Security audit

Smart contract security audit

Guardix audits the full repository — not isolated contract files. Connect GitHub, lock the exact branch and commit, and get validated findings with architecture context and shareable reports.

Start free audit See how it works

How it works

Architecture-first analysis. Multi-model validation.

The pipeline understands your system before looking for issues. Findings are validated across independent model perspectives — only high-confidence issues reach the report.

Architecture-first understanding

Maps contracts, invariants, assumptions, and design decisions before looking for vulnerabilities. Findings are grounded in what the system is supposed to do.

Broad parallel static analysis

Multiple independent model perspectives analyze the codebase in parallel — reentrancy, access control, oracle risks, logic errors, and more. Each runs its own analysis without seeing the others.

Multi-model consensus

Findings are cross-validated across models. Only issues with independent agreement and high confidence reach the final report — dramatically reducing false positives.

Exploit verification

Critical findings are tested against a forked mainnet chain. If the exploit executes, you know it's real — not a false positive. Automated, reproducible, verifiable.

Real findings

Prioritized findings with severity, code location, and validation confidence.

Every issue includes the exact file path, code snippet, severity assessment, and multi-model consensus — not vague descriptions of what could go wrong.

Findings · 36 totalowner/vault-core
3critical
7high
17medium
7low
2info

Unchecked external callback before balance update

security bug·Vault
validatedVault.solcritical

Admin rotation bypasses role boundary

access control·AdminHub
validatedAdminHub.solhigh

Invariant drift between queue state and accounting

economic risk·QueueManager
validatedQueueManager.solhigh

Unchecked transfer return value hides failure

best practice·Treasury
Treasury.solmedium
Architecture artifactsowner/vault-core
INV-001state

Total supply must equal sum of individual balances at all times

Threat if broken

Direct loss of depositor funds

INV-002ordering

Queue state transitions must be monotonic: pending → processing → done

Threat if broken

Double-processing of withdrawals

INV-003external

Oracle price feeds assumed fresh within 1-hour staleness window

Threat if broken

Incorrect liquidation at stale prices

INV-004access

Admin role changes cannot bypass timelock constraints

Threat if broken

Unauthorized privilege escalation

Architecture context

Findings grounded in invariants, assumptions, and design decisions.

The audit maps the system architecture first — contract relationships, state flows, and design boundaries. Findings reference this context, making them easier to trust and fix.

DeFi: vaults, routers, oracles, liquidation paths
RWA: treasury, permissions, settlement controls
Governance: upgrades, timelocks, role management

Reports & sharing

Versioned reports for engineers and stakeholders.

Share a versioned report link or export a PDF. Stakeholders see the same data engineers are reviewing — no separate deliverable, no translation layer.

Report & shareowner/vault-core
e7b2f4aMar 12Completedlatest
c91d3e8Mar 8Completed
a3f8c1dMar 6Completed

stonevault/vault-core

share link

Share a versioned report that stays tied to the scan version — stakeholders see the same data engineers are reviewing.

C:3H:7M:17L:7I:2

First audit free. No credit card required.

Connect a GitHub repository, review validated findings, and share reports — all from one dashboard.

Start free auditCompare with manual audits