This repository contains an AI-assisted audit toolkit for Solidity smart contracts. It checks contracts for compliance with the Flap VaultPortal specification and common security vulnerabilities.
scope/ ← Drop your contract(s) here before auditing
prelude/ ← Reference interfaces and base contracts
rules/ ← Flap-specific compliance rules applied during every audit
.github/
prompts/
solidity-audit.prompt.md ← The audit prompt (VS Code Copilot)
Copy your Solidity source file(s) into the scope/ folder:
cp MyVault.sol scope/
Multiple files are supported. If your contract imports base contracts that exist in prelude/, the auditor will resolve them automatically (import paths do not need to match exactly).
-
Open this workspace in VS Code.
-
Open the Copilot Chat panel.
-
Run the built-in audit slash command:
/solidity-audit -
Copilot will read the rules, analyze every file in
scope/, and write a report namedaudit_<model>.mdin the workspace root.
We recommend running the audit with at least 3 different models to get diverse perspectives:
- Claude Sonnet 4 / Opus
- Google Gemini Pro 2.5 / 3
- ChatGPT / Codex
-
Start a new conversation with your AI tool.
-
Upload or paste the following files:
.github/prompts/solidity-audit.prompt.md— the audit instructions- Your contract(s) from
scope/ - Any relevant base contracts from
prelude/that your contract inherits - The rule files from
rules/
-
Then send this message:
Read
solidity-audit.prompt.mdand perform the task described in it.
Each audit run produces a Markdown report in the workspace root, for example:
audit_claude_sonnet_4.md
audit_google_gemini_pro_3.md
The report covers:
- Critical / High — rule violations, reentrancy, access control, fund-loss bugs
- Medium — input validation, race conditions, unchecked calls
- Low / Info — gas optimizations, code quality, missing events
Reports are AI-generated. Always have a human auditor review the findings before deploying to production.