Security Analysis & Insights

Motivation

Smart contract security has evolved significantly, yet many deployed contracts remain vulnerable. While automated tools cannot replace expert auditors, they provde an additional protection:

Many projects deployed without any analysis
Legacy contracts not evaluated with modern tools
Historical vulnerabilities can be prevented by today's tooling
Projects not keeping up with security tool advancements

The emergence of AI technology has transformed this landscape further. By combining traditional security approaches with AI:

Better interpretation of analysis results
Reduced false positives through context awareness
Enhanced pattern recognition across codebases
Automated verification of complex calculations
Improved documentation analysis

This synergy creates an opportunity: as automated tools enhanced by AI handle common vulnerabilities, auditors can focus on complex attack vectors and novel exploitation methods. Modern security tools are becoming increasingly sophisticated, providing a strong first line of defense against well-known issues.

Security Pyramid

Security can be easily presented on a pyramid. Each pyramid layer builds upon the previous ones, with the foundation providing the greatest security impact for the lowest cost. As we move up the pyramid, the methods become more specialized and resource-intensive, while potentially finding fewer but more complex issues.

Level

Practice

Characteristics

Resource Cost

4️⃣ TOP

Manual Auditing

• Complex vulnerability detection • Context-aware assessment • Deep security expertise

Most Intensive 🔴

3️⃣

Dynamic Testing

• Fuzzing • Integration tests • Property verification

High Investment 🟠

2️⃣

Static Analysis

• Fast & automated • Cost-effective • Early detection

Good ROI 🟢

1️⃣ BASE

Good Practices

• Peer reviews • Unit testing (95%+) • Documentation • Version control

Best Impact/Cost 🔵

Automated Detection

Static analysis tools serve as the first line of defense after good practices:

Quick identification of common vulnerabilities
Cost-effective compared to manual review
Supports, but does not replace, human expertise

Wake Framework Findings

The Wake Framework's core capabilities have already proven effective, discovering these vulnerabilities:

Vulnerability

Severity

Project

Method

Profit & loss accounted twice

Critical

IPOR

Fuzz test

Loan refinancing reentrancy

Critical

PWN

Detector

Incorrect optimization in loan refinancing

Critical

PWN

Fuzz test

Console permanent denial of service

High

Brahma

Fuzz test

Swap unwinding formula error

High

IPOR

Fuzz test

Swap unwinding fee accounted twice

High

IPOR

Fuzz test

Incorrect event data

High

Solady

Integration test

These findings demonstrate Wakehacker's effectiveness in detecting critical and high-severity issues across major DeFi protocols through various testing methods. Each vulnerability was discovered during actual security audits and has been properly documented and fixed.

PreviousAgentic Security Model NextWake Framework as engine for AI

Last updated 2 months ago

Motivation

Smart contract security has evolved significantly, yet many deployed contracts remain vulnerable. While automated tools cannot replace expert auditors, they provde an additional protection:

Many projects deployed without any analysis

Legacy contracts not evaluated with modern tools

Historical vulnerabilities can be prevented by today's tooling

Projects not keeping up with security tool advancements

The emergence of AI technology has transformed this landscape further. By combining traditional security approaches with AI:

Better interpretation of analysis results

Reduced false positives through context awareness

Enhanced pattern recognition across codebases

Automated verification of complex calculations

Improved documentation analysis

Security Pyramid

Level

Practice

Characteristics

Resource Cost

4️⃣ TOP

Manual Auditing

• Complex vulnerability detection • Context-aware assessment • Deep security expertise

Most Intensive 🔴

3️⃣

Dynamic Testing

• Fuzzing • Integration tests • Property verification

High Investment 🟠

2️⃣

Static Analysis

• Fast & automated • Cost-effective • Early detection

Good ROI 🟢

1️⃣ BASE

Good Practices

• Peer reviews • Unit testing (95%+) • Documentation • Version control

Best Impact/Cost 🔵

Wake Framework Findings

The Wake Framework's core capabilities have already proven effective, discovering these vulnerabilities:

Vulnerability

Severity

Project

Method

Profit & loss accounted twice

Critical

IPOR

Fuzz test

Loan refinancing reentrancy

Critical

PWN

Detector

Incorrect optimization in loan refinancing

Critical

PWN

Fuzz test

Console permanent denial of service

High

Brahma

Fuzz test

Swap unwinding formula error

High

IPOR

Fuzz test

Swap unwinding fee accounted twice

High

IPOR

Fuzz test

Incorrect event data

High

Solady

Integration test

[Source: ]