Chain-Fox

302 posts

Chain-Fox

@ChainFoxAI

All-in-one automated blockchain auditing . AI + rules + human-in-the-loop. Building the Web3 security standard CA: Fo9wJVqWYXEgsG3UKekvK1R7YVewyUGodRfBrmjaBAGS

Beijing, China 加入时间 Kasım 2017

29 关注1.1K 粉丝

置顶推文

Chain-Fox@ChainFoxAI·16 Oca

Over the past weeks, we’ve been deep into experimenting with AI agents and skill-based workflows. One clear takeaway: Simply throwing a large model at audits doesn’t work well. Clear steps, structured workflows, and reusable skills matter much more. This is a big shift for Chain-Fox. Expanding what Chain-Fox does Until now, Chain-Fox has focused mainly on smart contract code checks. That’s important, but real Web3 attacks are rarely just about code. Rug pulls, malicious behavior, and fake or compromised websites play a huge role. Because of this, Chain-Fox is evolving from pure code checks into broader risk analysis that better reflects how real attacks happen.

English

2.8K

Chain-Fox@ChainFoxAI·14 Nis

To better understand the current Solana security ecosystem, We tested Fender, Eloizer, and X-Ray on over 200 real Anchor bugs. The report is here: github.com/Chain-Fox/Chai… Here’s what we saw: Fender catches almost everything with very high recall. X-Ray gives cleaner output but misses quite a few bugs. Eloizer lands somewhere in between. But in real projects, precision drops to about 6%. That means you need to look at 10 to 15 alerts to find one real issue. So a practical workflow right now: Run Fender, apply some filtering, then manually review. It’s still early. Tools are getting better quickly. We’re not done. We are testing other tools esp LLM-based ones.

English

194

Chain-Fox@ChainFoxAI·27 Mar

At Chain-Fox, we’ve collected 150+ bug-fixing commits across 1000+ real-world Anchor projects. We’re analyzing them to evaluate the effectiveness of existing Solana security analysis tools. Our own agentic checker is also in progress.

English

322

Chain-Fox@ChainFoxAI·27 Mar

I think this is real progress for Solana security. Respect to the researchers from Germany. arxiv.org/abs/2603.16349 The ability to analyze deployed contracts without requiring source code makes the approach actually usable in practice. Symbolic execution is powerful for uncovering low-level bugs, but business logic vulnerabilities remain difficult to detect. The next step is clear: combining code-level analysis with intent-based LLM reasoning.

English

313

Chain-Fox@ChainFoxAI·14 Mar

I just applied to the $4M @BagsHackathon with my project Chain-Fox on @BagsApp Check it out here 👇 bags.fm/apps/5e9fca32-…

English

522

Chain-Fox@ChainFoxAI·13 Mar

The system is evolving every day. Instead of chasing perfect agents, we are building the data foundation first. Thanks to our partner @acedatacloud for providing affordable APIs that make running this continuous research infrastructure possible.

English

225

Chain-Fox@ChainFoxAI·13 Mar

Our approach is different: start small and collect real-world signals. For the past week, an OpenClaw instance has been running 24/7, using cron jobs to continuously collect public information and build a real-world Solana security dataset. Every command we issue improves the pipeline: Program discovery -> Data collection -> Automated analysis

English

287

Chain-Fox@ChainFoxAI·13 Mar

The first step to building a reliable agentic checker is simple but often ignored: Data. Most AI checkers and auto agents fail not because the model is weak, but because they lack real verification data.

English

527

Chain-Fox@ChainFoxAI·12 Mar

Those who are engaging web3 security should read the two articles by MagicGrants and Kleros. Takeaway: AI can flag “bugs” that aren’t bugs, while tools miss real issues. Neither alone meets our auditing needs. Chain-Fox leverages verification to get the best of both worlds: AI and expert tools. magicgrants.org/2026/03/09/AI-… blog.kleros.io/smart-contract…

English

239

Chain-Fox@ChainFoxAI·8 Mar

To test the ability of agentic checkers, I tried running old Sealevel-Attacks demos on Anchor 0.32.1 in a restricted network. Biggest headaches: 1. Downloads often fail: had to manually download and fix. 2. Old demos incompatible with new Anchor Forked the project, fixing compatibility with Anchor 0.32. Will upstream once stable. github.com/Chain-Fox/sola…

English

244

Chain-Fox@ChainFoxAI·6 Mar

I am rethinking what an agentic checker means. Instead of building agents that guess bugs, we should build systems that: prove properties of the program The LLM helps fill the specification gap, but correctness is decided by formal methods. github.com/Chain-Fox/sola…

English

320

Chain-Fox 已转推

DieBX00@ChainFoxMainDev·27 Şub

x.com/StepFinance_/s… Pity to see such an influential company shut down after a treasury breach. The problem wasn’t the chain itself, it was a compromised key or account. Relying on a single signer is extremely risky. Multisig and keeping keys in separate places is a must.

Step☀️@StepFinance_

Today we are announcing that Step Finance, SolanaFloor, and Remora Markets will be winding down all operations. Following the hack at the end of January we explored every possible path forward, including financing and acquisition opportunities. Unfortunately, we were unable to secure a viable outcome and have made the difficult decision to end all operations effective immediately. We are working on a buyback for STEP holders based on a snapshot prior to the incident, and a redemption process for Remora rToken holders. Remora tokens remain backed 1:1. We are deeply grateful to our community for the support over the years and are confident that this is the best outcome given the circumstances. We want to thank our millions of customers over the years for joining us on this journey. More details will be shared soon

English

612

Chain-Fox@ChainFoxAI·27 Şub

Back from the holidays, now it’s time to work on the agentic checker!

English

265

Chain-Fox@ChainFoxAI·14 Şub

Rug-Pull Detector: Initial Version Live Try it now: chain-fox.com/rugpull-detect 1. Paste a contract address 2. Click Analyze Contract 3. Wait for the Rug-Pull Agent to generate a full analysis This is just the beginning, more functions to be added. Let’s make it stronger together.

English

486

Chain-Fox@ChainFoxAI·14 Şub

While researching open-source rug-pull detectors, I found something worrying. Some don’t work. Some are outright malicious. hippo7598/rug-pull-detector Looks professional. README is clean. At first glance, no obvious issue. But check the raw file: raw.githubusercontent.com/hippo7598/rug-… You’ll find: Obfuscated bytecode Encrypted payload exec() on decrypted content That’s NOT how security tools are written. The byte-encoded payload expands to: ``` os.system('pip install cryptography') os.system('pip install requests') os.system('pip install fernet') import requests from fernet import Fernet exec(Fernet(b'').decrypt(b'')) ``` Because the decrypted payload is executed directly: Arbitrary code execution is possible Credential theft is possible Wallet key exfiltration is possible The impact surface is unbounded. Use a trustworthy tool in Chain-Fox. The rug-pull tool testing will be online in hours.

English

462

Chain-Fox@ChainFoxAI·14 Şub

WARNING: MALICIOUS CODE FOUND INSIDE 🦂github.com/hippo7598/rug-… A reminder: malicious code often disguises itself as “security tools.” Be careful what you run. This is exactly why we’re building Chain-Fox: Open logic. Auditable code. No hidden execution. Our rug-pull inner test will be online soon. No fear of malicious detectors. Stay safe.

English

288

Chain-Fox 已转推

DieBX00@ChainFoxMainDev·13 Şub

Work these days: Initial version of rug-pull detection will be out in 24h. Pushing the checkers to be more agentic, not just rule-based flags. Tried the newest doc to spec tools. Promising, but still needs manual work. Step by step. Build the foundation right. @ChainFoxAI

English

304

Chain-Fox@ChainFoxAI·2 Şub

Chain-Fox is being built with a long-term view. We’re focusing on designing security systems that reflect how real Web3 risks evolve, not just running surface-level checks. Some phases take more groundwork than visibility. Updates will be shared when there’s something concrete to show.

English

717

Chain-Fox@ChainFoxAI·29 Oca

@LasersAligned 🦊

QME

Chain-Fox@ChainFoxAI·28 Oca

Chain-Fox roadmap is live. We’re moving beyond code-only audits into full Web3 risk analysis using Skills and agents. This is a phased build focused on detection, signals, and real-world attack patterns. 🧵

English

452

Chain-Fox@ChainFoxAI·29 Oca

Chain-Fox is moving beyond code-only audits. Most Web3 exploits don’t start with a single contract bug. They start with behavior, fake sites, and gradual risk signals. That’s why our roadmap now focuses on agent-based risk analysis: • Rug pull detection • Web3 website risk checks • Skill-based contract auditing • Continuous signals, not yes/no labels Full roadmap is live and development is underway.

English

473

Chain-Fox@ChainFoxAI·28 Oca

ZXX

169

Chain-Fox@ChainFoxAI·28 Oca

Full roadmap and technical details here: github.com/Chain-Fox/Chai… This roadmap is about building durable security systems. And that’s what Chain-Fox exists for.

English

265

发现

@BagsHackathon @BagsApp @acedatacloud @LasersAligned @elonmusk @BarackObama @taylorswift13 @cristiano