Shepherd

What We're Building
Why We're Building it
Architecture
AI Agents System

Inspiration

The rise of decentralized finance (DeFi) and smart contracts has revolutionized financial systems but has also exposed major security vulnerabilities. Incidents like the Poly Network hack, where over $600 million was stolen, show that current static auditing methods fall short. Our goal with Shepherd was to build a dynamic, affordable solution to test smart contracts in real-world environments, offering a proactive layer of defense.

What it does

Shepherd simulates real-world attack scenarios on smart contracts, using multiple specialized agents to uncover vulnerabilities. Planner agents craft attack strategies, executor agents execute the attacks, and reflection agents learn from outcomes to refine strategies continuously. This system identifies weaknesses that static audits miss, offering real-time protection against advanced threats like reentrancy and logic manipulation.

How we built it

Shepherd uses a multi-agent system (MAS) framework built on LangChain. Planner agents, informed by the AI model WhiteRabbitNeo, generate attack plans. Executor agents test these attacks in real environments, while reflection agents learn and adapt from their results, creating an iterative feedback loop. This setup allows Shepherd to simulate complex contract interactions and evolve its strategies over time.

Challenges we ran into

One of the biggest challenges was the unexpectedly high gas fees on the Sepolia testnet, which limited our ability to fully test certain attacks. With limited testnet tokens, we had to carefully balance testing and optimization to avoid exhausting our resources too early in the testing phase.

Accomplishments that we're proud of

We’re proud of building a system that goes beyond static auditing, allowing for dynamic, real-world testing. Shepherd successfully identified vulnerabilities that would be difficult to find through traditional methods, and the MAS framework's adaptability has shown significant promise in enhancing contract security.

What we learned

This project highlighted the importance of real-time adaptability in security testing. Modern smart contract vulnerabilities aren’t just code exploits—they often involve complex, multi-step logic manipulation. By continuously evolving through reflection and learning, Shepherd can identify critical weaknesses that static audits miss.

What's next for Shepherd

We plan to enhance Shepherd’s MAS architecture by incorporating Deep Q-Learning to make the system even more intelligent and autonomous. Expanding its capabilities to work across multiple blockchains and supporting more complex cross-chain vulnerabilities are also key goals. As the decentralized space grows, we want Shepherd to be a critical tool in defending against the most advanced threats.

Built With

abi
agents
bytecode
flask
langchain
langgraph
mas
mongodb
react
solidity

Submitted to

Cerebral Beach Hacks – LA Tech Week 2024 Kickoff Hackathon
- Winner 2nd Place- Cybersecurity: Reinventing Digital Defense (Sponsored by Kindo AI)

Created by

i wrangled with agents and ended up questioning the meaning of life

Vincent Vu
I worked on the Frontend using React and Typescript, the integration of APIs using Flask Backend

Atharva Auti
I am a passionate cybersecurity enthusiast pursuing a MS in Cybersecurity Engineering at USC. I like researching & developing projects!
I explored ways to architect a multi-agent system.

Felicia Xiao
pete petec
Prim Boonyachai