Excited to share that our paper "PropertyGPT: LLM-driven Formal Verification of Smart Contracts" received the Distinguished Paper Award🏆· at NDSS 2025! Honored to be a co-first author on this work. Paper: #NDSS2025.

@Aptos need some heart disease funding😆.

I'm currently reorganizing and introducing tree-sitter into the finite-monkey engine, and I've supplemented developers with a necessary package: tree-sitter-move in Python: The corresponding open-source repository is at I need to.

I've been trying an alternative approach these past few days that probably no one has attempted before - using Claude code SDK to replace all vul scan engine context components.which would dramatically simplify project complexity while enabling comprehensive context exploration.

RT @ret2basic: I am starting a 100 days challenge, building my web3 security portfolio in public until my dream company @CertiK hires me.….

We all have a bright future.

RT @agfviggiano: my AI auditor can find bugs introduced by my AI dev

Recently I've been wanting to completely refactor the context system in the engine to provide a perfect context component, but it seems fraught with difficulties: . 1. you need to consider the codebase, which puts demands on the assembly speed of codebaseQA RAG. For very large.

RT @ret2basic: @TaiChiWeb3Sec now has an official website! We offer Solidity, Move and Solana security reviews. Al….

wrote a summary article last night.

We typically face needs with different probability scenarios: searching for unknown answers (vulnerability discovery), having a definitive answer but needing to find it (root cause analysis), and providing recommendations (audit hints or checklists). For different needs, the.

When you're designing an LLM-based automated workflow or trying to turn an LLM into a tool, you're typically doing prompt engineering or context engineering. But ultimately, what you're actually dealing with is probability, attention, and various uncertainties. Many people,.

some cluster record:

The functionality of the 3,970 vulnerabilities can be basically categorized into 13 types, with the top three scenarios having the most vulnerabilities being: Rewards & Incentives (502), Decentralized Lending (470), and Asset Management (461), accounting for 36% of the total.

collected 3,970 high-severity vulnerabilities from various public audit competitions and decomposed them into functionality (the scenarios where these vulnerabilities occur) and key concepts (the abstract causes behind these vulnerabilities). I performed UMAP-based clustering and.

Then, put everything into a folder and feed it to cursor. Turn on that agent mode to perform the root cause analysis.

Collect transaction traces and all contract source codes. For those without source code, use heimdall plus a LLM to decompile.

This little gadget is for automated root cause analysis based on cursor. If someone interested, can continue working on it.

Tonight @ret2basic shared dacian's repository with me: This reminded me that perhaps fine-grained checklists are also the direction for the future. Some checklists can be used for overall scanning, some should be specifically used for invariant.

In the next 1-2 years, we will see AI Audit Tools proliferating rapidly. I have already observed many different methodologies and product forms:. 1. There are increasingly more competitions among various audit tools.2. AI is able to cover more and more scenarios.3. New features.