Our Story
It all started with a simple realization: many smart contracts, especially those used for tokens , do not open-source their code, making it incredibly difficult to audit them beforehand. This lack of transparency leaves them prone to vulnerabilities and exploitation. Moreover, it's computationally consuming to dig around the blockchain for vulnerabilities directly. Instead, we decided to locate the corresponding smart contract and decompile them after anomalies are detected, allowing us to target the root of the problem effectively. As fans of blockchain technology and Ethereum’s vibrant ecosystem, we couldn’t just sit back and watch. We wanted to make a difference.
So, we rolled up our sleeves and started exploring the world of smart contract security. It was a fascinating (and sometimes frustrating) journey through reentrancy attacks, logic flaws, and all the ways things could go wrong. We tested out tools like MythX, Slither, and CertiK, but something was missing. These tools were powerful, but they had their limits—especially when it came to speed, cost, and tackling business logic vulnerabilities. That’s when the idea for ScanGuard was born: a smarter, faster, AI-powered solution.
Building ScanGuard was like putting together a puzzle with really cool pieces. We combined Web3.js to interact with the blockchain, Ethervm to decompile bytecode, and GPT models for analyzing contracts and generating reports. The backend came together with Node.js, ensuring everything flowed smoothly. Every challenge we faced—whether it was making the system scale or training the AI to catch tricky flaws—pushed us to think creatively and work smarter.
The Challenges We Overcame
First we were unsure about if we just want to do an auto-auditing agent for smart contracts before they were deployed. We eventually decide to focus on security and logic aspects of vulnerabilities, and serve as post-incident automation, which is after the anomalies or attacks are being detected by some other AI models. Mostly we need to streamline the current tools together, while maintaining an updatable modular process. The current decompiling tools are also underdevelopment, so we also need to further prompt GPT for vulnerability reports. We wish to fine-tune the LLM model and perhaps combine with other pattern recognition algorithms in the future to target specifically on logical and security vulnerabilities.
In the end, every obstacle made us more determined to get it right. ScanGuard isn’t just another tool; it’s our way of making blockchain a safer, more trustworthy space for everyone. And honestly? We’re pretty proud of what we’ve built.
Log in or sign up for Devpost to join the conversation.