Projects
pi3 preview

pi3

Project status: In progress

Web + CLI · Application · Developer · Jun 2026

An autonomous pipeline that hunts for exploitable smart contracts on Ethereum and BSC. Crawlers surface funded, dev-made contracts into an ROI-ranked SQLite queue; a bytecode-level triage scores each by how crackable it is; then a pi.dev coding agent is dropped into an isolated workspace with the verified source, a Foundry scaffold, and a live chain fork, and must PROVE a fund-drain by writing an exploit that passes on a local anvil fork — never broadcast. A Flask control plane drives the crawlers, parallel audit agents, model health checks, and live transcript watching.

Smart ContractsSecurityEthereumBSCEVMAI AgentsFoundryPythonFlask

Gallery


Notes

A pipeline that finds funded smart contracts and lets an AI agent try to prove a real, fund-draining exploit on a fork — for responsible disclosure, never on-chain draining.

How it works

  1. Crawl — RPC block-walkers (forward / reverse / sharded, resilient across multiple endpoints) and a BigQuery bulk source surface deployed contracts; cheap on-chain checks drop EOAs, plain tokens, and empty contracts and keep the funded ones.
  2. Triage — a proper EVM opcode walk reads each contract's bytecode (delegatecall / selfdestruct / proxy slots / dangerous selectors) and turns it into a crackability score, so the queue is ranked by ROI = funds × probability we can prove a drain.
  3. Audit — a worker builds an isolated env folder (verified source.sol, bytecode, an AGENTS.md brief, a Foundry scaffold, and FORK_RPC + TARGET pointing at a live chain fork) and hands it to a headless pi.dev agent (Command Code / MiniMax, OpenCode, Gemini…).
  4. Prove — the agent writes foundry/src/Attack.sol; the harness deploys it on an anvil fork of real chain state and confirms native value actually moved from the target into the attacker — no cheatcodes, never broadcast. Only a passing on-fork PoC counts.
  5. Disclose — proven drains are staged with their exploit + proof and pushed to a human-review queue with a Telegram alert.

Highlights

  • A custom multi-turn goal loop that drives the headless agent until it proves the exploit or is confident none exists — model-agnostic, with budgets and no-progress detection.
  • Evidence-based: a finding only exists if a Foundry PoC drains value on a fork. No "the model said so".
  • ROI ranking + rescan heartbeat keep effort pointed at the highest-value targets and the queue's funds/verified/score fresh.
  • A live Flask control plane: start/stop crawlers and workers, throw N agents at one contract, watch the agent's transcript live, run model health checks, filter the queue by chain / funds / difficulty.

Stack

Python · web3 · Foundry (anvil / forge / cast) · the pi.dev coding agent · SQLite (WAL queue) · Flask dashboard · Slither / Heimdall · a Next.js dashboard port.

This is offensive research tooling. PoCs run only on a local fork and are never broadcast; the only legitimate destination for a finding is responsible disclosure or a bug-bounty program.