Reconnaissance: Understanding Before Hunting

Why Recon Matters

The single biggest mistake AI auditing tools make is jumping straight to vulnerability detection without understanding the codebase first. The result: findings about "missing slippage protection" in a governance contract, or "reentrancy risk" in a pure view function. Without context, your AI will produce irrelevant findings.

Reconnaissance gives your auditor context. Before hunting bugs, it should know:

• What contracts exist and how big they are
• Which files handle the most value (highest risk)
• How contracts call each other (trust boundaries)
• What external protocols are used (dependencies)
• What the protocol is actually trying to do