How DeepThreat Works
Under the Hood
Multi-stage vulnerability detection combining specialized scanners, intelligent orchestration, and local AI reasoning. No API costs. No external dependencies.
System Architecture
Five-layer architecture: Input โ Scanners โ Orchestrator โ AI Reasoner โ Report Generator
44 Specialized Scanners
Each scanner is purpose-built to detect specific vulnerability patterns. Together they provide comprehensive coverage across all major attack vectors.
Access Control Analysis
Detects missing or improper access modifiers on critical functions
Approval Pattern Detection
Identifies unsafe token approval patterns that could lead to fund theft
CEI Pattern Validation
Ensures Check-Effects-Interactions pattern is properly implemented
Delegatecall Safety
Detects dangerous delegatecall usage that could compromise contract logic
Economic Attack Surface
Identifies economic vulnerabilities like price manipulation and arbitrage risks
External Call Analysis
Monitors external calls for reentrancy and trust assumptions
Flash Loan Detection
Identifies contracts vulnerable to flash loan attacks
Input Validation
Detects missing or insufficient input validation on public functions
Integer Overflow/Underflow
Catches arithmetic operations that could overflow or underflow
Mutex Detection
Analyzes reentrancy guards and lock mechanisms
Oracle Validation
Verifies proper oracle usage and freshness checks
Price Manipulation
Detects vulnerable price feeds and DEX oracle manipulation vectors
Reentrancy Guard
Identifies classic and cross-function reentrancy vulnerabilities
Selfdestruct Safety
Flags dangerous selfdestruct patterns and potential griefing attacks
State Mutation Analysis
Tracks state changes for race conditions and inconsistencies
Timestamp Dependence
Detects reliance on block.timestamp that could be manipulated
Tx.origin Usage
Flags phishing-vulnerable tx.origin authentication
Unchecked Return Values
Identifies ignored return values from external calls
Transient Storage (EIP-1153)
Detects improper handling of transient storage (TSTORE/TLOAD), preventing authorization bypasses
Storage Inference
Uses semantic inference to detect hidden state dependencies and storage collision risks
Durable Nonce (Solana)
Detects improper handling of Solana durable nonces in multisig and privileged contexts
AI-Fingerprint Scanner
Detects AI-generated code patterns (verbose comments, generic naming) that increase exploitability risks
Slither (Static Analysis)
Leverages the industry-standard static analysis framework for deep contract property checking
Semgrep (Pattern Matching)
Custom lightweight rulesets for fast and effective code pattern matching and security linting
Aderyn (Rust-based Static Analysis)
High-performance Rust-based analyzer for identifying Solidity-specific security anti-patterns
Trivy (Dependency Scanning)
Scans project dependencies and npm packages for known vulnerabilities and supply chain risks
LP Manipulation Detection
Detects specialized risks related to liquidity pool manipulation and sandwich attack vectors
Cross-Chain Security
Validates bridge interactions and cross-chain message passing for logic and relay vulnerabilities
Frontend Secrets Scanner
Detects hardcoded API keys, private keys, and sensitive configuration leaked in frontend assets
Supply Chain Security
Analyzes the integrity of the build pipeline and external module dependencies for malicious code
ZK Circuit Safety
Identifies common pitfalls in Zero-Knowledge circuits and proof verification logic
Precision & Rounding Analysis
Detects rounding errors and precision loss in fixed-point math that can lead to accounting bugs
Proxy Implementation Safety
Verifies upgradeable proxy patterns and initialization logic for storage collision risks
Config Validation
Validates system parameters and administrative configurations for unsafe edge cases
Shadow Contagion Risk
Analyzes systemic risk where failure in one protocol component can compromise the entire system
Circuit Breaker Analysis
Evaluates the robustness and security of emergency pause and circuit breaker mechanisms
VWAP Window Analysis
Detects vulnerabilities in Volume Weighted Average Price implementations and oracle windowing
Attacker Economics
Models the economic feasibility of attacks to prioritize vulnerabilities with high ROI for attackers
Toxic Skills Defense
Identifies and flags code patterns often used in malicious 'toxic' smart contract designs
Social Engineering / Multisig Proximity Scanner
Analyzes multisig setups and privileged roles for centralization and social engineering risks
Ensemble LLM Voting
Implements a multi-persona consensus mechanism using Auditor, Exploit Dev, and Security Researcher agents to validate findings and reduce false positives.
SCALM-Style Semantic Slicing
Performs deep semantic slicing using SCALM techniques to isolate complex vulnerability paths across large codebases for focused LLM reasoning.
CI/CD & Infra Security Audit
Analyzes build scripts, GitHub Actions, and deployment infrastructure for security misconfigurations, credential leaks, and supply chain risks.
Autonomous Bounty Hunter Mode
Enables continuous, autonomous scanning and exploitation simulation on targeted bug bounty programs with automated proof-of-concept generation.
Detection Methodology
82.6% EVMbench Detection Rate
DeepThreat achieves industry-leading detection on the EVMbench test suite by combining static analysis with AI-powered semantic reasoning. Our multi-stage approach catches both obvious vulnerabilities and subtle logical flaws that traditional tools miss.
Pattern Correlation Engine
Individual scanner findings are correlated by our orchestrator to identify complex, multi-vector attacks. A single reentrancy finding combined with missing access control becomes a critical vulnerability, prioritized for immediate review.
Context-Aware Validation
DeepThreat understands the difference between a false positive and a real vulnerability by analyzing code context, developer intent, and project dependencies. This reduces alert fatigue and focuses your attention on exploitable issues.
AI Reasoning with VulnLLM-R
Zero-Cost Local Reasoning
VulnLLM-R runs entirely on your machine using optimized local LLMs. No API keys, no rate limits, no external dependencies. Your code never leaves your infrastructure.
- โRuns on CPU or GPU (optimized for Apple Silicon)
- โNo internet required after initial setup
- โComplete privacy โ code stays local
Multi-Model Consensus
DeepThreat can optionally use multiple reasoning models in parallel to cross-verify findings and reduce false positives. Consensus voting ensures only high-confidence vulnerabilities reach your report.
- โParallel model inference
- โWeighted consensus voting
- โConfigurable confidence thresholds
Semantic Analysis Capabilities
Output Formats
JSON
Structured JSON output for programmatic consumption, CI/CD pipelines, and custom tooling.
--format json
> results.json
Markdown
Human-readable reports with syntax highlighting, perfect for GitHub issues and documentation.
--format markdown
> SECURITY.md
SARIF
Industry-standard Static Analysis Results Interchange Format for IDE and CI/CD integration.
--format sarif
> results.sarif
Integration Options
CLI
Command-line interface for local development and ad-hoc scans.
deepthreat scan ./contracts
GitHub Action
Automated scanning on every pull request with inline annotations.
ย ย with:
ย ย ย ย path: ./contracts
API
RESTful API for custom integrations and enterprise workflows.
{ "code": "..." }
โ vulnerability report
Ready to See It in Action?
Start scanning your smart contracts in under 5 minutes. No signup required.