I Built a Smart Contract Auditing Tool Because AI Was Embarrassing Me

--

I used to be a smart contract security researcher.

Key word: used to.

Not because I quit, because I got honest with myself about what I was actually doing. I was using AI to write my audit reports. Finding vulnerabilities, sure, but letting AI carry the write-up. Felt efficient. Felt smart even.

Then reality started hitting different.
Duplicates. Over and over. Someone else submitted the same finding faster. Or worse: AI flagged the two most obvious things in the contract and called it a day. It wasn’t auditing. It was skimming. AI was skimming my clients' contracts and I was putting my name on it.

That bothered me more than I expected.
So I asked a different question. Not "how do I audit faster", but what if the whole process was built differently from scratch? Cheap, real, impossible to fake. Something a security researcher could trust and a developer could actually afford.
That’s where Limbo started. It’s not finished. But the story of building it is already worth telling.

The idea was simple and insane at the same time. Four tools; Slither, Mythril, Echidna, Halmos , each attacking a contract differently. Every finding verified by Foundry before AI touches it. AI doesn’t find bugs in Limbo. It confirms them. There’s a difference and that difference is everything.

I wanted it to feel like Certora, lol, rigorous, real, no vibes.

Then came the fun part. I needed a developer.
You know that moment when you price something out and it’s $500–1k minimum and you have exactly zero of that? Yeah. So I made the only logical decision: build it myself. With AI.
I know how that sounds.

Here’s what nobody tells you about building with AI. It’s not a vending machine. You can’t just explain what you want and watch it appear. You explain something, it writes code, and half the time it goes a completely different direction than what you had in your head. You tell it to fix it. It doesn’t fully understand what you’re even saying. You try again. It confidently produces something that looks right and is completely wrong.

It’s like handing someone your vision and getting back a drawing of something that rhymes with your vision.
I bought a Claude subscription. Thought that was the move. And Claude is genuinely the only one that actually gets context, but man, even Claude made so many mistakes it wasn’t funny. What I had after the first stretch wasn’t Limbo. It was a skeleton wearing Limbo’s clothes.
Slither wasn’t working. Mythril wasn’t working. Echidna and Halmos? They looked at my prompts and said this is why we aren’t AI. 💀

Two weeks of debugging the entire codebase. Not building. Not adding features. Just two weeks of going line by line trying to understand a workspace I’d never been in before, Rust, Solidity toolchains, Docker configs, dependency hell. I should have hired a developer. Two weeks to get Slither and Mythril functional. Echidna and Halmos are still fighting me.
And I’m still going.

For the technical people, here’s exactly what Limbo does:

Limbo runs Slither, Mythril, Echidna, and Halmos across your entire codebase at the same time. Not one after the other. All four, simultaneously, hitting your contracts from every angle, static analysis, symbolic execution, fuzzing, formal verification. When they find something, that finding doesn’t go anywhere near a report yet.
AI steps in for exactly one job: write a PoC. One file. Then it runs that PoC through Foundry and keeps forging it until Foundry confirms the bug is real. If it can’t be confirmed, it doesn’t exist as far as Limbo is concerned. And if any of the four tools fail or start acting up mid-scan? AI’s only other job is to point them back on track.
That’s it. AI is infrastructure. The tools are the auditors.
No finding in your report was put there by a language model guessing. Every single one was found by a tool, proven by Foundry, and documented for you to fix.

Because here’s what building this taught me that I couldn’t have learned any other way, AI is good at one thing in security. Verifying. Not finding. The moment you ask AI to find your bugs you’ve already lost. It catches the obvious ones, writes it up clean, and leaves the real stuff buried. For someone else to find. Or for an exploit to find.
That’s what I was doing before. That’s why I’m building something different.

I joined Cyfrin Updraft to actually learn — Solidity, Rust, the fundamentals I was missing. Yes I was already a security researcher. No that wasn’t enough. Humbling is an understatement.
But if you’re getting into smart contract auditing right now; Cantina, HackerOne, Code4rena (RIP, if you haven’t heard, they’re down), anywhere hear me:

Do not use AI to find bugs. Learn to find bugs.

I made that mistake. I’m still paying for it in ways that turned into this entire project. The knowledge you build when you actually learn this is worth more than any shortcut. Shoutout Cyfrin Updraft, no sponsorship, just facts.
Limbo isn’t finished. Echidna and Halmos are still out here disrespecting me. But it’s real, it’s being built in public, and when it’s done, nothing in it will be fake.