Over the past weeks, we’ve been deep into experimenting with AI agents and skill-based workflows. One clear takeaway: Simply throwing a large model at audits doesn’t work well. Clear steps, structured workflows, and reusable skills matter much more. This is a big shift for Chain-Fox. Expanding what Chain-Fox does Until now, Chain-Fox has focused mainly on smart contract code checks. That’s important, but real Web3 attacks are rarely just about code. Rug pulls, malicious behavior, and fake or compromised websites play a huge role. Because of this, Chain-Fox is evolving from pure code checks into broader risk analysis that better reflects how real attacks happen.

To better understand the current Solana security ecosystem, We tested Fender, Eloizer, and X-Ray on over 200 real Anchor bugs. The report is here: github.com/Chain-Fox/Chain-F… Here’s what we saw: Fender catches almost everything with very high recall. X-Ray gives cleaner output but misses quite a few bugs. Eloizer lands somewhere in between. But in real projects, precision drops to about 6%. That means you need to look at 10 to 15 alerts to find one real issue. So a practical workflow right now: Run Fender, apply some filtering, then manually review. It’s still early. Tools are getting better quickly. We’re not done. We are testing other tools esp LLM-based ones.

At Chain-Fox, we’ve collected 150 bug-fixing commits across 1000 real-world Anchor projects. We’re analyzing them to evaluate the effectiveness of existing Solana security analysis tools. Our own agentic checker is also in progress.

I think this is real progress for Solana security. Respect to the researchers from Germany. arxiv.org/abs/2603.16349 The ability to analyze deployed contracts without requiring source code makes the approach actually usable in practice. Symbolic execution is powerful for uncovering low-level bugs, but business logic vulnerabilities remain difficult to detect. The next step is clear: combining code-level analysis with intent-based LLM reasoning.

I just applied to the $4M @BagsHackathon with my project Chain-Fox on @BagsApp Check it out here 👇 bags.fm/apps/5e9fca32-ac67-4…

Those who are engaging web3 security should read the two articles by MagicGrants and Kleros. Takeaway: AI can flag “bugs” that aren’t bugs, while tools miss real issues. Neither alone meets our auditing needs. Chain-Fox leverages verification to get the best of both worlds: AI and expert tools. magicgrants.org/2026/03/09/A… blog.kleros.io/smart-contrac…

To test the ability of agentic checkers, I tried running old Sealevel-Attacks demos on Anchor 0.32.1 in a restricted network. Biggest headaches: 1. Downloads often fail: had to manually download and fix. 2. Old demos incompatible with new Anchor Forked the project, fixing compatibility with Anchor 0.32. Will upstream once stable. github.com/Chain-Fox/solana-…

I am rethinking what an agentic checker means. Instead of building agents that guess bugs, we should build systems that: prove properties of the program The LLM helps fill the specification gap, but correctness is decided by formal methods. github.com/Chain-Fox/solana-…

x.com/StepFinance_/status/20… Pity to see such an influential company shut down after a treasury breach. The problem wasn’t the chain itself, it was a compromised key or account. Relying on a single signer is extremely risky. Multisig and keeping keys in separate places is a must.

Back from the holidays, now it’s time to work on the agentic checker!

Rug-Pull Detector: Initial Version Live Try it now: chain-fox.com/rugpull-detect 1. Paste a contract address 2. Click Analyze Contract 3. Wait for the Rug-Pull Agent to generate a full analysis This is just the beginning, more functions to be added. Let’s make it stronger together.

While researching open-source rug-pull detectors, I found something worrying. Some don’t work. Some are outright malicious. hippo7598/rug-pull-detector Looks professional. README is clean. At first glance, no obvious issue. But check the raw file: raw.githubusercontent.com/hi… You’ll find: Obfuscated bytecode Encrypted payload exec() on decrypted content That’s NOT how security tools are written. The byte-encoded payload expands to: ``` os.system('pip install cryptography') os.system('pip install requests') os.system('pip install fernet') import requests from fernet import Fernet exec(Fernet(b'<key>').decrypt(b'<encrypted_payload>')) ``` Because the decrypted payload is executed directly: Arbitrary code execution is possible Credential theft is possible Wallet key exfiltration is possible The impact surface is unbounded. Use a trustworthy tool in Chain-Fox. The rug-pull tool testing will be online in hours.

WARNING: MALICIOUS CODE FOUND INSIDE 🦂github.com/hippo7598/rug-pul… A reminder: malicious code often disguises itself as “security tools.” Be careful what you run. This is exactly why we’re building Chain-Fox: Open logic. Auditable code. No hidden execution. Our rug-pull inner test will be online soon. No fear of malicious detectors. Stay safe.

Work these days: Initial version of rug-pull detection will be out in 24h. Pushing the checkers to be more agentic, not just rule-based flags. Tried the newest doc to spec tools. Promising, but still needs manual work. Step by step. Build the foundation right. @ChainFoxAI

Chain-Fox is being built with a long-term view. We’re focusing on designing security systems that reflect how real Web3 risks evolve, not just running surface-level checks. Some phases take more groundwork than visibility. Updates will be shared when there’s something concrete to show.

Chain-Fox is moving beyond code-only audits. Most Web3 exploits don’t start with a single contract bug. They start with behavior, fake sites, and gradual risk signals. That’s why our roadmap now focuses on agent-based risk analysis: • Rug pull detection • Web3 website risk checks • Skill-based contract auditing • Continuous signals, not yes/no labels Full roadmap is live and development is underway.