How audit.new Works
A step-by-step guide to auditing your smart contracts for security vulnerabilities.
1. Submit Your Contract#
Choose one of four input methods to submit your smart contract for analysis:
- Etherscan URL — Paste any block explorer URL to auto-fetch verified source code
- GitHub repo — Provide a repository URL and optional branch name
- Paste code — Paste Solidity source code directly
- ZIP upload — Upload an archive of contract files (max 10MB)
Supported networks
Etherscan URL submission supports Ethereum, BSC, Polygon, Arbitrum, Optimism, Base, Avalanche, and Fantom. The contract must have verified source code on the explorer.
2. Select an Audit Tier#
Choose the depth of analysis based on your needs:
| Tier | Credits | Price | Runtime | Coverage |
|---|---|---|---|---|
| Quick | 1 | $49 | ~20 min | Reentrancy, overflow, access control |
| Standard | 3 | $149 | ~45 min | Quick + oracle, flash loans, signature replay, logic bugs |
| Deep | 8 | $399 | ~90 min | Standard + proxy risks, token integration, cross-contract, economic attacks |
3. AI Analysis#
Our AI runs a multi-phase audit methodology on your contract:
1
Map
Analyze contract structure, inheritance hierarchy, state variables, and external dependencies.
2
Hunt
Scan for known vulnerability patterns across all supported categories. Identify attack surfaces and entry points.
3
Attack
Simulate potential exploits against discovered attack surfaces. Model economic attacks and edge cases.
4
Verify
Validate findings to reduce false positives. Classify severity and generate fix recommendations.
You can watch progress in real-time on the status page with live SSE updates showing each analysis step as it happens.
4. Security Report#
When analysis completes, you receive a detailed security report containing:
- Findings summary — Breakdown by severity (Critical, High, Medium, Low, Info)
- Individual findings — Title, description, code location, CWE reference, and fix recommendation
- Code snippets — The exact vulnerable code with file and line numbers
- PDF export — Download a professional report for sharing with your team
Clean audit
If no vulnerabilities are found, the report shows a clean audit result. We still recommend a manual audit from a professional firm for production protocols handling significant TVL.
Severity Levels#
| Severity | Description | Action |
|---|---|---|
| Critical | Directly exploitable with significant financial impact | Fix immediately before deployment |
| High | Exploitable under specific conditions | Fix before deployment |
| Medium | Potential issue that could become exploitable | Fix recommended |
| Low | Minor issue with limited impact | Consider fixing |
| Info | Best practice suggestion or optimization | Optional improvement |