Michal Převrátil

EVMbench for Solana: Trident Arena, a multi-agent AI security scanning solution. 21 out of 30 critical/high-severity vulnerabilities found across 6 open source Solana code bases in benchmarks. 70%+ true positive rate. See it in action: During a manual audit, TridentArena helped us find a critical-severity issue (later fixed), making @MetaDAOProject even more secure. Built by the School of Solana senior auditors, securing leading protocols. Time to IBRL of Solana security audits! Launch blog post: ackee.xyz/blog/trident-a… Request access → tridentarena.xyz Follow @TridentSolana for product updates and insights.

@sahuang97 For example, this issue from Virtuals 2025-08-04 was excluded from EVMBench even though it leads to a loss of funds.

@sahuang97 I think the message is that people shouldn't rely on EVMBench to catch all severe issues. LLMs may fail to recognize if an issue leads to a loss of funds. And even issues without direct loss may have severe consequences for protocols.

Correct me if wrong, but I think there's one unfair part in this comparison: EVMbench is instructed to only look at loss-of-fund high severity issues (since we want exploit mode to run and verify fund loss). So stuff like DoS and accounting mismatch are often excluded if they don't really pose such risk. I glanced at the dataset and seems quite a few are not actually direct loss of assets vulnerabilities, but they are indeed "High" in contests. I am not saying Wake Framework is worse, in fact I believe it is supposed to be better compared to a Codex instance. But we should correct the benchmark stats to filter out some findings if we need to compare with EVMbench.

We ran EVMbench on @zellic_io's public dataset, high-severity only. @WakeFramework beat OpenAI by 96%. Looks like AI isn't killing this startup yet. EVMbench (codex-gpt-5.2-xhigh): 22/94 Wake Arena (already tested pre-release): 43/94 github.com/Ackee-Blockcha… @OpenAI @paradigm @osec_io

The AI security trilemma Every AI security tool must solve this: optimize for detection rate, false positive rate, or cost. Can’t have all. Detection rate We focused on what matters most: high-severity and critical vulnerabilities. First benchmark: outperform plain GPT-5. If we can’t beat the best base model, there’s no point building a tool around it. Result: 43/94 vs 24/94. Then benchmark against competition. Zellic V12 - the only AI team to publish reproducible benchmark. Thank you for that. Result: 43/94 vs 41/94. False positives This is where we spent most of our effort. A tool that floods auditors with false positives only steals time. Target: get it under 50%. Cost Aim to generate positive revenue. Could find more issues running more models multiple times with unlimited LLM token budgets. But Wake Arena has to be economically reasonable. → The Result A tool we use ourselves. Wake Arena now runs as the 6th step in Ackee’s manual audit methodology (after fuzzing). A safety net for manual reviews. One that will grow stronger as LLM capabilities evolve.

Wake Arena: multi-agent AI audit with graph-driven reasoning and LLM-tailored static analysis. 43/94 high-severity vulnerabilities found in historical audit competitions. 26 findings, including 5 criticals in 4 production audits by Akcee in Nov 2025. Full benchmarking report: ackee.xyz/blog/wake-aren… Built by senior auditors securing Lido, Aave, Axelar, and Safe. 50%+ true positive rate. Scan your protocol → ackee.xyz/wake/arena Follow @WakeFramework for product updates and insights.

Just presented "State of Fuzzing: Closing the Circle From Machine to Human and Back" at DeFi Security Summit. The evolution of smart contract testing → from blackbox automation to auditor-guided fuzzing to AI-assisted workflows. Thread ↓

The first VS Code extension for Solana is here. Real-time security analysis + fuzz coverage visualization. Built by the auditors and educators behind School of Solana. Thread ↓

Everything you need for secure Solidity development. In 1 tool. • Slither: Static analysis only • Hardhat/Foundry: Testing + some features • Wake: ALL features combined → testing, fuzzing, static analysis, language server + New Rust testing core = same syntax, much faster execution ↓

@WakeFramework LIST

The EVM/Solidity Security Checklist is based on 200+ successful audits securing $180+ Bn in TVL. We now give it away for FREE (limited time only) to help devs and security researchers level up. To get it: ✓ Repost ✓ Comment: LIST We'll DM it to you (must be following).

Yesterday, Tim Ferriss released an interview with the world's scariest hacker, Pablos Holman. Here are 6 insights that every Solidity developer and smart contract security researcher should know. Thread ↓

Perfect security. Zero reentrancy, bulletproof access controls, 100% test coverage. Yet, an attacker front-ran and hijacked user assets. Here's how Wake's Manually Guided Fuzzing catches what traditional testing misses: Thread ↓

Before diving into manually guided fuzzing, I always start by checking the available contract functions — using the Public Functions Printer in VS Code. Now available to everyone with the Solidity (Wake) extension! Don't skip this step. Know what you're testing. 👨‍💻🔍

At ProtoLayers: @michprev from @ackeeblockchain showcasing how Python-based tooling actually works for Solidity with @WakeFramework

📢 NEW SPEAKER ANNOUNCEMENT Say hi to @michprev, Head of Tooling at @AckeeBlockchain, who’s joining the ETH Belgrade 2025 speaker squad. He’ll drop his take on the State of Python Tooling for Solidity Development. ---------------------------------- ETH Belgrade 3 starts June 3rd – mark your calendar! 🎟 Get tickets  → bit.ly/3EA2Fxb 🤝 Become a sponsor → bit.ly/4jOaMGW 🛠 Apply to hack → bit.ly/3CrRypL

@0xalpharush @jgattermayer @0xAngler @Web3SecSummit @Montyly @SagivMooly @AckeeBlockchain MGF cannot be just automated by defining a strategy algorithm. It lets the developer to define a different strategy for each project. This is what it makes it so unique and very versatile.

@jgattermayer @0xAngler @Web3SecSummit @Montyly @SagivMooly @AckeeBlockchain It’s pretty common in generative fuzzing to have an array of strategies, implement new ones, and tweak their distribution after analyzing the coverage and other execution data.

Last year @0xAngler had a great idea to discuss Fuzzing vs. Formal Verification at @Web3SecSummit. I ended up on a panel with @Montyly and @SagivMooly. While preparing, I realized @AckeeBlockchain approach to fuzzing was different from anything else out there - it needed a name. That's when Manually Guided Fuzzing was born.

1/ Fuzzing is a well-known software testing technique, but what is Manually-Guided Fuzzing? This innovative testing approach combines the strengths of stateful and white-box fuzzing to deliver more efficient and targeted vulnerability detection. ↓

You can open verified contracts on Sourcify with Wake!

Excited to share that Ackee is receiving a grant from @Optimism for ✨ Solidity (Wake) — Code fast and secure Solidity code on Ethereum Benefits: → remix-like testing → real-time static analysis → best devX All within VS Code, available now in the marketplace ↓↓↓