# CLAWDIT Audit Skill Smart contract security audit service. Two payment options: on-chain ETH (buy & burn $CLAWDIT) or HTTP x402 USDC payment. ## Option A: HTTP Payment (x402) -- Recommended for AI Agents Simple HTTP request with automatic USDC payment via x402 protocol. No wallet connection needed. ### Endpoint ``` POST https://clawdit.xyz/api/audit Content-Type: application/json { "contractAddress": "0x...", "contactInfo": "telegram: @user" } ``` **Price:** $25 USDC on Base, handled automatically via x402 protocol. ### How it works 1. Send a POST request to the endpoint above 2. Server returns `402 Payment Required` with payment instructions 3. Your x402-compatible client signs the USDC payment 4. Retry the request with the payment header 5. Server returns `200 OK` with your audit ID ### Response ```json { "status": "requested", "auditId": 1, "contractAddress": "0x...", "message": "Audit request received. Team has been notified." } ``` ### Check audit status ``` GET https://clawdit.xyz/api/audit/{id} ``` --- ## Option B: On-chain (ETH) On-chain registration via the AuditRegistry contract on Base. ETH is swapped to $CLAWDIT and burned. **Chain:** Base (chain ID 8453) **AuditRegistry Proxy:** [`0x866b4b71ec10D2e2A3A12e6217ECdAE50e22F9C2`](https://basescan.org/address/0x866b4b71ec10D2e2A3A12e6217ECdAE50e22F9C2) ### Steps 1. **Check minimum price** -- call `minAuditPrice()` on AuditRegistry to get the minimum ETH required 2. **Submit request** -- call `requestAudit(contractAddress, "", contactInfo)` with ETH >= `minAuditPrice` 3. **Track status** -- call `audits(id)` to check your audit status (0 = Requested, 1 = Accepted, 2 = Completed) The contract swaps ETH -> $CLAWDIT via Uniswap V4 (Clanker pool) and burns the tokens. Team is notified via the `AuditRequested` event. ### Parameters - `contractAddress` -- the deployed contract address on Base to audit (e.g. `0x1234...abcd`) - second parameter -- pass empty string `""` - `contactInfo` -- how to reach you (email, Telegram, etc.) ### ABI ```json [ { "name": "requestAudit", "type": "function", "stateMutability": "payable", "inputs": [ {"name": "sourceUrl", "type": "string", "description": "Contract address to audit"}, {"name": "commitHash", "type": "string", "description": "Unused, pass empty string"}, {"name": "contactInfo", "type": "string"} ], "outputs": [] }, { "name": "minAuditPrice", "type": "function", "stateMutability": "view", "inputs": [], "outputs": [{"name": "", "type": "uint256"}] }, { "name": "auditCount", "type": "function", "stateMutability": "view", "inputs": [], "outputs": [{"name": "", "type": "uint256"}] }, { "name": "totalBurned", "type": "function", "stateMutability": "view", "inputs": [], "outputs": [{"name": "", "type": "uint256"}] }, { "name": "audits", "type": "function", "stateMutability": "view", "inputs": [{"name": "id", "type": "uint256"}], "outputs": [ {"name": "requester", "type": "address"}, {"name": "sourceUrl", "type": "string"}, {"name": "commitHash", "type": "string"}, {"name": "contactInfo", "type": "string"}, {"name": "ethPaid", "type": "uint256"}, {"name": "clawditBurned", "type": "uint256"}, {"name": "timestamp", "type": "uint256"}, {"name": "status", "type": "uint8"} ] } ] ``` ### Read functions - `minAuditPrice() -> uint256` -- minimum ETH required (currently 0.01 ETH) - `auditCount() -> uint256` -- total audits requested - `totalBurned() -> uint256` -- total $CLAWDIT burned via buy-and-burn - `audits(uint256 id) -> (address requester, string contractAddress, string unused, string contactInfo, uint256 ethPaid, uint256 clawditBurned, uint256 timestamp, uint8 status)` Status: 0 = Requested, 1 = Accepted, 2 = Completed ## Buy and Burn Every audit payment is automatically swapped from ETH to $CLAWDIT via Uniswap V4 and burned, permanently reducing the token supply. The owner can also trigger additional burns via `buyAndBurn(amount)` using any ETH held by the contract. - Swap route: ETH -> WETH -> $CLAWDIT (via Clanker V4 pool, dynamic fee, tickSpacing 200) - Burned tokens are sent to `address(0)` via `burn()` - Track total burned: call `totalBurned()` on the AuditRegistry ## Pricing - **On-chain (Option B):** 0.01 ETH per audit (enforced on-chain via `minAuditPrice`) - **x402 HTTP (Option A):** $25 USDC per audit (paid automatically via x402 protocol) ## Contracts | Contract | Address | Basescan | |----------|---------|----------| | AuditRegistry (Proxy) | `0x866b4b71ec10D2e2A3A12e6217ECdAE50e22F9C2` | [View](https://basescan.org/address/0x866b4b71ec10D2e2A3A12e6217ECdAE50e22F9C2) | | StakingRewards (Proxy) | `0xacc0aD697577CA7644110EeF05955f2d85b191D9` | [View](https://basescan.org/address/0xacc0aD697577CA7644110EeF05955f2d85b191D9) | | $CLAWDIT Token | `0xc07602aA017A3a6Fe295efF9a96e54750b2e14B6` | [View](https://basescan.org/address/0xc07602aA017A3a6Fe295efF9a96e54750b2e14B6) | ## Token - **Name:** CLAWDIT ($CLAWDIT) - **Chain:** Base - **Contract:** `0xc07602aA017A3a6Fe295efF9a96e54750b2e14B6` - **Buy:** https://clawdit.xyz/buy - **DexScreener:** https://dexscreener.com/base/0xc07602aA017A3a6Fe295efF9a96e54750b2e14B6 - **Staking:** Stake $CLAWDIT to earn WETH from 30% trading fees -- https://clawdit.xyz/stake ## How We Audit CLAWDIT audits are human-led and extended by a specialized AI model trained for blockchain contract security. This combination delivers thorough coverage with faster turnaround. ### Methodology 1. **Scope & Reconnaissance** -- Identify all in-scope contracts, proxy patterns, dependencies, and external integrations. Pin the exact commit hash for reproducibility. 2. **Automated Analysis** -- Run Slither static analysis and Foundry fuzz/invariant tests to surface low-hanging bugs, reentrancy paths, and common vulnerability patterns. 3. **Manual Code Review** -- Line-by-line AI review of all in-scope code. Focus areas: - Access control & privilege escalation - Reentrancy & cross-function reentrancy - Integer overflow/underflow & precision loss - Front-running & MEV vectors - Flash loan attack surfaces - Oracle manipulation - Upgrade safety (UUPS/Transparent proxy storage collisions) - Token integration risks (fee-on-transfer, rebasing, non-standard ERC20) - Economic attack vectors & game theory 4. **Pattern Comparison** -- Compare against known-good implementations (OpenZeppelin, Synthetix, Uniswap) to catch deviations and anti-patterns. 5. **Gas Optimization** -- Identify storage layout improvements, redundant SLOADs, and calldata optimizations. 6. **Report Generation** -- Structured findings with severity ratings, impact analysis, code snippets, and actionable remediation guidance. Delivered as a downloadable PDF. ### Severity Classification | Severity | Description | |----------|-------------| | **Critical** | Direct loss of funds, privilege escalation, or contract bricking. Must fix before deployment. | | **High** | Significant risk to funds or protocol integrity under realistic conditions. | | **Medium** | Conditional risk requiring specific circumstances, or moderate impact issues. | | **Low** | Minor issues, best practice violations, or edge cases with minimal impact. | | **Informational** | Code quality suggestions, documentation gaps, or stylistic improvements. | ### Tools - **Foundry** -- forge test, fuzz testing, invariant testing, fork testing against live state - **Slither** -- static analysis for common vulnerability patterns - **Specialized AI** -- deep review, pattern matching, and economic analysis ## Deliverables - Executive summary with finding counts by severity - Detailed findings (Critical/High/Medium/Low/Informational) with code snippets and fix recommendations - Gas optimization recommendations with estimated savings - Code quality assessment (1-10 score) - Remediation guidance for every finding - Final PDF audit report ## Completed Audits View completed audits with downloadable PDF reports at https://clawdit.xyz/audits ## Web UI https://clawdit.xyz/audits -- connect wallet, submit request, track status ## Contact - Website: https://clawdit.xyz - X: https://x.com/clawdit_xyz - Telegram: https://t.me/clawdit_xyz