How It Works
FirePan combines AI-powered analysis with human expertise to deliver comprehensive smart contract security.
The AI + Human Hybrid
Our approach leverages the strengths of both automated and manual analysis:
┌─────────────────────────────────────────────────────────┐
│ Your Repository │
└─────────────────┬───────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────┐
│ Static Pattern Analysis │
│ • 15+ vulnerability patterns │
│ • Solidity/Vyper support │
│ • Sub-second execution │
└─────────────────┬───────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────┐
│ AI Verification Layer │
│ • LLM-powered false positive filtering │
│ • Context-aware analysis │
│ • Exploit hypothesis generation │
└─────────────────┬───────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────┐
│ Human Review (Audits) │
│ • Senior auditor validation │
│ • Complex logic analysis │
│ • Business context consideration │
└─────────────────┬───────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────┐
│ Actionable Report │
│ • Prioritized findings │
│ • Remediation guidance │
│ • Code snippets and fix suggestions │
└─────────────────────────────────────────────────────────┘
Analysis Pipeline
Stage 1: Pattern Detection
Our scanner runs 15+ security patterns against your codebase:
| Category | Examples |
|---|---|
| Critical | Unprotected selfdestruct, delegatecall to untrusted targets |
| High | Reentrancy, tx.origin authentication, unchecked calls |
| Medium | Missing access control, frontrunning risks, oracle dependencies |
| Low | Deprecated patterns, missing visibility specifiers |
This stage completes in ~2 seconds per repository.
Stage 2: AI Verification
Raw pattern matches include false positives. Our AI layer:
- Analyzes context - Is this pattern actually exploitable?
- Checks mitigations - Are there guards the regex missed?
- Prioritizes findings - Which issues matter most?
This reduces false positives by 60-80% while maintaining high recall.
Stage 3: Deep Analysis (Audits)
For comprehensive audits, our autonomous agent:
- Builds knowledge graphs of contract interactions
- Generates exploit hypotheses based on attack patterns
- Tests invariants to find logic bugs
- Simulates attack scenarios across contract boundaries
Stage 4: Human Validation
For boutique audits, senior auditors:
- Review AI-generated findings
- Analyze complex business logic
- Verify exploit feasibility
- Write detailed remediation guidance
Continuous Monitoring
Beyond one-time scans, FirePan provides:
PR Checks
Every pull request triggers a security scan:
# Example GitHub Action
- name: FirePan Security Check
uses: firepan-labs/security-action@v1
with:
fail-on: critical
Dashboard Alerts
Get notified when:
- New vulnerabilities are detected
- Risk scores change significantly
- Dependencies have known issues
- Findings are resolved
Trend Analysis
Track your security posture over time:
- Finding counts by severity
- Time to remediation
- Code quality metrics
- Coverage statistics
Security Guarantees
Data Privacy
- Code is analyzed in ephemeral containers
- No persistent storage of your source code
- Results are encrypted at rest
- SOC 2 compliance (in progress)
Accuracy
- 95%+ recall on known vulnerability patterns
- AI verification reduces false positives
- Human review for critical decisions
- Continuous pattern updates
Next Steps
- Surface Scan - Quick vulnerability scanning
- Deep Audit - Comprehensive security analysis
- CI/CD Integration - Automate your security workflow