Zaevlad | Solidity, Audit & LLM

Excited to share my first open-source project after 2 months of building: VulnFlow. A local smart contract auditing builder that transforms fragmented, manual analysis into structured, reproducible pipelines. 🔗 github.com/zaevlad/vulnfl… 👇 More details:

Huge update to the VulnFlow Audit AI system 🎉 The chat is no longer just a text assistant. It now acts as a workspace-aware audit agent with access to files, RAG docs, pipeline state, external tools and live UI context. github.com/zaevlad/vulnfl…

@patrickd_de Codex is also suck for long instructions... so lazy

Current state: Claude makes common sense assumptions about what you want that are pretty close to what you really want. Codex just uses any hole in your spec/request as an excuse to be a lazy mf.

Also added a Monaco-based editor integrated with the agent. Responses containing path:line references are clickable, opening the exact workspace file and scrolling directly to the referenced code location.

Visualization support was heavily expanded. The agent can generate interactive HTML/SVG widgets inside sandboxed iframes, attach follow-up prompts and build dynamic visualizations directly inside the chat interface.

@aviggiano That's the point! The agent owner should certainly pay for it. If the agent is suck, more tokens will be spent than can be won in the contest. People will train their bots to be precise and brief

@RightNowIn Yeah that’s nice but if you do the math the AI triaging for these counter agents can get expensive (or they won’t work very well) And who’s paying for it? The client? The bad participants? The platform?

How I would design a contest platform in 2026 - unconditional pots only - private submissions - deposit fee that scales with severity (L=$10, M=$30, H=$100), refunded only if duplicate - live judging - no escalations - AI triaging with final project verdict

@aviggiano There could be another group of agents, known as counter-agents, whose sole purpose is to invalidate the reports of the first group. Ultimately, only reports with a low percentage of invalidations or arguments should remain

@RightNowIn I’ve thought a lot about AI contests but I’m not sure if it scales very well. The number of false positives would be huge, which would increase AI triaging costs or human review time. If I were the project I’d rather pick 2-3 good ones and run them all

Build smarter audit workflows. Control costs. Protect sensitive code. Try VulnFlow today: github.com/zaevlad/vulnfl…

Privacy by design: with local inference, all data stays on your machine. No external API calls. No data leakage risks. Critical when auditing confidential projects under NDA.

VulnFlow is built on local-first principles. 1. You don't need Claude Opus or ChatGPT-5.4 to write a simple vulnerability report. 2. Sensitive information should stay confidential.

This is how you turn reactive learning into proactive defense. With VulnFlow's modular design, every new hack strengthens your audit toolkit. Build. Test. Iterate. Stay ahead. 🔗 github.com/zaevlad/vulnfl…

Point VulnFlow at contracts with similar architecture to the hacked protocol. Run your custom skill. Get instant feedback on whether the same pattern exists — before attackers find it.

What's the BEST part of VulnFlow - audit tool for smart contracts? You're not limited to pre-built skills. You can CREATE your own skills & instructions — and compose them however you want. Here's how to stay ahead of exploit trends 👇