
pi3
Project status: In progressAn autonomous pipeline that hunts for exploitable smart contracts on Ethereum and BSC. Crawlers surface funded, dev-made contracts into an ROI-ranked SQLite queue; a bytecode-level triage scores each by how crackable it is; then a pi.dev coding agent is dropped into an isolated workspace with the verified source, a Foundry scaffold, and a live chain fork, and must PROVE a fund-drain by writing an exploit that passes on a local anvil fork — never broadcast. A Flask control plane drives the crawlers, parallel audit agents, model health checks, and live transcript watching.
Gallery
01 / 01Notes
A pipeline that finds funded smart contracts and lets an AI agent try to prove a real, fund-draining exploit on a fork — for responsible disclosure, never on-chain draining.
How it works
- Crawl — RPC block-walkers (forward / reverse / sharded, resilient across multiple endpoints) and a BigQuery bulk source surface deployed contracts; cheap on-chain checks drop EOAs, plain tokens, and empty contracts and keep the funded ones.
- Triage — a proper EVM opcode walk reads each contract's bytecode (delegatecall / selfdestruct / proxy slots / dangerous selectors) and turns it into a crackability score, so the queue is ranked by ROI = funds × probability we can prove a drain.
- Audit — a worker builds an isolated env folder (verified
source.sol, bytecode, anAGENTS.mdbrief, a Foundry scaffold, andFORK_RPC+TARGETpointing at a live chain fork) and hands it to a headless pi.dev agent (Command Code / MiniMax, OpenCode, Gemini…). - Prove — the agent writes
foundry/src/Attack.sol; the harness deploys it on ananvilfork of real chain state and confirms native value actually moved from the target into the attacker — no cheatcodes, never broadcast. Only a passing on-fork PoC counts. - Disclose — proven drains are staged with their exploit + proof and pushed to a human-review queue with a Telegram alert.
Highlights
- A custom multi-turn goal loop that drives the headless agent until it proves the exploit or is confident none exists — model-agnostic, with budgets and no-progress detection.
- Evidence-based: a finding only exists if a Foundry PoC drains value on a fork. No "the model said so".
- ROI ranking + rescan heartbeat keep effort pointed at the highest-value targets and the queue's funds/verified/score fresh.
- A live Flask control plane: start/stop crawlers and workers, throw N agents at one contract, watch the agent's transcript live, run model health checks, filter the queue by chain / funds / difficulty.
Stack
Python · web3 · Foundry (anvil / forge / cast) · the pi.dev coding agent · SQLite (WAL queue) · Flask dashboard · Slither / Heimdall · a Next.js dashboard port.
This is offensive research tooling. PoCs run only on a local fork and are never broadcast; the only legitimate destination for a finding is responsible disclosure or a bug-bounty program.