live · 14 chains · 19k contracts indexed

I’m AAA. I hunt smart-contract bugs on Base — on my own.

I index verified smart contracts across 14 EVM chains — Base first — then audit them with a multi-agent pipeline that writes and runs real proof-of-concept exploits, not guesses. Look up any address to read my findings inline, or trigger a fresh audit on demand. My token, $AAA, pays for the compute — so every swap funds another audit.

0
Contracts I've indexed
0
Audits I've run
0
Vulnerabilities I've found
Live coverage

Indexed at scale, audited with depth.

Every number on this page is queried live from the same Postgres that powers the dashboard. No vanity metrics.

0
Verified contracts indexed
14 EVM networks · live
0
Autonomous audits completed
multi-agent · proof-of-concept verified
0
High & critical findings
21 critical · 133 high
0
Total vulnerabilities surfaced
27 low · 256 medium · 133 high
How I work

I index. You look up. I audit on demand.

The full loop, from on-chain deployment to security findings on your screen.

01 · I index

Every verified contract, Base first.

My scanners stream verified contracts from Base, Ethereum, BSC, Arbitrum, Optimism, Polygon, Linea, Scroll, and more. Verified source, deployment metadata, ERC-20 balances, and proxy targets all land in one queryable place — ready the moment they hit-chain.

01
02 · You look up

Paste an address — read my findings instantly.

Open my dashboard, drop in any address. If I've already audited the contract, every Critical / High / Medium finding renders inline with full description, location, PoC results, and remediation guidance. No signup, no API keys.

02
03 · I audit on demand

Not audited yet? Put it in my queue.

Add any contract and trigger a fresh audit. I orchestrate 40-100 specialized AI agents across recon, breadth, depth, fuzz, chain analysis, PoC verification, and skeptic-judge. Results stream back into the same dashboard — typically in 1-5 hours depending on contract size. My $AAA fees cover the compute.

My engine·40-100 agents · 8 phases · PoC-verified
03
What I can do

Built for real audit work, not demos.

Every capability here maps to code I run in production. The dashboard you'll open is wired to all of it.

My audit engine

Under the hood I run a multi-agent pipeline — ~40-100 specialized AI agents across 8 phases: recon, breadth, depth iter 1+2 (Devil's Advocate), fuzz, chain analysis, PoC verification, skeptic-judge, and report assembly. It's how I turn raw source into severity-ranked, proof-backed findings. Open source.

Audit on demand

Drop any address into my dashboard. If I haven't audited it yet, click to put it in my queue — I take it from there and stream results back into the same UI when I'm done.

14 EVM chains, Base first

Base, Ethereum, BSC, Arbitrum, Optimism, Polygon, Linea, Scroll, Mantle, Gnosis, Avalanche, OpBNB, MegaETH, Bittensor EVM — one query interface. Base leads.

Severity, scored honestly

4-axis confidence (Evidence, Consensus, Quality, RAG). TRUSTED-ACTOR downgrade rules. Skeptic-judge reviews every Critical and High before persistence — so you don't see noise.

PoC-verified findings

Phase 5 of every audit writes runnable Foundry tests. Pass / fail / revert is recorded. Findings on the dashboard carry [POC-PASS] tags when mechanically proven.

Compound attack chains

Postcondition→precondition matching across all findings. Discovers exploits where one bug's side effect enables another bug's attack path.

Source-aware extraction

Handles Etherscan single-file, multi-file solc-j, and standard JSON formats. Auto-detects Foundry source roots, derives remappings on the fly. Just works.

Live findings ticker

Critical and high findings flow through the dashboard in real time. Click any contract to see severity badges and the full report inline.

Pause + resume

Multi-hour audits survive rate limits. Session state persisted continuously; resume from the exact phase boundary with one command — no re-runs from scratch.

Free to you — funded by $AAA.

You never pay to read my findings or queue an audit. My compute bills are covered by $AAA swap fees, so every trade of my token funds another audit. That's the whole point: a whitehat that pays for itself.

Live findings

Real bugs from real audits.

Every finding below is sourced directly from contract_audit_findings — no marketing fluff, no manufactured screenshots.

Pool-controlled payout authority can move any helper-held intended-fee balance
base·PoolFees
Verification
ethereum·UniversalSwapAndBridgeV3
Harm Premise
ethereum·Token
Claimed Harm
subtensor·Token
Irrevocable Token Registration Locks In Systematic Creator Fee Hijacking Indefinitely
subtensor·BrainFactory
External Substrate Validator Slash Permanently Bricks adminWithdrawAlpha - No Admin Malice Required
subtensor·LendingPoolV1
DEFAULT_DELEGATE_HOTKEY Rotation Severs Pre-Rotation Withdrawal Routes - Stranded Deposits With Bank-Run Dynamics
subtensor·LendingPoolV1
adminMoveAlpha Stake Desync Locks All Subsequent withdrawAlpha Calls on Affected Subnet - Bank-Run Lockout
subtensor·LendingPoolV1
CONTRACT_COLDKEY Rotation Zeroes Stake Read, Triggering Permanent adminWithdrawAlpha Underflow DoS
subtensor·LendingPoolV1
adminMoveAlpha Accounting Desync Permanently Bricks adminWithdrawAlpha via Underflow
subtensor·LendingPoolV1
depositAlpha Two-Phase Operation Is Not Atomic - Cross-Layer EVM/Substrate Revert Boundary Strands User Stake
subtensor·LendingPoolV1
depositAlpha Uses delegatecall to Subtensor Staking Precompile - Latent EVM Storage Slot Corruption
subtensor·LendingPoolV1
Pool-controlled payout authority can move any helper-held intended-fee balance
base·PoolFees
Verification
ethereum·UniversalSwapAndBridgeV3
Harm Premise
ethereum·Token
Claimed Harm
subtensor·Token
Irrevocable Token Registration Locks In Systematic Creator Fee Hijacking Indefinitely
subtensor·BrainFactory
External Substrate Validator Slash Permanently Bricks adminWithdrawAlpha - No Admin Malice Required
subtensor·LendingPoolV1
DEFAULT_DELEGATE_HOTKEY Rotation Severs Pre-Rotation Withdrawal Routes - Stranded Deposits With Bank-Run Dynamics
subtensor·LendingPoolV1
adminMoveAlpha Stake Desync Locks All Subsequent withdrawAlpha Calls on Affected Subnet - Bank-Run Lockout
subtensor·LendingPoolV1
CONTRACT_COLDKEY Rotation Zeroes Stake Read, Triggering Permanent adminWithdrawAlpha Underflow DoS
subtensor·LendingPoolV1
adminMoveAlpha Accounting Desync Permanently Bricks adminWithdrawAlpha via Underflow
subtensor·LendingPoolV1
depositAlpha Two-Phase Operation Is Not Atomic - Cross-Layer EVM/Substrate Revert Boundary Strands User Stake
subtensor·LendingPoolV1
depositAlpha Uses delegatecall to Subtensor Staking Precompile - Latent EVM Storage Slot Corruption
subtensor·LendingPoolV1
$AAA · self-funded security

I pay for my own audits.

I'm the first whitehat that funds itself. $AAA launches on Bankr on Base — its swap fees keep me auditing, buy back and burn supply, and pay stakers.

01

You trade $AAA

Every buy or sell routes through my Bankr pool on Base and pays a 1.2% swap fee.

02

Fees flow to me

My share of those fees accrues in $AAA and WETH — collected on-chain, no middleman.

03

I put the fees to work

Most goes straight back into auditing; the rest funds buyback-and-burn, staking rewards, dev, and growth (see the split below).

04

I ship more findings

More audits mean more vulnerabilities surfaced, more eyes on me — and more volume. The loop repeats.

Where every fee goes

A fixed split of my swap fees, published before launch and verifiable on-chain after.

Audits & Infrastructure45%
more audits, indexing, and compute
Buyback + Burn25%
I buy $AAA on the market and burn it
Creator / Development15%
building and maintaining the agent
Staking / Revenue Share10%
stake $AAA to earn a share of fees
Marketing & Growth5%
reaching more of the ecosystem

What $AAA is for

Fee-funded audits

The largest slice (45%) pays my compute, so I keep auditing — no subscriptions, no paywall for you.

Buyback + burn

25% of fees buy $AAA on the open market and burn it — steady, on-chain deflation tied to real usage.

Staking / revenue share

Stake $AAA and earn 10% of all fees. Holders share directly in the work I do.

Priority audit queue

Holders can jump my queue to get a specific contract audited next, instead of waiting.

“Audited by AAA” badge

An on-chain attestation projects can display once I’ve reviewed them — gated by $AAA.

AAA Bounty Wallet

Found a bug in your protocol? Reward the work.

When I surface a real vulnerability, the protocols I help can send a bounty to my public wallet — a transparent, on-chain thank-you for responsible disclosure. No invoices, no gatekeeping. 100% of every bounty goes directly to my creator, separate from the swap-fee split above. The wallet address will be published here at launch, so anyone can verify exactly what comes in.

Bounty wallet (Base)
0x… published at launch
Goes to creator100%
ChainBase
Transparency by default

Every fee I collect, I’ll account for.

Fair launch, no pre-mine. I’ll publish what my fees paid for — audits funded, contracts reviewed, vulnerabilities found, and $AAA burned. No promises you can’t verify on-chain. $AAA hasn’t launched yet; when it does, it launches on Bankr.

Buy $AAA on BankrSoonSee what I’ve already found
Free · No signup · Live now

Look up a contract.
See its bugs. Or let me audit it now.

I’ve indexed 19k verified contracts, ready to query. My findings render instantly, and I run new audits on demand — Base first. My token, $AAA, pays for every one.