Zealynx AcademyZealynx Academy
Build AI Auditor/Choose Your Verification Approach
Step 7 . Decision

Choose Your Verification Approach

The False Positive Problem

This is the most important decision in your auditor. Detection is easy. Anyone can prompt an AI to "find bugs" and get 50 results. But if 45 of those are wrong, your tool is useless.

False positives destroy trust. After a developer sees 10 incorrect "critical" findings, they stop reading the reports entirely. And that is when they miss the 1 real critical bug.

The best tools in the space have solved this in different ways:

Kill Gates (Rules-Based Filtering)

Apply deterministic rules to each finding. If it fails any gate, it gets killed.

How Krait does it (8 kill gates):

  1. Generic best practice? → KILL
  2. Theoretical, no concrete exploit? → KILL
  3. Intentional design choice? → KILL
  4. Missing WHO/WHAT/HOW MUCH? → KILL
  5. Admin trust assumption? → KILL
  6. Dust-level impact (under $100)? → KILL
  7. Out of scope? → KILL
  8. Already documented? → KILL

Result: 100% precision across 50 blind contests. Zero false positives.

Tradeoff: Lower recall (15.2%). Some real bugs get killed too.

Devil's Advocate (Adversarial Challenge)

A second analysis pass challenges every finding. "Prove this is exploitable or it gets demoted."

How SC-Auditor does it (6D evaluation): For each finding, an adversarial review asks:

  1. Are there guards elsewhere that prevent this?
  2. Does reentrancy protection exist?
  3. Is access control checked in a parent contract?
  4. Is this by-design per documentation?
  5. Is this economically feasible to exploit?
  6. Can you construct a step-by-step dry run?

Findings that survive the challenge are "Proved." Others get demoted to "Candidates."

Tradeoff: Thorough but expensive (doubles token usage). Slower.

Confidence Scoring (Statistical Weighting)

Assign confidence scores based on how many detection methods flagged the same issue. High confidence = likely real. Low confidence = likely FP.

How QuillShield does it: Bayesian scoring across 10 plugin outputs. Findings detected by multiple plugins get boosted. Single-source findings get scrutinized.

Tradeoff: Nuanced but requires multiple detection sources. Works best with multi-mindset or multi-agent architectures.

Sign up free — keep reading + earn 10 Lynx

Zealynx Academy is free. Track your progress, earn Lynx, and climb the leaderboard.

Sign up free to continue

Already have an account? Log in

PreviousNext