Multi-Agent Smart Contract Security Auditor powered by Xiaomi MiMo V2.5
SmartAudit AI is an autonomous multi-agent system for smart contract security auditing. It coordinates 4 specialized AI agents to perform deep, multi-perspective security analysis of Solidity smart contracts.
Traditional single-LLM audits miss vulnerabilities that require different "mindsets":
- Pattern Scanner thinks like a checklist — systematic, fast
- Logic Analyzer thinks like a senior auditor — creative, deep
- Exploit Researcher thinks like an attacker — adversarial, historical
- Report Writer thinks like a consultant — clear, actionable
By running these agents in parallel and synthesizing their findings, SmartAudit AI catches vulnerabilities that single-pass analysis misses.
┌─────────────────────────────────────────────────────────┐
│ SmartAudit AI │
│ Multi-Agent Orchestrator │
├─────────────┬──────────────┬──────────────┬─────────────┤
│ Agent 1 │ Agent 2 │ Agent 3 │ Agent 4 │
│ Vulnerability│ Logic │ Exploit │ Report │
│ Scanner │ Analyzer │ Cross-Ref │ Generator │
│ │ │ │ │
│ • Reentrancy│ • Business │ • Historical │ • Executive │
│ • Access │ Logic │ Exploits │ Summary │
│ Control │ • Economic │ • Attack │ • Findings │
│ • Overflow │ Incentives │ Patterns │ Detail │
│ • Oracle │ • State │ • CVE/CWE │ • Fix │
│ Manip. │ Machine │ Database │ Guide │
├─────────────┴──────────────┴──────────────┴─────────────┤
│ Pattern Database │
│ 15+ Known Vulnerability Patterns │
├─────────────────────────────────────────────────────────┤
│ Xiaomi MiMo V2.5 API │
│ (Flagging Reasoning + Multimodal) │
└─────────────────────────────────────────────────────────┘
- Python 3.10+
- Xiaomi MiMo API Key (Get one here)
git clone https://github.com/nezukoagent/SmartAudit-AI.git
cd SmartAudit-AI
pip install -r requirements.txt# Full multi-agent audit (requires API key)
export MIMO_API_KEY="your-api-key-here"
python -m src.main contracts/examples/vulnerable_vault.sol
# Pattern-only scan (FREE, no API key needed)
python -m src.main --no-agents contracts/examples/vulnerable_vault.sol
# Specify contract type for better analysis
python -m src.main --contract-type defi --protocol "MyDEX" contracts/my_dex.sol
# Custom model and output
python -m src.main --model mimo-v2.5-pro --output my_reports/ contract.solimport asyncio
from src.config import AuditConfig, ModelConfig
from src.agents.orchestrator import AgentOrchestrator
async def audit():
config = AuditConfig(
model=ModelConfig(
model="mimo-v2.5-pro",
api_key="your-key",
base_url="https://api.xiaomimimo.com/v1"
)
)
orchestrator = AgentOrchestrator(config)
with open("contract.sol") as f:
source = f.read()
report = await orchestrator.run_audit(
source_code=source,
filename="contract.sol",
contract_type="defi"
)
print(report)
asyncio.run(audit())- Role: Static pattern analysis
- Method: Regex matching + LLM reasoning
- Covers: 15+ vulnerability classes (reentrancy, access control, overflow, etc.)
- Strength: Fast, systematic, high recall
- Role: Business logic deep dive
- Method: LLM reasoning about economic incentives and state machines
- Covers: Economic attacks, logic bugs, composability risks
- Strength: Creative, finds non-obvious bugs
- Role: Historical exploit comparison
- Method: LLM knowledge of past DeFi exploits
- Covers: Rekt.news patterns, CVE database, similar protocols
- Strength: Adversarial thinking, real-world context
- Role: Synthesis and reporting
- Method: Combines all findings into professional report
- Output: Markdown report with severity ratings, fix recommendations
╔══════════════════════════════════════════════════════════╗
║ 🔒 SmartAudit AI v1.0 ║
║ Multi-Agent Smart Contract Security Auditor ║
╚══════════════════════════════════════════════════════════╝
📄 Contract: vulnerable_vault.sol
📏 Lines: 95
🔤 Size: 3,188 chars
⏳ Phase 1: Parallel Security Analysis...
🔎 Vulnerability Scanner - ✅ Done (7 findings, 12,450 tokens)
🧠 Logic Analyzer - ✅ Done (4 findings, 11,200 tokens)
📚 Exploit Cross-Reference - ✅ Done (3 findings, 9,800 tokens)
⏳ Phase 2: Report Synthesis...
Report Generator - ✅ Done (8,500 tokens)
══════════════════════════════════════════════════════════
✅ Audit Complete!
══════════════════════════════════════════════════════════
📊 Total Findings: 14
🔴 CRITICAL: 2
🟠 HIGH: 4
🟡 MEDIUM: 5
🟢 LOW: 2
ℹ️ INFO: 1
🪙 Total Tokens Used: 41,950
══════════════════════════════════════════════════════════
# Run pattern scanner tests
python -m pytest tests/test_patterns.py -v
# Run all tests
python -m pytest tests/ -vSmartAudit-AI/
├── src/
│ ├── __init__.py
│ ├── main.py # CLI entry point
│ ├── config.py # Configuration classes
│ ├── agents/
│ │ ├── __init__.py
│ │ └── orchestrator.py # Multi-agent orchestration
│ └── utils/
│ ├── __init__.py
│ ├── llm_client.py # LLM API client
│ ├── vuln_patterns.py # Vulnerability pattern database
│ └── report_generator.py # Report generation
├── contracts/
│ └── examples/
│ ├── vulnerable_vault.sol # Example with common vulns
│ └── defi_lending.sol # DeFi lending pool example
├── reports/ # Generated audit reports
├── tests/
│ └── test_patterns.py # Pattern scanner tests
├── docs/ # Documentation
├── requirements.txt
└── README.md
- Multi-agent orchestration
- 15+ vulnerability pattern database
- Professional report generation
- Slither integration for enhanced static analysis
- Etherscan verification integration
- HTML report generation
- CI/CD integration (GitHub Actions)
- Support for Vyper contracts
- Formal verification hints
- Token flow visualization
Contributions welcome! Please read our contributing guidelines.
- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
- Xiaomi MiMo - Powering our AI agents with MiMo V2.5
- OpenZeppelin - Smart contract security standards
- Consensys - Smart contract best practices
- Rekt.news - Historical exploit database
- GitHub: @nezukoagent
- Issues: GitHub Issues
Built with ❤️ and Xiaomi MiMo V2.5