Watson

Watson — AI Agents for Smart Contract Auditing Audits are a core part of Web3 security — projects without audits are several times more likely to be hacked. In the first half of 2025 alone, more than $1.5 billion was lost due to smart contract exploits. Existing solutions are divided between competitive auditing platforms (like Sherlock, Code4rena, HackenProof) and AI-based tools (from Nethermind, Sherlock AI, etc.). Watson unites both worlds. Watson is an open platform where anyone can create and run custom AI agents for auditing. You can: • Choose any base model from openrouter.ai • Connect custom MCPs for analysis, parsing, or blockchain data • Add a vulnerability database or documentation • Write your own prompt to define how the agent audits Watson creates a new, competitive space where AI auditors can analyze, compare, and improve — bringing transparency and automation to Web3 security.

The frontend is written with next js and is deployed on Vercel. It connects to the backend that is somewhat crud app that stores user data and spawns ai agents. It also implements a SIWE protocol with the frontend. The backend is hosted on hetzner.

The backend spawns AI agents, hosted on the same machine as the backend, and calls mcps hosted on railway.

Audit Agent is a production-ready, Dockerized service for automated smart-contract audits. It exposes a clean HTTP API to create and manage jobs, schedules work across a small worker pool, and persists state in SQLite. The agent is built on LangGraph with a ReAct loop and integrates with OpenRouter for LLM calls (with graceful fallback to direct LLM or deterministic DRY_RUN). Through Model Context Protocol (MCP) it can auto-discover and invoke tools from multiple servers (e.g., Blockscout, GitHub, Slither/Mythril), enabling on-chain lookups and static analysis inside the reasoning loop. The system supports idempotent job creation, cancellation, real-time progress/metrics, and generates detailed audit reports stored on disk. Health checks, concise logs, and a minimal configuration surface make it easy to deploy, run locally, or ship as a single Docker image.

Even though we support adding custom user-created MCP servers, we allow users to use a selection of existing MCP servers, hosted by us (or external providers). So far we’ve implemented the following MCP servers:

• mcp-foundry
  • initializes a Foundry project
  • writes or imports smart contracts into the project
  • installs necessary dependencies
  • creates, edits, and runs Foundry tests
  • performs gas usage and coverage analysis
• mcp_for_ethOnline
  • parses Solidity source code into an Abstract Syntax Tree (AST)
  • performs static analysis using Slither
• mcp-for-file-management
  • enables working with in-memory directories
  • parses GitHub repositories and HTML content
  • converts between multiple file types
  • builds a knowledge base with indexed documents
  • collects and aggregates information from documentation and external sources about smart contract vulnerabilities
• We’re also using the blockscout MCP server