vulhunters

people respects when AI inspects

Comment

VulnHunters - AI-Powered Smart Contract Security Auditing

Inspiration

My journey into blockchain security started unexpectedly. As an AI engineer at my company, I had always been curious about blockchain technology, but it remained on the sidelines—until our development team started working on an MEV (Maximal Extractable Value) bot. The complexity and elegance of the project fascinated me, so I approached our CTO and asked to join the initiative.

What followed was an intense learning phase. I dove deep into blockchain fundamentals: how nodes operate, what smart contracts really are, the intricacies of slippage, and the dark art of MEV extraction. I'm grateful to my talented colleagues and the brilliant minds behind articles from Solid Quant and the legendary "Dark Forest" series—they were my guides through this complex landscape.

While we didn't complete the full MEV bot, I learned something far more valuable: I discovered a massive problem hiding in plain sight.

At my company, whenever we needed smart contract audits, we sent them to manual auditors. The process was slow, expensive, and created bottlenecks. Having seen how intelligent modern LLMs had become—especially with Gemini's powerful capabilities and generous free tier—a question struck me:

"What if we could automate security auditing using AI?"

The DeFi industry loses $3.8 billion annually to security breaches. Manual audits take 6-12 weeks and cost thousands of dollars. There simply aren't enough skilled auditors to protect the thousands of protocols being deployed. That's when VulnHunters was born—a mission to democratize blockchain security through AI automation.

What it does

VulnHunters is an AI-powered autonomous security auditor that finds and proves vulnerabilities in smart contracts, powered by Google's Gemini.

Here's what sets us apart from traditional tools:

  1. Automated Code Understanding: Gemini reads and comprehends complex Solidity contracts, mapping function relationships across multiple files
  2. Historical Pattern Matching: We leverage a database of 670+ real-world exploits from DeFiHackLabs to identify vulnerability patterns
  3. Exploit Generation: The AI doesn't just flag warnings—it writes actual Proof-of-Concept (PoC) exploits in Solidity/Foundry
  4. Validation on Testnet: Every exploit is tested on forked blockchain environments to prove it genuinely works
  5. Comprehensive Reporting: Final reports show only validated, exploitable vulnerabilities with working PoCs

Instead of giving developers a list of possible issues (90% false positives), we provide proven exploits they can immediately fix.

How i built it

VulnHunters is built as a multi-agent AI system orchestrated through a CLI, powered entirely by Google Gemini models:

Architecture

┌─────────────────┐
│   User CLI      │
└────────┬────────┘
         │
    ┌────▼─────────────────────────────────┐
    │  VulnHunters Orchestrator            │
    └────┬─────────────────────────────────┘
         │
    ┌────▼──────────────────────────────────┐
    │  Gemini-Powered Agent Pipeline        │
    │  ┌─────────────────────────────────┐  │
    │  │ 1. Protocol Analyzer Agent      │  │
    │  │    (Gemini 3 pro )           │  │
    │  └──────────────┬──────────────────┘  │
    │                 │                      │
    │  ┌──────────────▼──────────────────┐  │
    │  │ 2. Contract Mapping Agent       │  │
    │  │    (Gemini 3 pro )           │  │
    │  │    - Reads scope files          │  │
    │  │    - Maps function dependencies │  │
    │  └──────────────┬──────────────────┘  │
    │                 │                      │
    │  ┌──────────────▼──────────────────┐  │
    │  │ 3. Vulnerability Detection      │  │
    │  │    (Gemini 3 Pro)             │  │
    │  │    - Pattern matching           │  │
    │  │    - Slither integration        │  │
    │  └──────────────┬──────────────────┘  │
    │                 │                      │
    │  ┌──────────────▼──────────────────┐  │
    │  │ 4. Exploit Generation Agent     │  │
    │  │    (Gemini 3 Pro)             │  │
    │  │    - Writes Foundry PoCs        │  │
    │  └──────────────┬──────────────────┘  │
    └─────────────────┼─────────────────────┘
                      │
         ┌────────────▼────────────┐
         │  Anvil Testnet Fork     │
         │  (Validation Engine)    │
         └─────────────────────────┘

Technology Stack

  • AI Engine: Google Gemini API (3 Pro for complex reasoning)
  • Language: Python 3.11+
  • Smart Contract Analysis: Slither, Foundry
  • Blockchain Simulation: Anvil (Foundry's local testnet)

The Workflow

  1. Input: Developer provides protocol via CLI with scope file
  2. Scope Analysis: Gemini reads the scope file to identify target contracts
  3. Deep Code Scan: For each contract file:
    • Gemini analyzes code structure
    • Maps all function calls across imported files
    • Builds a dependency graph
  4. Static Analysis: Slither generates preliminary warning report
  5. AI Vulnerability Detection: Gemini cross-references:
    • Slither warnings
    • Code patterns
    • 670+ historical exploit templates
  6. Exploit Generation: Gemini writes working Foundry test PoCs
  7. Validation: Each PoC runs on Anvil fork:
    • If funds extracted → Confirmed vulnerability
    • If exploit fails → Discarded (false positive)
  8. Report: JSON/Markdown report with only validated exploits

Key Innovation: Multi-File Context Understanding

The hardest problem in smart contract auditing is understanding how functions interact across multiple imported contracts. I used Gemini's large context window (up to 2M tokens) to feed entire protocol codebases into a single prompt, enabling true cross-file reasoning.

Challenges i ran into

1. API Rate Limits (The Biggest Challenge)

This was the primary obstacle during development:

  • RPM (Requests Per Minute): Gemini free tier limits rapid-fire requests
  • RPD (Requests Per Day): Hit daily quotas when scanning large protocols
  • Token Limits: Some protocols have hundreds of files requiring careful batching

Impact: Full protocol scans would fail midway, forcing me to implement:

  • Intelligent request queuing
  • Exponential backoff retry logic
  • Smart caching to avoid re-analyzing unchanged files
  • Batch processing strategies

2. Gemini Context Retention Across Multi-Turn Conversations

When scanning 10+ contract files, maintaining conversation context between agents became tricky. I had to design a state management system to ensure Gemini remembered earlier findings.

3. Exploit Code Generation Reliability

LLMs can hallucinate. Getting Gemini to generate syntactically correct and logically sound Foundry tests required:

  • Extensive prompt engineering
  • Few-shot examples from real DeFiHackLabs exploits
  • Iterative refinement loops (generate → compile → fix → retry)

4. Blockchain Fork State Management

Running multiple exploit tests in parallel on Anvil forks required careful orchestration to prevent state pollution between tests.

5. False Positive Filtering

Even with validation, some "successful" exploits extracted negligible amounts (e.g., $0.0001 due to rounding). I implemented profit threshold checks to filter noise.

Accomplishments that i am proud of

🎯 Technical Achievements

  1. Built a Full Autonomous Auditing Pipeline: From raw Solidity code to validated exploits—completely automated
  2. Leveraged Gemini's Strengths: Utilized Flash for speed and Pro for deep reasoning, optimizing cost vs. performance
  3. Real Exploit Validation: Unlike static analyzers that spam false warnings, we will prove vulnerabilities work
  4. 670+ Exploit Knowledge Base: Curated and structured real-world hacks as training data

🚀 Personal Growth

Learning blockchain security alongside my AI engineering background has been transformative:

  • Cross-Domain Expertise: Bridging AI/ML and blockchain security—two cutting-edge fields
  • Community Connections: Meeting brilliant minds in the Web3 security community taught me more than any course could
  • Problem-Solving at Scale: Tackling rate limits, context management, and code generation forced me to think creatively

The fact that I went from "curious about an MEV bot" to "building production-ready AI auditors" in a few months feels surreal.

💡 Validation

  • Successfully detected known vulnerabilities in test contracts from DeFiHackLabs
  • Generated working PoCs for reentrancy, price manipulation, and access control bugs
  • Received positive feedback from peers in the blockchain security space

What I learned

Technical Lessons

  1. Prompt Engineering is an Art: Getting Gemini to produce production-quality exploit code required hundreds of iterations
  2. Context Window Management: With Gemini's massive context limits, the challenge shifted from "fitting data" to "structuring it clearly"
  3. LLMs Need Validation Loops: Generative AI excels at pattern recognition but needs programmatic checks (compilation, testing) to ensure output correctness
  4. Rate Limits Demand Architectural Thinking: Building retry logic, caching, and queue systems taught me to design resilient distributed systems

Domain Knowledge

  • Smart Contract Attack Vectors: Deep understanding of reentrancy, flashloan attacks, oracle manipulation, access control flaws
  • Foundry/Hardhat Testing: Writing comprehensive test harnesses for exploit validation
  • DeFi Protocol Mechanics: How AMMs, lending protocols, and yield farms work under the hood

Mindset Shifts

  • AI Augments, Doesn't Replace: VulnHunters doesn't eliminate human auditors—it makes them 10x more efficient by handling grunt work
  • Community Over Competition: The Web3 security community freely shares knowledge (Dark Forest articles, DeFiHackLabs)—collaboration accelerates everyone
  • Solve Pain Points You Experience: I built this because my company needed faster audits—the best products come from personal frustration

What's next for VulnHunters

Immediate Roadmap (Next 3 Months)

  1. Scale with Gemini Enterprise: Apply for higher API tiers to handle large protocols
  2. Continuous Monitoring: Transform from one-time audits to real-time monitoring (scan every commit)
  3. Web UI + Dashboard: Build a user-friendly interface beyond the CLI
  4. Integration with GitHub Actions: Auto-audit on every pull request

Medium-Term (6-12 Months)

  1. Expand Knowledge Base: Grow from 670 to 2,000+ historical exploits
  2. Multi-Chain Support: Currently Ethereum-focused; expand to Solana, Cosmos, etc.
  3. Custom Vulnerability Training: Let users teach VulnHunters protocol-specific risks
  4. API for Security Firms: White-label solution for audit companies

Long-Term Vision

Our mission: Make Web3 security accessible to every developer.

  • Funding Round: Applying to VCs and accelerator.
  • Enterprise Licenses: Partner with top audit firms like Trail of Bits, OpenZeppelin
  • Decentralized Bug Bounty Platform: Let VulnHunters auto-submit findings to Immunefi/HackenProof
  • Open-Source Core Engine: Community-driven vulnerability pattern contributions

Technical Improvements

  • Multi-Model Ensemble: Combine Gemini + Claude + GPT-4 for consensus-based detection
  • Formal Verification Integration: Enhance AI findings with mathematical proofs
  • Gas Optimization Suggestions: Beyond security, optimize contract efficiency

Why Gemini?

Gemini's multimodal capabilities, massive context windows, and speed made this possible.

  • 2M token context: Fit entire protocols in one prompt
  • Speed: Flash model analyzes contracts in seconds
  • Reasoning: Pro model generates logically sound exploits
  • Free tier: Let me experiment and iterate rapidly during development

Without Gemini, VulnHunters wouldn't exist. This hackathon project is just the beginning what i am building the future of autonomous blockchain security.

Team: Solo developer (for now—hiring soon!)

"In Web3, code is law. With VulnHunters, I want to make sure that law has no loopholes."

Built With

Share this project:

Updates