Analysis stages
This page describes stages in user terms. Timings vary by repository size and configuration.
1. Code understanding
Section titled “1. Code understanding”Guardix ingests your snapshot and builds:
- A high-level map of contracts, modules, and dependencies
- Notes on how the system is intended to behave (for example, invariants and assumptions)
This stage is architecture-first: context before a flood of findings.
2. Static and pattern analysis
Section titled “2. Static and pattern analysis”Multiple automated checks run over the codebase:
- Classic static analyzers for common bug classes
- Structured reviews across many security categories (broad coverage across typical Solidity risk areas)
Outputs are hypotheses and candidates — not yet the final prioritized list.
3. Consolidation
Section titled “3. Consolidation”Candidate issues are normalized, deduplicated, and merged where they describe the same underlying problem. You see one coherent issue per real root cause when possible.
4. Cross-validation
Section titled “4. Cross-validation”See Validation — multiple independent engines compare and challenge findings to improve precision and confidence.
5. Outputs to the dashboard
Section titled “5. Outputs to the dashboard”You receive:
- Findings with severity and confidence
- Evidence (code pointers, rationale)
- System analysis artifacts when surfaced (e.g. invariants, decisions)
Optional: exploit path
Section titled “Optional: exploit path”If enabled for your workspace, a separate exploit verification flow may run after the core audit. See Exploit verification.