Deep Audit

FirePan's deep audit feature provides comprehensive, autonomous security analysis that goes far beyond pattern matching.

Overview

While Surface Scan quickly identifies potential issues, Deep Audit performs a thorough security analysis using our autonomous agent technology.

Feature	Surface Scan	Deep Audit
Analysis depth	Pattern matching + AI verification	Multi-pass autonomous analysis
Time	~2 seconds	Minutes to hours
LLM calls	5 (default)	1000+
Use case	Quick triage	Pre-launch security
Output	Risk score + findings	Comprehensive report with PoCs

How Deep Audit Works

Knowledge Graph Construction

The audit agent builds a knowledge graph of your contracts:

┌──────────────────────────────────────────────────────────┐
│                  Knowledge Graph                          │
├──────────────────────────────────────────────────────────┤
│  Contracts ─────────────────────────────────────────────  │
│     │                                                     │
│     ├── Inheritance relationships                         │
│     ├── Interface implementations                         │
│     └── Library dependencies                              │
│                                                           │
│  Functions ─────────────────────────────────────────────  │
│     │                                                     │
│     ├── Call graphs (internal + external)                 │
│     ├── State variable access patterns                    │
│     └── Modifier chains                                   │
│                                                           │
│  Data Flow ─────────────────────────────────────────────  │
│     │                                                     │
│     ├── User input → state changes                        │
│     ├── Cross-contract interactions                       │
│     └── Privilege escalation paths                        │
└──────────────────────────────────────────────────────────┘

Autonomous Analysis Agents

Multiple specialized agents analyze your code:

Agent	Focus
Strategist	High-level attack surface analysis
Scout	Deep code exploration and pattern recognition
Exploiter	Exploit hypothesis generation and validation
Verifier	Finding confirmation and false positive elimination

Exploit Hypothesis Generation

The agent generates and tests hypotheses:

Identify attack surfaces - External functions, privileged operations
Generate hypotheses - "What if an attacker could..."
Trace execution paths - Follow the code to validate/invalidate
Build proof of concepts - Where feasible, create reproducible exploits

Running a Deep Audit

Via CLI

# Create a project
firepan project create myproject /path/to/contracts

# Build the knowledge graph
firepan graph build myproject --init --iterations 1

# Run the autonomous audit
firepan agent audit myproject

# Generate the report
firepan report myproject --format html

Via Platform

Connect your repository in the dashboard
Click "Run Deep Audit" on your project
Monitor progress in real-time
Download the comprehensive report

What Deep Audit Finds

Beyond Pattern Matching

Deep Audit catches issues that static patterns miss:

Category	Examples
Logic bugs	Incorrect state transitions, missing validations
Economic attacks	Price manipulation, flash loan exploits
Access control	Privilege escalation, admin backdoors
Integration risks	Oracle manipulation, callback reentrancy
Upgrade risks	Storage collisions, initialization issues

Report Contents

A deep audit report includes:

Executive Summary - High-level findings and risk assessment
Detailed Findings - Each issue with severity, impact, and remediation
Proof of Concepts - Reproducible exploit code where applicable
Recommended Invariants - Tests you should add to your suite
Code Quality Notes - Best practices and improvements

SaaS Platform Quotas

Deep audits are included in all platform tiers:

Tier	Deep Audits/Month
Starter	1
Professional	3
Enterprise	10

Need more? Contact sales for custom quotas.

Boutique Audits

For critical launches requiring human oversight, our Boutique Audit service combines:

AI-powered deep analysis (1000+ LLM calls)
Human validation by senior auditors
Extended review periods
Direct communication channels
Fix verification reruns

Best Practices

When to Use Deep Audit

Pre-launch - Before deploying new contracts
Major upgrades - Significant code changes
Integration changes - New external dependencies
Periodic review - Quarterly security checks

Preparing for Audit

Clean build - Ensure your contracts compile without errors
Documentation - NatSpec comments help the AI understand intent
Test coverage - Existing tests provide context for expected behavior
Known issues - Document any accepted risks or intentional patterns

Next Steps

Pricing - See audit quotas by tier
CI/CD Integration - Automate security in your workflow
CLI Reference - Full command documentation

Overview​

How Deep Audit Works​

Knowledge Graph Construction​

Autonomous Analysis Agents​

Exploit Hypothesis Generation​

Running a Deep Audit​

Via CLI​

Via Platform​

What Deep Audit Finds​

Beyond Pattern Matching​

Report Contents​

SaaS Platform Quotas​

Boutique Audits​

Best Practices​

When to Use Deep Audit​

Preparing for Audit​

Next Steps​