📚 What We Learned

We learned that LLMs are significantly more effective at security tasks when given a "chain-of-thought" framework that requires them to prove their findings through executable code before suggesting a solution.

Built With

• css
• ethers.js
• express.js
• gemini
• hardhat
• node.js
• react
• render
• solidity
• tailwind
• vercel