Gecko

Gecko overcomes the drawbacks of traditional AI auditors by providing enhanced context and deeper analysis for smart contract vulnerabilities. Unlike existing projects, Gecko uses custom security tools to increase code coverage, and enable it to discover harder to find bugs and reduce false positives by exploiting the potential vulnerabilities. It simulates a hacker's intuition through a novel vulnerability mining engine powered by LLMs, requiring no pre-built knowledge base or fine-tuning.

The system can analyze both Solidity and Cairo smart contracts, by using a custom static analyser and parser with an LLM interface. This interface provides context to the auditing agents, helping them uncover bugs that lie deep in contract execution. Gecko uses an autonomous, stateful hybrid fuzzer that combines symbolic execution with traditional fuzzing techniques. This fuzzer, guided by LLMs, generates relevant inputs and writes test cases autonomously to further increase code coverage.

Gecko lowers the barrier to comprehensive and high-coverage audits, which are traditionally very expensive. It provides a scalable, continuous, and transparent solution for identifying vulnerabilities at scale. We benchmark Gecko against existing tools and show that it’s capable of uncovering logical bugs that other methods often miss.

Gecko is an autonomous multi-agent AI auditor built using OpenAI’s GPT-4o-mini for vulnerability detection in Solidity and Cairo smart contracts. It integrates custom security tools, including a static analyser, a custom Solidity grammar parser, and a modified Crytic Caracal for Cairo, with an LLM-powered hybrid fuzzer that combines symbolic execution and traditional fuzzing. PostgreSQL is used for backend storage. The LLMs autonomously generate test cases and inputs, increasing code coverage and reducing false positives without requiring a pre-built knowledge base. The frontend, built with next.js, provides a user interface for contract uploads and report viewing.