AuditAid blog
Vulnerability deep-dives, audit methodology, and what we learn building an AI auditor for Solidity and zero-knowledge systems.
Ethereum's most prolific sandwich bot was drained for ~$7.5M — not by a key leak or a protocol bug, but by its own profit logic. A technical post-mortem: what the on-chain transfers reveal, the assumptions that got it drained, and why 'approve exact amounts' wouldn't have saved it.
June 24, 2026 · 10 min read
Why we report an independent benchmark instead of one we wrote ourselves, what 88% recall and ~1 false positive per 400 lines actually mean, and the architecture behind both — finding more real bugs while cutting the noise that wastes auditor and developer time.
June 24, 2026 · 11 min read
A technical look at why zero-knowledge circuits are hard to audit, where LLMs genuinely help and where they fail, and how an agentic harness — tool-grounded, decomposed, and verification-gated — turns an unreliable model into a dependable reviewer.
June 22, 2026 · 12 min read
