$3.1B+ stolen from smart contracts in 2024. Our pattern DB covers the exact vulnerability classes behind these exploits — run a pre-audit before you launch.
800+ CVE Patterns 4-Agent AI Debate Engine Sandbox PoC Verification contact@cyberhimaya.com

Smart Contract Pre-Audit
You Run Locally. We Verify.

Submit your Sui/Move, Solidity, or Rust contract. Our 8-phase engine — combining static analysis, multi-agent AI debate, and sandbox execution — delivers a confirmed vulnerability report in 24–48 hours.

Pattern DB includes the exact vulnerability class (u128 tick-math overflow) behind the May 2024 Cetus $223M exploit.

Submit Code for Audit → How It Works ↓
800+
CVE Patterns
10–20%
FP Rate (Move/Sui)
4
AI Agents in Debate
48h
Delivery Time
The Service
How It Works — 3 Steps

No upload to third-party servers. You send your code securely (zip or private GitHub). We run the scan on our local machine and deliver the full report.

STEP 01 — SUBMIT
You Submit Your Code Privately
Pay for your tier below. You receive an email with secure submission instructions. Send a ZIP of your contract source files or share a private GitHub/GitLab repo. Your code never touches a public server. It runs entirely on our air-gapped local machine.
STEP 02 — SCAN
8-Phase Engine Runs Locally
The full pipeline executes: static pattern scan → AI threat model → 5-dimension parallel analysis → 4-agent Red/Blue/Purple debate → sandbox PoC execution. Only findings with confidence > 0.85 AND confirmed PoC execution pass through.
STEP 03 — REPORT
You Receive a Structured Report
Within 24–48h you get a full Markdown + PDF report: confirmed vulnerabilities only, working PoC code, economic impact estimate, step-by-step exploit chain, and recommended fixes. Ready to hand to your final manual auditor.
WHY THIS MODEL
Why Not a Web App?
Pre-launch smart contract code is the most sensitive IP in DeFi. Uploading unaudited contracts to a public web server is a severe security risk. Running the tool locally means zero data leakage. Your code stays yours.
himaya-apex scan --target ./cetus_clmm.move --tier poc-engine
Phase 1/8 Parser Move detected — 12 functions, 3 entry points, call graph built
Phase 2/8 Static Scan 3 pattern matches (55 EVM-only patterns filtered)
Phase 3/8 Threat Model Gemini 2.5 Pro — invariants extracted
Phase 4/8 5-Dim Analysis D1 Hunter / D2 Math / D3 Economic / D5 Cross-Ref

Phase 5/8 → Hunter (Red): "u128 multiply_tick_price overflows when tick > 443636"
→ Critic (Blue): "assert_tick_bounds present... checking if it gates this path"
→ Skeptic: "assert_tick_bounds does NOT cover calculate_fee_amount(). Path unguarded."
→ Judge: CONFIRMED — mechanically complete exploit path verified

Phase 6/8 Sandbox generating PoC... running sui move test test_tick_overflow
PASS — EXECUTION_CONFIRMED economic_impact: $223M (at peak TVL)

Phase 7/8 Confidence Gate Score: 0.94 > 0.85 threshold → REPORTED
Phase 8/8 Report → report_cetus_clmm.md / report_cetus_clmm.pdf

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
✓ CONFIRMED CRITICAL: 1 | AI-ONLY HIGH: 1 | DROPPED (FP): 4
Engine Architecture
The 8-Phase APEX Pipeline
01
Language Detection & Parsing
Auto-detects .move, .sol, .rs. Builds full AST, call graph, and reachability map using BFS from public entry points. Dead code is removed before analysis begins.
Deterministic
02
800+ CVE Pattern Scan
Regex-based scan against 800+ known vulnerability patterns. 20 CLMM-specific detectors for Sui/Move (tick math, sqrt_price, fee rounding, liquidity overflow). Incompatible EVM-only patterns are auto-filtered per language.
Deterministic
03
AI Protocol Threat Model
Gemini 2.5 Pro ingests all source files and extracts the protocol's core invariants, trust boundaries, and multi-step attack sequences before any line-level analysis begins.
Gemini 2.5 Pro
04
5-Dimension Parallel Analysis
D1 Pattern Hunter (novel zero-days) · D2 Math (overflow bounds, rounding, fixed-point errors) · D3 Economic (MEV, flash loans, liquidation cascades) · D5 Cross-Reference (CVE matching, fork analysis, historical exploit DB). All run in parallel.
DeepSeek R1
05
4-Agent Red/Blue/Purple Debate
Hunter proposes the exploit chain. Critic checks for existing guards. Skeptic actively tries to disprove (>70% probability = dropped). Judge demands a mechanically complete path or refuses. 30–40% of findings are intentionally rejected here.
Claude 3.5 Sonnet + DeepSeek
06
Sandbox PoC Execution
AI writes a #[test_only] (Move) or forge test (Solidity) exploit script. Runs locally. 7-loop auto-healer fixes syntax errors. EXECUTION_CONFIRMED = 100% True Positive. No execution = AI-only tier (clearly labelled).
sui move test / forge test
07
Confidence Gate (Score > 0.85)
Formula: Score = D1(0.20) + D2(0.30) + D3(0.20) + PoC(0.30). Findings below threshold are suppressed entirely. Only high-confidence, multi-dimension-confirmed findings reach the report.
Confidence Filter
08
Report Generation
Delivers Markdown + PDF with confirmed vulnerabilities only, working PoC code, economic impact analysis, exploit step chain, and recommended fixes. Self-improving SQLite database learns from false positives globally.
JSON + Markdown + PDF
Language Support
Supported Languages & Readiness

We are honest about where the tool stands. We will not claim capabilities we cannot deliver.

LanguageChainStatusFP RateSandboxNotes
Sui MoveSuiProduction Ready10–20%✓ sui move test15 CLMM detectors, full AST, self-improving DB
Aptos MoveAptosProduction Ready10–20%✓ aptos move testShared Move pattern base
SolidityEVM chainsBeta35–50%⚡ forge test (partial)Foundry sandbox in progress. Slither integration active.
Rust / AnchorSolanaAlpha40–60%✕ No sandbox yetAI debate only. Anchor-specific detectors coming Q3 2026.
Pricing
Choose Your Audit Tier

All tiers use the full 8-phase pipeline. Tiers differ by depth of report, PoC code, and turnaround time.

QUICK SCAN
$99 one-time
⏱ 24h delivery
Pattern scan + AI debate. Ideal for quick pre-launch sanity check on Sui/Move contracts.
  • 800+ CVE pattern scan
  • 3-agent AI debate (Hunter/Critic/Judge)
  • Confidence-gated findings
  • Markdown report
  • Sandbox PoC execution
  • Economic impact analysis
  • PDF report
PRO AUDIT
$499 one-time
⏱ 36h delivery
Full 8-phase pipeline with sandbox PoC execution. Most popular for pre-mainnet launches.
  • Everything in Quick Scan
  • 4-agent Red/Blue/Purple debate
  • Sandbox PoC execution (sui move test)
  • Economic impact analysis
  • PDF report + Markdown
  • Recommended fixes for all findings
  • Working exploit code
PoC ENGINE
$1,499 one-time
⏱ 48h delivery
Full audit + working runnable PoC exploit code for every confirmed finding. For serious pre-audit scope reduction.
  • Everything in Pro Audit
  • Working exploit code per finding
  • Full exploit chain walkthrough
  • Fix-and-rescan (1 round)
  • Priority delivery
  • 1:1 debrief call (30 min)
  • 30-day follow-up support
Submit Audit
Start Your Audit

Fill in the details below. After payment, you'll receive an email with secure code submission instructions within minutes.

🔒
Your code stays private. After payment you'll receive submission instructions via email. Your source files are handled only on our air-gapped machine and permanently deleted after report delivery. We never upload your code to any cloud service.

⚠ Disclaimer

No tool can guarantee 100% secure code. Himaya is your first line of defense — catching known patterns, discovering novel attack paths, and validating with adversarial AI. We reduce your audit scope and cost. We complement, not replace, professional security review.

FAQ
Frequently Asked Questions
How do I submit my code after payment?
After your payment is confirmed, you'll receive an email within minutes with secure submission instructions. You can either attach a ZIP of your source files directly to the reply, or invite our email to a private GitHub/GitLab repository. No upload portal — direct email to keep it simple and private.
Is my code safe? Who sees it?
Your code runs entirely on our local machine — never on a cloud server or third-party service. We sign an NDA on request. Code is permanently deleted after report delivery. You are also welcome to share only the relevant module files rather than your entire codebase.
What does "FP rate 10–20%" mean?
False Positive (FP) rate is the percentage of reported findings that are NOT real vulnerabilities. At 10–20% for Sui Move, roughly 1–2 out of every 10 confirmed findings may require closer human review. This is lower than typical first-pass manual audit FP rates of 30–40%. All findings include our confidence score so you know exactly how certain we are.
Does this replace a full professional audit?
No — and we will never claim it does. Himaya is a pre-audit tool. It surfaces the highest-confidence vulnerabilities before you pay for a professional audit, which can cost $20,000–$100,000+. By eliminating obvious issues first, you reduce the scope of your manual audit significantly, saving time and money.
What if no vulnerabilities are found?
You still receive the full report showing all patterns checked, all findings the AI debate considered and rejected, and a clean bill of health for your confidence score. "No confirmed findings" is a valid and valuable result — it means the tool found nothing that survived the full 8-phase confidence gate.