I built AuditBase because I was very frustrated with the quality of tools and reports from "reputable" audit firms.<p>You can scan a solidity file from your computer, verified contract from a block explorer, or integrate with github repos.<p>Under the hood, it's a python bot that downloads the source and uses Solidity ASTs to generate an analysis of the code & some machine learning for issues that can't purely be caught via static analysis.<p>There bot checks for over 400 issues in it's current state and more are getting added every week.<p>Here's an example report that the bot generated: <a href="https://app.auditbase.com/share/17229652399" rel="nofollow noreferrer">https://app.auditbase.com/share/17229652399</a><p>Building the platform has been about a year of trial and error. The hardest part was proving that it's a good tool.<p>Fortunately, Code4rena launched "bot races" and gave us a proving ground to show that the reports are quality output. It also provides an excellent feedback loop to improve the bot each week.<p>A few of the top Web3 security researchers have used the tool and provided some amazing feedback:<p>- <a href="https://twitter.com/pashovkrum/status/1707740614270271976" rel="nofollow noreferrer">https://twitter.com/pashovkrum/status/1707740614270271976</a>
- <a href="https://twitter.com/marcobesier/status/1710886639579332652" rel="nofollow noreferrer">https://twitter.com/marcobesier/status/1710886639579332652</a><p>Current focus is improving the bot and successfully executing the pilot we have going with a few well-known audit firms.<p>Let me know what you think and if you have any questions. Thank you!