What does your pre-deploy security checklist look like? Trying to build a standard process and curious what others actually do

I've been thinking about this more after seeing another protocol get drained

last month. Manual review obviously, but beyond that do you run Slither?

Mythril? Pay for a professional audit every time? Have some personal checklist

you go through?

Curious what's realistic for teams at different sizes. A solo dev building

something small probably isn't running a $20K audit. But what's the minimum

that isn't reckless?

reddit.com
u/Same_Carrot196 — 5 days ago
▲ 1 r/defi

Honest question: at what TVL do you think a DeFi protocol actually needs a professional audit vs. automated tools?

There's a real gap between "run Slither and hope for the best" and "pay

Trail of Bits $50K." Most small protocols launching under $500K TVL aren't

doing full audits is that reckless, or is it just reality?

Where do you draw the line? And has anyone here had a close call with

something that would have been caught by a proper audit?

reddit.com
u/Same_Carrot196 — 5 days ago
▲ 1 r/web3

Are automated smart contract auditors actually useful, or are they security theater at this point?

Genuine question because I hear both sides constantly.

One camp: automated tools catch 70-80% of common vulnerabilities, they're

fast, cheap, and useful for early-stage checks before a real audit.

Other camp: the false positive rate is so high that developers start ignoring

warnings, and the truly dangerous bugs (logic errors, economic exploits)

aren't pattern-matchable anyway so automated tools give false confidence

which is worse than nothing.

What's your experience? Do you actually trust output from Slither/Mythril

or do you treat them as a loose starting point?

reddit.com
u/Same_Carrot196 — 5 days ago

Every time a DeFi protocol gets drained, the post-mortem says "the contract wasn't audited." But audits cost $30K+ what's the actual solution?

This keeps coming up and I don't think anyone has a good answer. The

professional audit firms are great but they're priced for protocols with

real funding. The free static analysis tools (Slither, Mythril) catch some

things but miss a lot.

Is the answer just that small DeFi protocols shouldn't exist? Or is there

a middle path that's not being talked about enough?

reddit.com
u/Same_Carrot196 — 5 days ago
▲ 1 r/ethdev

After watching a friend's audited contract get drained by a reentrancy attack, I spent months building a pre-deploy scanner here's what I learned

A developer I know deployed a contract last year. He'd run it through Slither,

done a manual review, thought it was solid. A reentrancy vulnerability the

tools missed drained it in under a minute.

That scared me enough to pay for a professional audit on my own project.

Three weeks and $18K later, the audit came back with 11 findings including

2 criticals I'd completely missed on my own.

The gap that frustrated me: professional audits are the right move before a

major launch, but they're too slow and too expensive for the "is this even

worth building further" stage. And the free tools (Slither, Mythril) are

powerful but require setup, generate noise, and aren't beginner-accessible.

So I built something aimed at that middle ground — an AI auditor specifically

trained on real historical exploits and known Solidity vulnerability patterns:

reentrancy, flash loan vectors, access control issues, unchecked return values,

delegatecall pitfalls.

Paste a contract, get a structured report in under 60 seconds. The honest

limitation: it still misses subtle logic errors and complex multi-contract

interactions for those you still need a human. But for catching obvious

issues early and cheaply, it's been useful for my own workflow.

What I'm genuinely curious about: what does your pre-deploy security workflow

actually look like? Slither + manual? CI integration with something? Full audit

every time? I want to understand what's realistic for teams at different stages.

reddit.com
u/Same_Carrot196 — 5 days ago
▲ 15 r/solana

I want to build on Solana but need an idea. What problem needs solving?

I've been wanting to build something on Solana, but instead of creating another random meme coin or clone project, I'd rather build something that people would actually use.

I'm a software developer with experience in Python, AI, and blockchain, and I'm looking for a real problem worth solving.

What do you think is missing from the Solana ecosystem?

  • A tool you wish existed?
  • Something that would make developers' lives easier?
  • A better wallet experience?
  • Better analytics?
  • Trading tools?
  • Security?
  • DeFi?
  • Gaming?
  • AI integrations?

Even if it's a small pain point, I'd love to hear it. Sometimes the best products come from solving annoying everyday problems.

Open to all ideas serious or crazy. If something resonates, I'll probably build it and share the progress here.

reddit.com
u/Same_Carrot196 — 7 days ago

I made a Chrome extension that tells you if a photo is AI-generated (right-click any image)

Faux Spy AI image detector that lives in your right-click menu.

Hover over any photo on any website and right-click → "Analyze with Faux Spy" → 2-second verdict with confidence score. It tells you if the image is: Real, AI Photo, AI Art, Manipulated, or Inconclusive.

Built this because I kept seeing people get catfished on dating apps with AI-generated profile photos that looked completely real. The only reliable check is ML-based pixel analysis, so I built one that works without leaving the page.

Free on the Chrome Web Store. fauxspy.com for the Pro plan (unlimited scans + deepfake detection).

u/Same_Carrot196 — 7 days ago