Skip to content

Supsource/AuditAI

BranchesTags

Repository files navigation

AuditAI

AuditAI is a production-oriented MVP for AI-assisted smart contract auditing. It combines deterministic analysis, AI-generated remediation guidance, professional report generation, and certificate minting into a single SaaS workflow.

Stack

  • Frontend: Next.js 14 App Router, Tailwind CSS, shadcn/ui, RainbowKit, wagmi v2, TanStack Query
  • Backend: FastAPI, SQLAlchemy, PostgreSQL, Redis, Celery
  • Analysis: Slither, custom Solidity pattern matching, OpenAI GPT-4o
  • Web3: Hardhat, ethers.js, ERC-721 certificate minting on Polygon Amoy
  • Storage: Pinata IPFS
  • Billing: Stripe + Coinbase Commerce
  • Notifications: SendGrid + in-app notifications

Repository Layout

frontend/   Next.js application
backend/    FastAPI API, audit engine, Celery worker
contracts/  Solidity certificate contract and Hardhat tooling
prisma/     Database schema and SQL migrations

Prerequisites

  • Node.js 20+
  • Python 3.11+
  • Docker + Docker Compose
  • Slither-compatible toolchain for local backend execution
  • Pinata, Stripe, Coinbase Commerce, SendGrid, OpenAI, WalletConnect, and explorer API credentials

Environment Setup

  1. Copy .env.example to .env.
  2. Fill in all required secrets.
  3. For local NFT minting, fund the PRIVATE_KEY wallet on Polygon Amoy.
  4. Ensure your explorer API key supports Etherscan V2 multichain requests.

Run With Docker

cp .env.example .env
docker compose up --build

Services:

  • Frontend: http://localhost:3000
  • Backend API: http://localhost:8000
  • PostgreSQL: localhost:5432
  • Redis: localhost:6379

Local Development

Database

npm install
npm run db:migrate

Frontend

cd frontend
npm install
npm run dev

Backend

cd backend
python3 -m venv .venv
source .venv/bin/activate
pip install -e .
uvicorn main:app --reload --port 8000

Worker

cd backend
source .venv/bin/activate
celery -A workers.audit_worker.celery_app worker --loglevel=info

Contracts

cd contracts
npm install
npx hardhat test
npx hardhat run scripts/deploy.js --network polygonAmoy

Product Flows

Authentication

  • Wallet connect with RainbowKit
  • SIWE nonce issued by FastAPI
  • Signature verified on the backend
  • JWT stored in an httpOnly cookie for protected app routes

Audit Pipeline

  1. Ingest contract source from paste, file, GitHub repo, or verified address
  2. Parse Solidity structure and metadata
  3. Run Slither
  4. Run custom vulnerability pattern checks
  5. Send normalized findings to GPT-4o for explanations and fixes
  6. Score the audit, build the report, render PDF
  7. Upload report assets to IPFS
  8. Mint an ERC-721 certificate
  9. Notify the user by email and in-app notification

Tier Behavior

  • Free: full analysis runs, but delivery is limited to the top 3 findings and free reports are public by default
  • Pro: full report, private by default until shared
  • Enterprise: full report, API access, private by default until shared

Testing

  • Backend: pytest
  • Contracts: npx hardhat test
  • Frontend: npm run lint and npm run build

Notes

  • Polygon Amoy is used as the default NFT network.
  • The backend uses SQLAlchemy at runtime while Prisma remains the database schema contract.
  • If Slither fails, the audit engine continues with pattern matching and records the degraded-analysis warning in the report.

About

Smart contract audits in minutes, not months. At 1% of the cost.

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Contributors

Languages