The smart contract security knowledge base.
Every HIGH/CRITICAL finding. Every major hack. All linked, classified, and queryable.
Structured · Obsidian wikilinks · Deep taxonomy · 10+ tag axes · 100% Node.js · one npm install
AuditVault is an Obsidian knowledge base for smart contract security research.
It aggregates audit findings and DeFi hack post-mortems, enriches them with a deep classification
taxonomy, and links everything together - protocols to auditors, findings to bug patterns, hacks to attack vectors.
Think of it as searchable institutional memory for security researchers.
| Directory | Source | Content |
|---|---|---|
findings/ |
Solodit/Cyfrin, Frankcastleauditor, Auditware | HIGH/CRITICAL findings |
hacks/ |
rekt.news | Hacks with confirmed loss |
auditors/ |
Generated | Per-auditor profiles with stats |
protocols/ |
Generated | Per-protocol pages with tags |
classifications/ |
Hand-curated | Full vulnerability taxonomy |
Every finding is tagged across 10+ axes - queryable in Obsidian via tags, graph view, or Dataview.
tags:
- severity/high
- lang/solidity
- blockchain/evm
- sector/lending
- platform/code4rena
- has/poc
- vuln/reentrancy/read-only
- impact/loss-of-funds/direct-drain
- trigger/flash-loan
- precondition/flash-loan-available
- fix/use-reentrancy-guard
- novelty/known-pattern
- blast-radius/protocol-wide
protocol: "[[Aave]]"
auditors:
- "[[trust]]"
report: "https://github.com/..."Requires Obsidian (free). Clone and open as vault.
git clone https://github.com/forefy/AuditVault
The vault-admin/crawler/ directory is a pure Node.js pipeline that keeps the vault fresh.
All scripts are re-run safe - they skip files that already exist or are already tagged.
cd vault-admin/crawler && npm install# Scrape
node scrape_all.js # Solodit/Cyfrin findings
node scrape_rekt.js # rekt.news hacks
GITHUB_TOKEN=... node scrape_github_audits.js
# Tag
node tag_new.js # frontmatter for new findings
node tag_vault.js # protocol/ sector tags
node tag_report_lang.js # lang/ tags from GitHub report sources
node tag_report_sector.js # sector/ tags (content + report fallback)
node tag_bugs.js # vuln/ impact/ trigger/ full taxonomy
# Enrich
node normalize_protocols.js # protocol: raw strings → [[WikiLink]]
node tag_protocols.js # tag protocol pages from proto_data.json
node gen_auditor_profiles.js # rebuild auditors/ profiles
forefy |
PRs welcome - new classification rules, manual overrides, scraper improvements, or additional sources.