Contract audit
The Contract Audit agent analyzes smart contracts for vulnerabilities, access control issues, and security best practices. Available in the DeFAI chat and as a dedicated page at/security with auto-payment enabled.
How to use
From DeFAI (/defai or /chat):
- Select the Contract Audit agent
"Audit this contract: 0x...""Check for reentrancy vulnerabilities in this token contract""Is this contract safe to interact with?"
/security):
- Dedicated interface hardcoded to the audit agent
- Prompt cards on load: “Audit a contract by address”, “Check for vulnerabilities”, “Gas optimization review”, “OpenZeppelin compliance”
- Auto-payment — payments execute silently without prompting (via
useAutoPayment()hook) - Deep audit toggle — checkbox that appends
[deep-audit]flag for extended analysis
Result panel: ContractAuditResultPanel
Risk score gauge
A circular score gauge (0-100) with color coding:- 0-25: Low risk (green)
- 25-50: Medium risk (amber)
- 50-75: High risk (orange)
- 75-100: Critical risk (red)
SAFE, CAUTION, WARNING, or AVOID.
Findings
Each finding is a severity-coded card:
Each finding card contains:
- Title — concise description of the issue
- Description — detailed explanation
- Code snippet — relevant code with line numbers (syntax highlighted)
- Recommendation — how to fix the issue
Recommendations section
Overall recommendations for the contract:SAFE (green), CAUTION (amber), WARNING (orange), AVOID (red).
AI report
Collapsible markdown section with the full AI-generated analysis narrative.Deep audit
When the deep audit toggle is enabled (or[deep-audit] is appended to the message), the system runs an extended analysis:
- Nemesis analysis — advanced vulnerability detection framework
- Pashov analysis — specialized audit methodology
Security page specifics
The/security page wraps the same chat infrastructure with:
- Hardcoded agent: Contract Audit (
contract-audit) - Auto-payment:
useAutoPayment()hook interceptsparam_requestandx402_payment_requiredactions, handling them automatically without user interaction - Sidebar: Full session management (ChatSidebar) for saving audit history
- Greeting injection: Welcome message on new sessions
- Scroll-down arrow: Mobile optimization for navigating long audit results

