Snitch
AI-powered on-chain audit scores for smart contracts—trustless, instant, cross-chain.
Project Description
Snitch is an AI-powered platform designed to automatically audit smart contracts by directly connecting to a user’s GitHub repository. The AI agent performs in-depth analysis of the smart contracts, covering crucial aspects such as access control vulnerabilities, gas and storage optimization, logical correctness, and potential security flaws. It identifies issues early in the development cycle and provides actionable recommendations to fix them, streamlining the audit process.
Instead of traditional audits that are often manual, slow, and delivered as static, easily overlooked PDF reports, Snitch generates real-time, comprehensive audit reports. These reports are translated into audit scores that reflect the security posture of the smart contracts.
The audit scores are then stored immutably on a central registry deployed on the Flow blockchain. This on-chain storage ensures that audit data is transparent, tamper-proof, and publicly verifiable by anyone, eliminating the need to trust centralized auditors or intermediaries. Protocols, developers, and users can reference these audit scores directly on-chain to assess the trustworthiness and robustness of smart contracts before interacting with them.
By combining AI-driven automated audits with trustless on-chain score storage, Snitch significantly improves the speed, transparency, and reliability of smart contract security verification, empowering the Web3 ecosystem with higher confidence and reduced risk.
How it's Made
Users connect their GitHub repos via OAuth, and Snitch listens for push events using GitHub Webhooks. This triggers real-time scanning of new commits or PRs. The audit agent runs automatically as part of a backend CI pipeline, delivering instant feedback to the platform UI and updating the audit score dynamically.
The audit scores and reports are stored on Flow blockchain to leverage its scalability, fast finality, and developer-friendly environment. A central registry smart contract holds immutable audit records, indexed by smart contract addresses and GitHub repo hashes for easy lookup.
Instead of storing full audit reports on-chain (costly), only succinct audit scores and essential metadata are stored. Detailed reports are off-chain but cryptographically linked via hashes.
