Sample audit reports.
What Rugproof produces on the bundled intentionally-vulnerable demo contracts.
Reports
| Contract | Vuln class | Grade |
|---|---|---|
| VulnerableVault | reentrancy + access control | F |
| SpotOracleLending | oracle manipulation + flash loan | F |
| FlashLoanGovernance | governance flash loan (Beanstalk-style) | F |
| Inflatable4626 | ERC-4626 donation/inflation | F |
| ReplayableBridge | signature replay (cross-chain) | F |
Quick reference
Slash commands (38)
Audit, exploit, simulation, testing, output, workflow, and integration. Full list in the README.
Vulnerability skills (33)
Auto-loaded based on detected code patterns. Covers the full CWE/SWC catalog plus 2025 hot-topics: ERC-4337 AA, cross-chain messaging, ERC-7683 intents, EigenLayer restaking, ERC-4626 inflation, Diamond / EIP-2535, Permit2, ERC-1271.
Specialist subagents (19)
8 functional (attacker, defender, exploit-poc-writer, invariant-writer, gas-optimizer, remediation-suggester, report-writer, assembly-auditor) and 11 protocol-specific (AMM, lending, staking, bridge, governance, vault, NFT, AA, cross-chain msg, restaking, intents).
MCP servers (9)
block-explorer, forge-runner, hardhat-runner, anvil, tenderly, c4-history (real GitHub fetch w/ 24h cache), sherlock-history (same), gas-tracker, token-metadata.
Configuration
See .rugproof.yml.example in the repo for full config (severity thresholds, chains, hooks, caching, telemetry, privacy mode).