Skip to main content

Frequently Asked Questions

Common questions about FirePan, smart contract security, and our platform.

General

What is FirePan?

FirePan is an AI-powered smart contract security platform. We provide continuous security monitoring, automated vulnerability scanning, and comprehensive audits for Solidity and Vyper codebases.

How is FirePan different from traditional audits?

Traditional audits are point-in-time assessments. You get a report, fix issues, and hope nothing changes. FirePan provides continuous security:

TraditionalFirePan
One-time reviewOngoing monitoring
Weeks of waitingResults in minutes
Static reportLiving dashboard
Manual onlyAI + human hybrid

What languages do you support?

Currently, we support:

  • Solidity (all versions)
  • Vyper (all versions)

Support for other smart contract languages (Cairo, Move) is planned.

Do you support all blockchain networks?

We analyze source code, so we support any EVM-compatible chain:

  • Ethereum
  • Polygon
  • Arbitrum
  • Optimism
  • Base
  • BSC
  • Avalanche
  • And more

Security & Privacy

Is my code secure?

Yes. We take code security seriously:

  • Code is analyzed in ephemeral containers
  • No persistent storage of source code
  • Results are encrypted at rest
  • Access is authenticated and authorized
  • SOC 2 compliance (in progress)

Do you store my source code?

No. Source code is only held in memory during analysis. We store:

  • Scan results and findings
  • Metadata (file names, line numbers)
  • Your configuration and preferences

Your actual source code is never persistently stored.

Can I use FirePan for private repositories?

Yes. Our GitHub App requests only the permissions needed to read your code. Private repository contents are never exposed.

Who can see my scan results?

Only your team members can see results. Scan results are:

  • Tied to your organization
  • Access-controlled by role
  • Never shared with third parties
  • Never used to train AI models

Getting Started

How do I get started?

  1. Sign up at app.firepan.com
  2. Install our GitHub App
  3. Connect your repositories
  4. Done! Scans run automatically

See our Quickstart for detailed instructions.

How can I try FirePan?

Book a demo and we'll walk you through the platform with a live scan of your repositories.

Scans & Audits

What's the difference between a scan and an audit?

ScanAudit
~2 secondsMinutes to hours
Pattern matching + AIDeep autonomous analysis
5 LLM calls1000+ LLM calls
Quick triageComprehensive review
Included in all plansLimited per plan

How often should I scan?

We recommend:

  • Every PR - Catch issues before they merge
  • Daily - For active development
  • Weekly - For stable codebases

What does the risk score mean?

ScoreLevelMeaning
70-100CriticalMajor issues, investigate immediately
50-69HighSignificant findings, address soon
25-49MediumSome issues worth noting
0-24LowMinor findings, typical for mature code

Why do battle-tested contracts show vulnerabilities?

Pattern-based scanning is intentionally sensitive. Well-audited code like OpenZeppelin may show findings that are:

  • Intentional design decisions
  • False positives from regex limitations
  • Patterns that look risky but are properly mitigated

Always verify findings before acting on them.

Pricing & Billing

How are scans counted?

A scan is counted when:

  • You manually trigger a scan
  • A PR check runs
  • A scheduled scan executes

What happens if I exceed my limits?

  • Scans: Additional scans are $0.05 each
  • Audits: Additional deep audits are $25 each
  • Repositories: Contact us to adjust your plan

Can I cancel anytime?

Yes. Cancel anytime from your dashboard. You'll retain access until the end of your billing period.

Do you offer refunds?

If you're unhappy within 30 days of purchase, contact us for a prorated refund.

Technical

Does FirePan work with CI/CD?

Yes! We support:

  • GitHub Actions - Native integration
  • GitLab CI - Via container image
  • Other CI - Via API or CLI

See CI/CD Integration for details.

Can I run FirePan locally?

Yes. The FirePan CLI runs anywhere:

pip install firepan-cli
firepan login
firepan scan /path/to/contracts

Does FirePan work offline?

FirePan requires an internet connection for AI-powered analysis. The CLI authenticates with your FirePan account and uses our API for scanning.

Enterprise

Do you offer enterprise plans?

Yes. Enterprise plans include:

  • Custom repository limits
  • Dedicated security engineer
  • Custom detector development
  • SLA guarantees
  • SSO integration

Contact sales for details.

Can you run in our cloud?

Yes. Enterprise customers can deploy FirePan in their own infrastructure:

  • AWS
  • GCP
  • Azure
  • On-premises

Do you offer security retainers?

Yes. After a boutique audit, you can retain our security team for:

  • Ongoing review of changes
  • Rapid response to incidents
  • Security consultation

Still Have Questions?