BIG UPDATE (July 5, 2023): CryptoCadet is now live and available to demo!
Anyone who has ever sought to publish an audit to etherscan knows that it can often be an expensive and stressful process. But with the boom of AI tools, it seems like there are more ways than ever before to cheaply and effectively spot vulnerabilities and receive feedback on your smart contracts.
Often I encounter projects that believe they simply don’t have the budget for an audit, or perhaps don’t appreciate the value of a well-done audit, so they skip it, and put their project and supporters all at risk. What’s even worse is that many of the issues hidden within their smart contracts may be easily discoverable. Lastly, there are already many automated auditing tools out there, but they are often difficult to read and understand if you are not a Solidity developer.
Taking into account all these obstacles, my goal was simple. I wanted to create an auditing tool that could publish an audit to a webpage with one command in under 30 seconds. The tool should be able to:
- Be triggered via Discord command
- Publish the audit to a webpage (necessary for publication on etherscan)
- Be Easy to Read and Understand, with Color-coded warnings signifying the severity of the issue
- Publish Inheritance and Call Graphs depicting the smart contract
- Provide AI Insights and Recommendations on how to improve the contract
Thus, CryptoCadet was born!
With just one Discord command you can upload your .sol file and see your audit published in less than a minute!
!audit <NETWORK>That’s it!
So, what can’t this tool do?
Having audited several contracts, I can honestly say that while something is better than nothing, an AI tool is no replacement for a rigorous, line-by-line audit from an experienced Solidity developer. For example, the tool may catch an obvious vulnerability, but it may not correct you on code that, while not necessarily wrong, can still be exploited by a malicious actor with the know-how to do it. The tool will also not show you how to fix the issues it presents, and obviously, it won’t fix your code for you. It’s an audit, and a good starting point especially if you were considering chancing it and not auditing your code at all.
Interested in becoming part of the smart contract security audit revolution? Join us on the official Discord here.
