@vladusatii_ github.com/vladusatii
join beta • connect wallet
the heartbeat of crypto security. rn its an autonomous auditor for smart contracts.
on a mission to detect every finance bug in web3 with 100% accuracy. we also have one of the biggest datasets of every known defi vuln.
$ thrum scan .
→ compiling contracts
→ analyzing contracts
→ running detectors
MV-SCAN [DONE] [50.4s]
TOCTOU-SCAN [DONE] [20.2s]
UPGRADE-SCAN [DONE] [34.4s]
ORACLE [DONE] [120.8s]
ERC [DONE] [5.1s]
...
→ reasoning over findings
(A) tiny net [120.3s]
(B) large net [520s]
→ writing report: out/thrum-report.md
[DONE] 7 bugs. 2 critical, 3 medium, 2 informational.
what is it
a security engine for EVM protocols. It runs your code through a stack of best-in-class static and dynamic detectors, reasons about the findings with a set of state-of-the-art reasoning models, and returns a human-readable report generated by an LLM.
- detectors like multi-variable state inconsistencies, TOCTOU, upgrade safety, ERC / vault correctness, oracle and AMM patterns.
- reasoning core is a SOTA reasoning model that decides what is real, exploitable, and how severe it is with best-in-industry results by accuracy.
- explanations generated by a language model that turns structured verdicts into audit writeups.
how it works
detectors → candidates → advanced ml models → verdicts → llm → report
api
+----------------+----------+------------------+
| our best model | 1 price | 100 credits/scan |
+----------------+----------+------------------+
| tier | credits | price |
|---|---|---|
| basic | 100 | 0.01 ETH |
| pro | 500 | 0.05 ETH |
| enterprise | custom | 1 ETH fill |
+------------------------------+
| BUY NOW → connect wallet |
+------------------------------+
cli
lightweight and easy to use.
# install $ curl -sSL https://get.thrum.sh | bash # add to path $ echo 'export PATH="$HOME/.local/bin:$PATH"' >> ~/.bash_profile $ source ~/.bash_profile # initialize a project $ thrum init # run a scan on the current repo $ thrum scan . # view the latest report $ less out/thrum-report.md
wire Thrum into CI to scan every PR pre-merge (coming soon)
name: Cool scan 123
on:
pull_request:
jobs:
thrum:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: curl -sSL https://get.thrum.sh | bash
- run: thrum scan .
research
always looking for talented minds to push the limits of program analysis. see our bounties. read this too.
built on SOTA research in static/dynamic analysis, formal provers like SMT, and automated reasoning:
- 250+ compliance and best-practice detectors
- cross-contract multi-variable SI detection
- ERC-4626 manipulation detection
- CPMM composability/AMM-invariant breakage
- Cross-chain bridge CCVs
- ZK bug classes coming soon
the clean-up, reasoning, and triage is done by proprietary ML models:
- trm for clean-up
- sota ml for verdict
- llm for reports
security inquiries to vlad@usatii.com