Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.supermisson.fun/llms.txt

Use this file to discover all available pages before exploring further.

Contract audit

The Contract Audit agent analyzes smart contracts for vulnerabilities, access control issues, and security best practices. Available in the DeFAI chat and as a dedicated page at /security with auto-payment enabled.

How to use

From DeFAI (/defai or /chat):
  • Select the Contract Audit agent
  • "Audit this contract: 0x..."
  • "Check for reentrancy vulnerabilities in this token contract"
  • "Is this contract safe to interact with?"
From Security page (/security):
  • Dedicated interface hardcoded to the audit agent
  • Prompt cards on load: “Audit a contract by address”, “Check for vulnerabilities”, “Gas optimization review”, “OpenZeppelin compliance”
  • Auto-payment — payments execute silently without prompting (via useAutoPayment() hook)
  • Deep audit toggle — checkbox that appends [deep-audit] flag for extended analysis

Result panel: ContractAuditResultPanel

Risk score gauge

A circular score gauge (0-100) with color coding:
  • 0-25: Low risk (green)
  • 25-50: Medium risk (amber)
  • 50-75: High risk (orange)
  • 75-100: Critical risk (red)
Overall risk level banner below the gauge: SAFE, CAUTION, WARNING, or AVOID.

Findings

Each finding is a severity-coded card:
SeverityColorDescription
CRITICALRed with glowExploitable vulnerabilities, fund loss risk
HIGHOrangeSignificant security concerns
MEDIUMAmberModerate issues that should be addressed
LOWBlue/skyMinor issues, best practice violations
INFOSlate/grayInformational notes, no security impact
Each finding card contains:
  • Title — concise description of the issue
  • Description — detailed explanation
  • Code snippet — relevant code with line numbers (syntax highlighted)
  • Recommendation — how to fix the issue

Recommendations section

Overall recommendations for the contract: SAFE (green), CAUTION (amber), WARNING (orange), AVOID (red).

AI report

Collapsible markdown section with the full AI-generated analysis narrative.

Deep audit

When the deep audit toggle is enabled (or [deep-audit] is appended to the message), the system runs an extended analysis:
  • Nemesis analysis — advanced vulnerability detection framework
  • Pashov analysis — specialized audit methodology
The UI shows a loading message: “Running Deep Audit (Nemesis + Pashov)…” while the extended analysis runs. Results include all standard findings plus the deep analysis results.

Security page specifics

The /security page wraps the same chat infrastructure with:
  • Hardcoded agent: Contract Audit (contract-audit)
  • Auto-payment: useAutoPayment() hook intercepts param_request and x402_payment_required actions, handling them automatically without user interaction
  • Sidebar: Full session management (ChatSidebar) for saving audit history
  • Greeting injection: Welcome message on new sessions
  • Scroll-down arrow: Mobile optimization for navigating long audit results
AI-powered audits are a supplement to, not a replacement for, professional security audits. For contracts handling significant value, always commission a formal audit from a reputable security firm. This tool is best for initial screening and quick assessments.
Use the deep audit for contracts you’re about to interact with for the first time, especially if they handle deposits or approvals. The extended analysis catches patterns that the standard audit might miss.