DappAuditFlow is an educational and experimental project aimed at exploring the power of LangGraph and generative AI applications for analyzing and optimizing Solidity-based smart contracts. This project serves as a learning tool to dive deeper into AI-driven smart contract analysis while utilizing cutting-edge technologies for decentralizing and enhancing the development of DApps. π‘π
DAppInsights is designed to experiment with and demonstrate how LangGraph, combined with generative AI, can be used to analyze Solidity code. By ingesting smart contract files, splitting the code into digestible chunks, and applying AI-powered analysis, DAppInsights generates detailed reports with insights on code structure, security vulnerabilities, and optimization suggestions.
This project is not only a tool for developers but also a learning resource for anyone interested in the intersection of blockchain, AI, and advanced code analysis. The aim is to experiment with how LangGraph can be leveraged to build AI-driven tools for blockchain development.
Key features include:
- π Code Ingestion: Automatically load Solidity code from local directories or GitHub repositories.
- 𧩠Code Splitting: Break down large smart contracts into smaller chunks for more effective analysis.
- π€ Generative AI Analysis: Use AI models to analyze contract logic, detect potential vulnerabilities, and suggest improvements.
- β‘ Security Evaluation: Identify security risks and propose methods to enhance contract safety.
- π Actionable Reports: Receive detailed, actionable insights to optimize and secure smart contracts.
This project was created strictly for educational and experimental purposes. It serves as a personal initiative to explore the capabilities of generative AI, agentic workflows, and LangGraph for analyzing Solidity smart contracts in a modular and structured manner.
The name "DappAuditFlow" emerged as part of a creative learning journey using tools like LangGraph, LangChain, and LangSmith.
The primary goal of DappAuditFlow is to serve as an educational and experimental project aimed at exploring the use of Generative AI and agent-based architectures within the context of smart contract auditing. This project is designed to dive into the power of LangGraph and LangSmith in the realm of Solidity smart contracts, with the goal of building a portfolio of projects showcasing cutting-edge AI techniques. ππ€
Rather than being a tool for developers, DappAuditFlow serves as a learning resource and portfolio piece to experiment with and understand the intricacies of AI-powered smart contract analysis and optimization. The key objectives include:
-
AI-Powered Contract Analysis π§ π‘: Leverage the capabilities of LangGraph and LangSmith to build intelligent agents that analyze Solidity code, detect vulnerabilities, and suggest optimizations.
-
Generative Agents π€π: Experiment with creating autonomous agents that can perform complex tasks like auditing code, generating security reports, and providing actionable insights for developers.
-
Smart Contract Optimization β‘π§: Use AI to explore methods of improving smart contract security, efficiency, and gas optimization.
-
Building with LangGraph & LangSmith π οΈπ: Learn to develop and connect workflows that utilize both LangGraph and LangSmith to manage complex tasks like the auditing of smart contracts.
This project highlights the potential of AI in blockchain development, while also demonstrating the use of LangGraph, LangSmith, and generative AI techniques to solve real-world problems in the blockchain space. ππ
Through DappAuditFlow, the focus is on learning, experimentation, and the development of generative AI-based agents for blockchain security and optimization. ππ
DappAuditFlow leverages a variety of cutting-edge technologies to explore and experiment with Generative AI and smart contract auditing. Below are the key technologies and frameworks that were utilized throughout the development of this project:
-
LangGraph ππ: A framework for building AI-driven workflows, LangGraph is used to structure the smart contract auditing process, integrating various steps like code ingestion, analysis, and reporting.
-
LangSmith ππ€: This tool is essential for managing and monitoring the agent-based workflows within the project. LangSmith helps in tracking the execution of AI agents and enhances the overall auditing pipeline by providing better control over the tasks being executed.
-
Solidity π οΈπ»: The smart contract language at the core of the project. Solidity is used to write decentralized applications (DApps) that are the subject of analysis within DappAuditFlow.
-
Hugging Face Embeddings π§ π‘: Employed to convert textual data into vector representations, enabling efficient semantic search and deep learning-based analysis of smart contracts.
-
Chroma ππ: A vector database used to persist and manage document embeddings, enabling the project to store and retrieve smart contract code for in-depth AI analysis.
-
Generative AI π€β¨: The backbone of the smart contract auditing process, generative AI models are used to evaluate Solidity code for security vulnerabilities, optimization opportunities, and best practice adherence.
-
FPDF ππ¨οΈ: A Python library used to generate and save PDF reports based on the AI-generated audit results, providing a structured and printable version of the audit findings.
Each of these technologies plays a crucial role in building a seamless, AI-powered system for auditing and optimizing smart contracts, with a focus on experimentation and learning. ππ‘
-
π₯ Smart Contract Ingestion: Loads Solidity code either from a local path or directly from a GitHub repository, enabling testing on real-world smart contracts.
-
𧩠Code Parsing & Chunking: Breaks down contracts into smaller, manageable parts to make them more suitable for AI analysis while preserving contextual meaning.
-
π€ AI-Based Security Analysis: Uses a large language model orchestrated by LangGraph to identify vulnerabilities, inefficiencies, and violations of best practices in Solidity code.
-
π Audit Report Generation: Transforms AI findings into a clear and structured audit report that outlines logic summaries, security concerns, and optimization tips.
-
π PDF Export: Automatically generates a PDF file of the audit report for record-keeping, sharing, or future reference.
-
π LangGraph Orchestration: Coordinates the flow using LangGraphβs agentic architecture, with each step in the process represented as a modular node in a graph.
This project was created strictly for educational and experimental purposes. It serves as a personal initiative to explore the capabilities of generative AI, agentic workflows, and LangGraph for analyzing Solidity smart contracts in a modular and structured manner.
The name "DappAuditFlow" emerged as part of a creative learning journey using tools like LangGraph, LangChain, and LangSmith.
This proof of concept (POC) is a personal project developed from scratch as a hands-on exercise to apply and consolidate the knowledge gained during the Bootcamp 2025: Understand and Build Professional AI Agents. The course offered a strong foundation for designing and implementing AI agents using tools such as LangGraph and LangChain. Special thanks to the instructors and the Udemy team for providing such a clear, well-structured, and practical learning experience. Official resources and examples from the course can be found at GitHub - AI-LLM-Bootcamp.
I would also like to acknowledge the doomL LangChain-LangGraph Tutorial, which offered valuable complementary insights and best practices for working with LangChain, LangGraph, and LangSmith. These resources greatly enriched my understanding and ability to build modular, agent-driven AI systems.
Finally, Iβm thankful for the open-source community and ecosystem that makes it possible to explore, experiment, and learn with cutting-edge AI technologies.
This project is licensed under the MIT License, an open-source software license that allows developers to freely use, copy, modify, and distribute the software. π οΈ This includes use in both personal and commercial projects, with the only requirement being that the original copyright notice is retained. π
Please note the following limitations:
- The software is provided "as is", without any warranties, express or implied. π«π‘οΈ
- If you distribute the software, whether in original or modified form, you must include the original copyright notice and license. π
- The license allows for commercial use, but you cannot claim ownership over the software itself. π·οΈ
The goal of this license is to maximize freedom for developers while maintaining recognition for the original creators.
MIT License
Copyright (c) 2025 Sergio SΓ‘nchez
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
