Smart contracts can have hidden security flaws that lead to major losses. Manual audits are time-consuming and expensive. We built an AI agent that automates the entire process of reviewing smart contracts. It scans Solidity code, detects vulnerabilities, and explains risks—all in seconds. Our AI-powered auditor makes smart contracts safer, faster, and easier to deploy. 🚀

We allow users to log in through GitHub, where the AI agent automatically scans all repositories to find Solidity smart contracts. Users can also paste Solidity code directly if they prefer a manual check.

Once the code is submitted, the AI agent takes over. It runs static analysis to catch common vulnerabilities like reentrancy, overflows, and access control issues. But it doesn’t stop there. Unlike basic scanners, this AI goes further—it applies real-time AI reasoning to detect deeper flaws that traditional tools might miss.

For users who need even more accuracy, we allow them to train our AI agent on their own datasets, making it smarter over time and better suited for specific security needs.

To make sure the audited contract is the same as the one deployed, we fetch on-chain details through Flare. This step verifies that no unexpected changes have been made before deployment.

Finally, the AI agent generates a detailed security report with risk levels and suggested fixes. Users can download these reports in JSON, PDF, or Markdown formats, making it easy to integrate into security workflows.

Tech Stack and Architecture

BrokeChain has a React frontend with a chat-based interface, making it easy for users to interact with the AI and get security reports. The AI agent is hosted on Hugging Face, where we fine-tuned a large language model (LLM) in Python to specifically detect vulnerabilities in Solidity smart contracts and provide audits. Our AI Agent also performs static analysis, using Semgrep and Slither, which help detect common security flaws in Solidity code.

For GitHub integration, we built the system in TypeScript, allowing users to connect their repositories and automatically scan smart contracts. The backend is developed in Node.js, handling requests and managing AI interactions.

• Flare Network: Retrieves on-chain contract ABI, bytecode, and address for real-time verification.
• Hugging Face: Hosts the fine-tuned AI model used for vulnerability detection.
• GitHub: Enables automatic scanning of Solidity contracts from user repositories.
• OpenAI API: Assists in analyzing smart contracts and explaining vulnerabilities based on audit data.

A key feature of BrokeChain is we allow anyone to train the AI agent on private datasets, letting organizations fine-tune it for their own security needs. This improves detection accuracy over time, making the AI smarter with each use.

We also provide both static and AI-powered analysis. Semgrep and Slither catch common static issues like reentrancy and access control flaws, while our fine-tuned AI on Hugging Face detects deeper risks. To ensure accuracy, we also fetch on-chain contract details from Flare to verify the audited contract matches the deployed version.

We initially planned to integrate the AI agent directly into the code editor, allowing real-time security checks while writing Solidity contracts. This would provide instant feedback, making it easier for developers to fix vulnerabilities on the spot. However, due to time constraints, we focused on completing the GitHub integration first, ensuring that users could scan their repositories and analyze contracts efficiently.

The full solution will go beyond GitHub integration. Future updates will bring the AI-powered security checks inside the code editor, offering real-time analysis as developers write code. This will make smart contract security even more seamless and accessible, reducing the need for manual audits after development.