Hashlock AI Auditor:
AI-Powered Smart Contract Auditing
An AI security platform that audits smart contracts automatically. It runs a 5-step workflow to find vulnerabilities, generates interactive reports, and gives admins control over models and audits.
Stack
Next.js, Mastra, tRPC, Neon PostgreSQL
Role
Full-Stack Design & Development
Scope
Design, Frontend, Backend, AI Workflows, Infrastructure
The Mission
“To make smart contract security open to every developer — AI-powered detection that brings the depth of manual audits to free, automated tooling.”
Core Objectives
- Multi-language smart contract analysis across Solidity, Rust, and Vyper
- RAG-enhanced AI workflow with curated vulnerability knowledge bases
- Interactive audit reports with severity-grouped findings and remediation guidance
- Admin controls for model configuration, user management, and audit recovery
The Challenge
Smart contract audits are expensive, slow, and hard to access. Most developers ship unaudited code because manual audits cost tens of thousands and take weeks. Existing tools produce shallow results — pattern matching without the context that makes manual audits useful. Hashlock needed a platform that could match audit-grade depth at zero cost, across three languages, without cutting corners.
The AI workflow had to run a multi-step pipeline: contract analysis, call graph generation, RAG-based retrieval, and structured findings. Each step needed error handling, suspend/resume, and timeout control. Three contract languages (Solidity, Rust, Vyper) meant 60+ curated vulnerability patterns and language-specific prompts, all running serverless on Neon PostgreSQL and Vercel.
What We Built
AI Audit Workflow Engine
A 5-step Mastra pipeline: analyse the contract, build a call graph, retrieve known flaws via RAG, generate structured findings, and prepare the report. Supports suspend/resume, timeouts, and token budgeting to stay within model limits.
RAG-Enhanced Vulnerability Detection
A curated set of 60+ vulnerability patterns across Solidity, Rust, and Vyper. Compiled from community research and loaded per audit so the AI gives grounded analysis, not generic matches.
Interactive Audit Reports
Issues grouped by severity with expandable detail, call graph visuals via Viz.js, proof-of-concept examples, fix suggestions, and a built-in chat for follow-up questions.
Admin Dashboard & Platform Infrastructure
Switch models between Anthropic and OpenAI, manage user roles, debug and resume failed audits, and run surveys. Deployed on Vercel with Neon PostgreSQL and Clerk auth.
Technical Architecture
Turborepo monorepo with a Next.js 15 app, tRPC v11 for type-safe APIs, and Drizzle ORM on Neon PostgreSQL. Mastra handles AI workflows across Claude and OpenAI. Auth via Clerk, deployed on Vercel, errors tracked in Sentry, and a Docusaurus docs site for internal knowledge.
Real Impact.
Hashlock AI Auditor delivered a full-stack AI security platform — automating smart contract vulnerability detection across three contract languages with RAG-enhanced analysis, structured reporting, and configurable model infrastructure.
- Contract Languages
- 3
- Vulnerability Patterns
- 60+
- AI Pipeline
- 5-Step
- Delivery
- Multi-Phase
