A detailed walkthrough of designing a six-agent CrewAI pipeline for automated Solidity smart contract security auditing. The pipeline consists of a Contract Planner, Static Analysis Interpreter, Vulnerability Hunter, Exploit Crafter, Verification Agent, and Report Writer — each with a distinct adversarial role and structured JSON output. Key design decisions include sequential processing, strict separation of attack modeling from remediation, simulated static analysis without external tool dependencies, and a built-in human escalation mechanism. The demo targets a deliberately vulnerable ETH vault with three intentional security flaws, including a reentrancy bug, missing access control, and an accounting inconsistency that static tools miss.
Table of contents
Why CrewAI?The Audit PipelineAgent 1: The Contract PlannerPrompt SummaryAgent 2: The Static Analysis InterpreterPrompt SummaryAgent 3: The Vulnerability HunterPrompt SummaryAgent 4: The Exploit CrafterGet BATIS AB ’s stories in your inboxPrompt SummaryAgent 5: The Verification AgentPrompt SummaryAgent 6: The Report WriterPrompt SummaryWhat the Full Pipeline Looks Like in PracticeKey Design Decisions, SummarizedWhat’s NextSort: