DynaAudit

AI/ML System

Overview

DynaAudit is a multi-agent smart contract auditing system that addresses a critical gap in existing LLM-based tools: static knowledge bases cannot detect vulnerabilities from exploits that occur after model training cutoffs. Over $2.6 billion USD was lost across 192 smart contract exploits in 2024 alone. DynaAudit combines four specialized AI agents with a dynamic RAG pipeline that continuously ingests live on-chain exploits — detecting both known and emerging vulnerabilities with confidence scoring and severity classification.

The Problem

  • Smart contracts on Ethereum are immutable once deployed — bugs cannot be patched post-deployment
  • Over $2.6B USD lost across 192 exploit incidents in 2024 alone
  • Existing LLM-based tools rely on static training data and miss new exploit patterns post-cutoff
  • A single LLM auditor suffers from degeneration-of-thought — it becomes biased toward its initial analysis

The Four-Agent Audit Team

PM

Project Manager

Orchestrates the audit — sets objectives, initiates subtasks, tracks progress

SCA

Smart Contract Auditor

Primary analyst — identifies vulnerabilities using Dynamic RAG context

SPE

Solidity Programming Expert

Deep code-level analysis — integrates Slither & Mythril static tool output

SCC

Smart Contract Counselor

Validator & reporter — challenges findings, deduplicates, writes the final structured report

3-Phase Audit Loop

Phase 1

Contract Analysis

PM ↔ SCA: Understand contract purpose, structure, and entry points. RAG injection adds top-K similar exploits into SCA context.

Phase 2

Vulnerability Identification

SCA ↔ SPE (role reversal): Forces SPE to independently re-evaluate findings, eliminating confirmation bias and degeneration-of-thought. Slither & Mythril output fed into SPE reasoning.

Phase 3

Report Generation

SCC validates, deduplicates, and produces the final report. Diff Detector flags vulnerabilities matching newly-added exploits not in GPT's static training data.

DynaAudit vs LLM-SmartAudit (Baseline)

FeatureLLM-SmartAuditDynaAudit
Knowledge baseStatic (training cutoff)Dynamic — live on-chain exploits
Exploit sourcesNoneEtherscan, Forta, Rekt.news, DeFiHackLabs
Vulnerability detectionKnown patterns onlyKnown + emerging (post-cutoff)
Confidence scoringBinary (yes/no)Scored with severity levels
Diff detectionNot presentFlags novel vs. known exploits
Feedback loopNoneContinuous re-ingestion of new exploits

Tech Stack

LangChain.jsLangGraphGPT-4oNestJSPostgreSQLPineconepgvectorSlitherMythrilTypeScriptEtherscan APIForta Network

View Source

Research project — extending LLM-SmartAudit (IEEE TSE, 2025).

GitHub