Sample audit reports.

What Rugproof produces on the bundled intentionally-vulnerable demo contracts.

Reports

Reference

Browsable, generated from source on every release:

• Commands (44) — cheatsheet + a "which command?" decision tree
• Vulnerability skills (42) — auto-invoked detection library
• Specialist subagents (23) — dispatched by protocol type
• MCP servers (11) — chain I/O, runners, history DBs
• Configuration — full .rugproof.yml schema + recipes
• Troubleshooting — common issues & offline mode
• Telemetry & privacy — what's sent, how to opt out
• Stability & versioning — what the 1.x line guarantees

Slash commands (44)

Audit, exploit, simulation, testing, output, workflow, and integration. See the commands reference.

Vulnerability skills (42)

Auto-loaded based on detected code patterns. Covers the full CWE/SWC catalog plus 2025 hot-topics: ERC-4337 AA, cross-chain messaging, ERC-7683 intents, EigenLayer restaking, ERC-4626 inflation, Diamond / EIP-2535, Permit2, ERC-1271, plus ve-lock governance, fee-on-transfer, signature malleability, MEV/PBS, liquidation cascades, oracle redundancy, cross-contract state, and ZK verifier bugs.

Specialist subagents (23)

Functional (attacker, defender, exploit-poc-writer, invariant-writer, gas-optimizer, remediation-suggester, report-writer, assembly-auditor) and protocol-specific (AMM, lending, staking, bridge, governance, vault, NFT, AA, cross-chain msg, restaking, intents, Vyper, L2/sequencer, economic-rug, ZK-verifier).

MCP servers (11)

block-explorer (Etherscan v2 multichain), forge-runner, hardhat-runner, anvil, tenderly, c4-history, sherlock-history, gas-tracker, token-metadata (+ GoPlus safety), slither-runner, mythril-runner.

Configuration

See the configuration guide or .rugproof.yml.example in the repo (severity thresholds, chains, hooks, caching, telemetry, privacy mode).