v3.0 — Private Beta
Smart Contract
Security
Re-engineered.
Multi-agent. Graph-grounded. Hallucination-resistant.
Critikal finds what scanners miss —
and proves it.
Access Requested. Check your inbox soon.
Private beta open.
143
Contracts Analysed
20
Proven Exploits
3.2K
Graph Nodes Per Run
100%
Compiler-Verified PoCs
The Pipeline
Five stages.
One proven exploit.
Every vulnerability Critikal surfaces is traced from a deterministic knowledge graph through adversarial validation to a compiler-passing proof-of-concept.
Stage 01 — Knowledge Graph
Every contract, function & call — mapped.
Static analysis builds a rich graph of the codebase. Data flows, call chains,
state mutations, and access control are encoded as nodes and edges. High-risk hotspots
surface automatically — grounded in structure, not guesswork.
Stage 02 — Multi-Agent Dispatch
Specialist agents. Not one generalist.
A lead coordinator analyses the hotspot list and spawns targeted agents — one
to research protocol context, another to generate attack hypotheses grounded in real graph
nodes. Each agent uses the best model for its task.
Stage 03 — Adversarial Jury
Multiple models debate every hypothesis.
Before any exploit is attempted, hypotheses face a jury of independent AI
models. They challenge assumptions, test edge cases, and vote on feasibility. Only findings
that survive adversarial consensus move forward.
Hypothesis Context
BANK_SAFE::Collect — CEI violation.
Attacker re-enters before balance update.
Attacker re-enters before balance update.
GPT-5
THINKING...
VULN
Gemini3.1-pro
THINKING...
SAFE
Sonnet 4.6
THINKING...
VULN
Grok 3
THINKING...
VULN
Judge
CRITICAL
3/4 Consensus
3/4 Consensus
// Isolated Foundry sandbox — no external
network
// Target: BANK_SAFE::Collect — reentrancy
(CEI)
contract AttackContract {
receive() external payable {
if (count
< MAX) target.Collect(1 ether);
}
}
$ forge test --match-test test_exploit
-vvvv
[PASS] test_exploit()
Gas: 187,432 · ETH drained: 50.0
✓ EXPLOIT PROVEN
Stage 04 — Exploit Proof
If Forge doesn't pass — it doesn't ship.
The exploit writer runs in a fully isolated Foundry sandbox. It generates an
attack contract, compiles it, and executes the test. Only findings where
forge test [PASS]
returns are marked proven. No fabricated mocks. No redefined contracts.Stage 05 — Structured Report
Ranked findings. Proven exploits. Zero noise.
The final output surfaces only what matters — severity-ranked findings, each
with a confirmed proof-of-concept, attack path, and remediation. You decide what to submit.
Critikal removes the grunt work, not your judgment.
Analysis Complete — smartbugs-curated
143 contracts · 3,257 graph nodes · 20 proven exploits
Critical
19
Proven PoC
High
1
Proven PoC
Findings by Category
Reentrancy
82
Access Ctrl
19
Arithmetic
5