Documentation

API reference and integration guides for Audithunt

Quick Start

1. Get an API token

curl -X POST http://localhost:8000/api/v1/auth/dev-login \
  -H "Content-Type: application/json" \
  -d '{"subject": "my-app", "role": "operator", "plan": "pro"}'

2. Upload a contract

curl -X POST http://localhost:8000/api/v1/upload \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -F "[email protected]" \
  -F "depth=standard" \
  -F "chain=ethereum"

3. Get the report

curl http://localhost:8000/api/v1/reports/AUDIT_ID \
  -H "Authorization: Bearer YOUR_TOKEN"

API Reference

Method	Endpoint	Description	Auth
POST	/api/v1/auth/login	Authenticate and receive JWT	none
POST	/api/v1/auth/signup	Create new account	none
POST	/api/v1/auth/dev-login	Dev-mode JWT (dev env only)	none
GET	/api/v1/auth/me	Current authenticated user	any
POST	/api/v1/upload	Upload contract file for audit	operator
POST	/api/v1/audits	Start a new audit	operator
GET	/api/v1/audits	List all audits	viewer
GET	/api/v1/audits/{id}	Get audit details	viewer
GET	/api/v1/reports/{id}	Get audit report (JSON)	viewer
GET	/api/v1/reports/{id}/pdf	Download PDF report	approver
GET	/api/v1/knowledge/search	Semantic search knowledge base	viewer
GET	/api/v1/chains	List supported chains	none
WS	/api/v1/audits/{id}/ws	Real-time audit progress	viewer
GET	/api/v1/admin/status	System health status	admin
GET	/api/v1/beast/status	Beast Hunter status	admin
GET	/api/v1/beast/intelligence	Threat intelligence feed	admin
GET	/api/v1/beast/contests	Active contests	admin

Vulnerability Detectors 34 total

Detector	SWC	Description
reentrancy-eth	SWC-107	Reentrancy with ETH transfer
reentrancy-erc20	SWC-107	Reentrancy with ERC20 transfer
unprotected-selfdestruct	SWC-106	Unprotected selfdestruct
unchecked-transfer	SWC-104	Unchecked ERC20 return value
tx-origin	SWC-115	tx.origin authentication
uninitialized-storage	SWC-109	Uninitialized storage pointer
integer-overflow	SWC-101	Integer overflow/underflow
access-control	SWC-105	Missing access control
flash-loan-attack	—	Flash loan price manipulation
oracle-manipulation	—	Oracle price manipulation
bridge-validator	—	Bridge validator bypass
proxy-backdoor	SWC-112	Delegatecall to untrusted callee
... and 22 more (chain-specific, economic, bridge, governance detectors)

Architecture

Three-Tier AI Architecture
━━━━━━━━━━━━━━━━━━━━━━━━━━

Tier 0 (Deterministic)  →  34 detectors + parsers + rules  →  $0/audit
Tier 1 (Claude Haiku)   →  Summaries, remediation, triage  →  ~$0.02/audit
Tier 2 (Claude Opus)    →  Novel attacks, exploit chains   →  ~$3.00/audit

Routing: Standard = T0+T1 | Deep = T0+T1+T2 | Expert = T0+T1+Opus

Supported Languages: Solidity, Vyper, Cairo 1.0, Yul
Supported Chains:    Ethereum, BNB Chain, Arbitrum, Optimism, Starknet

Documentation

API reference and integration guides for Audithunt

Quick Start

1. Get an API token

curl -X POST http://localhost:8000/api/v1/auth/dev-login \
  -H "Content-Type: application/json" \
  -d '{"subject": "my-app", "role": "operator", "plan": "pro"}'

2. Upload a contract

curl -X POST http://localhost:8000/api/v1/upload \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -F "[email protected]" \
  -F "depth=standard" \
  -F "chain=ethereum"

3. Get the report

curl http://localhost:8000/api/v1/reports/AUDIT_ID \
  -H "Authorization: Bearer YOUR_TOKEN"

API Reference

Method	Endpoint	Description	Auth
POST	/api/v1/auth/login	Authenticate and receive JWT	none
POST	/api/v1/auth/signup	Create new account	none
POST	/api/v1/auth/dev-login	Dev-mode JWT (dev env only)	none
GET	/api/v1/auth/me	Current authenticated user	any
POST	/api/v1/upload	Upload contract file for audit	operator
POST	/api/v1/audits	Start a new audit	operator
GET	/api/v1/audits	List all audits	viewer
GET	/api/v1/audits/{id}	Get audit details	viewer
GET	/api/v1/reports/{id}	Get audit report (JSON)	viewer
GET	/api/v1/reports/{id}/pdf	Download PDF report	approver
GET	/api/v1/knowledge/search	Semantic search knowledge base	viewer
GET	/api/v1/chains	List supported chains	none
WS	/api/v1/audits/{id}/ws	Real-time audit progress	viewer
GET	/api/v1/admin/status	System health status	admin
GET	/api/v1/beast/status	Beast Hunter status	admin
GET	/api/v1/beast/intelligence	Threat intelligence feed	admin
GET	/api/v1/beast/contests	Active contests	admin

Vulnerability Detectors 34 total

Detector	SWC	Description
reentrancy-eth	SWC-107	Reentrancy with ETH transfer
reentrancy-erc20	SWC-107	Reentrancy with ERC20 transfer
unprotected-selfdestruct	SWC-106	Unprotected selfdestruct
unchecked-transfer	SWC-104	Unchecked ERC20 return value
tx-origin	SWC-115	tx.origin authentication
uninitialized-storage	SWC-109	Uninitialized storage pointer
integer-overflow	SWC-101	Integer overflow/underflow
access-control	SWC-105	Missing access control
flash-loan-attack	—	Flash loan price manipulation
oracle-manipulation	—	Oracle price manipulation
bridge-validator	—	Bridge validator bypass
proxy-backdoor	SWC-112	Delegatecall to untrusted callee
... and 22 more (chain-specific, economic, bridge, governance detectors)

Architecture

Three-Tier AI Architecture
━━━━━━━━━━━━━━━━━━━━━━━━━━

Tier 0 (Deterministic)  →  34 detectors + parsers + rules  →  $0/audit
Tier 1 (Claude Haiku)   →  Summaries, remediation, triage  →  ~$0.02/audit
Tier 2 (Claude Opus)    →  Novel attacks, exploit chains   →  ~$3.00/audit

Routing: Standard = T0+T1 | Deep = T0+T1+T2 | Expert = T0+T1+Opus

Supported Languages: Solidity, Vyper, Cairo 1.0, Yul
Supported Chains:    Ethereum, BNB Chain, Arbitrum, Optimism, Starknet