Layered defense.
Double confirmation.
Most tools hand you a list of alerts and leave triage to you. The Attestor engine flips the order: every high-risk finding has to be confirmed by independent sources before it reaches the report.
Four layers, zero shortcuts.
Preprocessing
The whole codebase is normalized and mapped. We pinpoint the critical paths, the places where value moves, and the external calls. That is the ground the analysis works on.
Static analysis
Established tooling sweeps the code as ground truth. This layer is strong on known patterns: reentrancy, unchecked calls, time manipulation.
AI validation in parallel
Specialized validators per vulnerability class read the contract in parallel. Each one hunts a family of bugs. This is where the findings that static alone cannot catch show up: business logic, front-running, oracle manipulation.
Aggregation with double confirmation
A high or critical finding only makes it into the report when confirmed by at least two independent sources. That is the core rule separating signal from noise.
The classes that matter.
Reentrancy
Cross-function, cross-contract, and read-only. The classic that drains funds when an external call hands control back mid-operation.
Arithmetic
Overflow, underflow, unsafe casts, divide-before-multiply, and rounding errors in financial calculations.
Business logic
What no tool catches alone: broken economic invariants, front-running, oracle manipulation, ordering of operations. It depends on understanding intent.
Signature and crypto
ECDSA malleability, ecrecover returning zero, replay without a nonce or deadline, precompile misuse. A signature bypass means drained funds.
Access control
Missing modifiers, confusion between caller and origin, exposed initializers in proxies, delegatecall with a controllable destination.
Measured, not promised.
The engine is calibrated against a public set of contracts with known vulnerabilities. Numbers are published, not invented.
of reported findings were real
of known vulnerabilities detected
balance between precision and coverage
Calibration set: SmartBugs Curated (143 contracts). The AI layer closes the gaps that static leaves on arithmetic, business logic, and front-running.