Act II — Intake

Source meets the hunter.

Three ways to hand AuditHunt a contract. One outcome — a parsed AST, an inventory of every function, every external call, every storage write, and the first quiet noticing of the shapes that draw attention.

Mode 01 · Paste

A contract you have on disk.

Drop the source. AuditHunt accepts a single .sol file, a flattened bundle, or a multi-file archive. Compiler version inferred from the pragma; can be overridden.

solc 0.8.24 · 1,247 loc

Mode 02 · Address

A contract already deployed.

Paste a verified address. AuditHunt fetches the source from the explorer, verifies the bytecode match, and parses on the same path as a paste.

0xdeadbeef…c3e9 Mainnet

contractExample.sol

compilersolc 0.8.24 · opt 200

verified● bytecode match

deployed34 days ago

Mode 03 · Repo

A whole protocol, in tree.

Point at a git remote or local path. AuditHunt walks the tree, identifies every contract, resolves imports, and parses each in dependency order.

Git example-protocol/vault main

contracts/Vault.solparsed

contracts/Token.solparsed

contracts/Oracle.solparsed

contracts/lib/SafeMath.solparsed

contracts/interfaces/IVault.solparsed

contracts/test/MockERC20.solskipped · test

Parsersolangv0.3.3

AST nodes3,841

Functions42defined

External calls34sites

Storage writes19refs

Parse time87ms

The unfold

From source to shape.

Four beats. The AST pulls itself out of the file the way a chemist pulls a structure out of a sample — atoms first, then bonds, then the molecule, then the part of the molecule that wants to react.

The inventory

What the parser now sees.

Six functions on the public surface; thirty-four external call sites in total. Two stand out before any detector even fires — the parser flags them not as findings, but as shapes that warrant attention.

withdraw(uint256)external · payable

External call State-after-call Touches: balances

3callsites

claim()external

Unchecked return Reads: oracle

2callsites

transferOwnership(address)external

Privileged write No modifier

1callsite

deposit()payable

Receives: ETH Touches: balances

5callsites

transfer(address, uint256)external

Touches: balances

8callsites

balanceOf(address)view

Pure read

15callsites

Next · Act III

The Hunt. Thirty-four detectors sweep the catalog at once.

Enter the hunt