Choose Your Detection Strategy

How Should Your Auditor Find Bugs?

Your recon phase maps the codebase. Now you need to decide HOW your auditor looks for vulnerabilities. The detection strategy determines what kinds of bugs your tool catches and which it misses.

Checklist-Based Detection

Sweep the code against a predefined list of known vulnerability patterns. SWC Registry, Solodit categories, common attack vectors.

Strengths: Comprehensive coverage of known patterns. Easy to maintain and extend. Predictable behavior. Weaknesses: Misses novel or protocol-specific vulnerabilities. Can be noisy if the checklist is too broad.

Used by: Pashov Skills, SCV-Scan, Claude Solidity Skills, Forefy .context

Multi-Mindset Detection

Analyze each function from multiple perspectives: Attacker, Accountant, Spec Auditor, Edge Case Hunter. Each mindset catches different bug classes.

Strengths: Diverse perspectives find diverse bugs. Findings corroborated across mindsets are higher confidence. Catches issues a single perspective would miss. Weaknesses: More tokens (4x the analysis). Can produce overlapping findings. Requires good deduplication.

Used by: Krait (4 mindsets, 16 analytical angles), SC-Auditor (6 hunt agents), Panther Move Auditor (5 viewpoints)

Domain-Specific Detection

Protocol-type primers that tune detection: DEX (swap math, LP tokens, MEV), Lending (collateral, liquidation, interest rates), Staking (reward distribution, withdrawal), Governance (voting power, proposal execution).

Strengths: Deep, targeted analysis for the specific protocol type. Fewer false positives because checks are relevant. Catches domain-specific bugs that generic checks miss. Weaknesses: Requires maintaining primers per domain. Misses bugs outside the detected domain. Needs accurate domain classification.

Used by: Krait (7 domain primers), QuillShield (10 specialized plugins), Auditmos (14 DeFi-specific skills)