Index source
AST, imports, modifiers, storage writes, ABI surfaces, instructions, and reachable entrypoints.
MCP-native evidence graphs for EVM + Solana
The security graph behind AI-assisted smart contract audits.
ilold maps authority, state, value flow, call paths, traces, findings, and fix proof into a domain-specific knowledge graph for smart contract security: an audit evidence graph humans inspect visually and agents query through MCP.
audit evidence graph · evm
risk path closed
entrypointpublic call
missing guardauthority gap
value pathfunds reachable
fix proofpath closed
code -> risk -> fix proof
Current work spans working analyzers and deployable review workflows
Source index
Evidence graph
MCP server
Fix proof
Audit workflow
From codebase to evidence, without losing the path.
ilold connects the pieces that usually live in separate tools: source, traces, findings, reports, and the fix that claims to close the issue. Every step remains inspectable by humans and queryable by agents.
Build graph
Authority edges, call paths, state dependencies, value movement, traces, and detector output.
Query through MCP
Agents ask precise questions like which public paths reach funds or which signer protects a transfer.
Export proof
Reports link findings back to source spans, runtime evidence, graph paths, and verified fixes.
MCP-native
Give AI agents security context they can actually use.
Most AI coding tools start by searching raw files. ilold starts from a deterministic security graph. Agents query the knowledge graph through narrow MCP resources and tools instead of rebuilding context from raw files.
ilold.mcp
security context server
tool which_paths_reach_funds()
tool explain_authority("transfer")
tool trace_value_flow("USDC")
tool verify_fix("finding-42")
source spans · traces · graph paths · report proof
Agents query facts
Claude Code, Codex, Cursor, and Copilot-style clients can ask security questions through MCP instead of rebuilding context every run.
Auditors inspect paths
The same graph is visual: authority, state, value, calls, traces, and reports stay reviewable by humans.
Findings become evidence
A report item links back to source spans, traces, affected paths, and the proof that a fix closed the route.
Critical assets
Map every path to funds and privileged control.
Static analyzers are useful for known patterns. The expensive failures are usually violated assumptions: who can call what, which state changed, where value moved, and whether a fix actually broke the exploit path. ilold makes those relationships reviewable by humans and queryable by MCP-connected agents.
Funds
Withdrawals, token transfers, treasury movement, accounting deltas, and paths to balances.
Authority
Owners, roles, signers, upgrade controls, admin routes, and authorization assumptions.
State
Storage writes, account changes, configuration, invariants, and dependency edges.
External behavior
Calls, delegatecalls, CPI, oracles, bridges, token programs, and cross-system effects.
Fix proof
Changed paths, closed exploit routes, regression evidence, and report-linked verification.
Technical architecture
A security evidence layer, not another chatbot.
ilold is designed as infrastructure: adapters collect chain and source context, the graph builder normalizes security relationships, the evidence store preserves provenance, and MCP makes the graph available to agents, auditors, CI, and reports. Under the hood, contracts, functions, modifiers, storage slots, signers, token flows, traces, findings, and fixes become typed nodes and edges with source provenance.
Adapters
EVM / Solana
source, ABI, traces, instructions, detector output
Graph builder
Security relationships
authority, calls, state, value flow, findings
Evidence store
Queryable provenance
nodes, edges, source spans, report history, fix proof
Interfaces
Humans + agents
visual explorer, MCP server, exports, CI/API
EVM graph engine
Dependency graphs and path evidence for Solidity systems.
ilold-evm indexes Solidity projects into graph-backed review state: dependency graphs, call paths, traces, slices, sessions, findings, report export, and MCP tools for Claude Code, Codex, Cursor, and security automation.
Path analysisfollow functions, modifiers, calls, and affected code slices
Finding contextconnect detector output to reachable paths and reports
Agent accesslet Claude Code, Codex, Cursor, and other clients query graph facts
Current Solana workbench
Runtime evidence for accounts, instructions, and CPI behavior.
The Solana workbench adds execution context: LiteSVM scenarios, account diffs, scenario forking, CPI paths, Markdown export, and typed MCP tools for repeatable review workflows.
Scenario runscapture what changed across accounts and instructions
CPI contexttrace cross-program behavior and review impact
Audit exportsship concise Markdown reports from graph-backed sessions
Product proof
Graph views, terminal evidence, MCP tools, and reports from the current work.
source spans
Solidity graph canvas
Explore code relationships, paths, and slices as reviewable graph state.
trace proof
Trace output
Evidence trails that explain where claims come from.
report context
Review workbench
Sessions, context, reports, and MCP agent tools in one workspace.
Web2 precedent
Proven in Web2 security. Missing in smart contracts.
Knowledge graphs, code property graphs, and attack-path graphs are becoming the context layer for AI-assisted security. CodeQL made code queryable. Joern made vulnerability research graph native. BloodHound made attack paths operational. ilold brings that evidence-first model to EVM and Solana security through MCP.
CodeQL
code as queryable security data
Joern / CPG
code property graphs for vulnerability discovery
BloodHound
attack-path graphs as practical security infrastructure
Sourcegraph
large-codebase context for developers and AI-assisted workflows
CodeGraph
MCP-native code context for modern AI coding agents
LLMxCPG
LLMs over code property graph slices for vulnerability detection
CKG-LLM
contract knowledge graphs plus LLM-assisted vulnerability review
ilold
MCP-native evidence graphs for EVM and Solana audit workflows
How it fits
Static analyzers find patterns. ilold preserves security evidence.
The goal is not to replace Slither, fuzzers, manual auditors, or AI agents. The goal is to connect their outputs into a graph that can be reviewed, queried, and reused across the audit lifecycle.
Static analyzers
Find known code patterns and detector matches.
ilold links detector output to reachable paths, source spans, reports, and fix proof.
Fuzzers and traces
Explore execution behavior and runtime state changes.
ilold stores those traces as graph evidence connected to authority and value flow.
Manual audits
Find semantic and business-logic failures.
ilold keeps the reasoning path reviewable instead of trapped in notes and screenshots.
AI security agents
Reason over security context and propose hypotheses.
ilold builds the smart contract evidence graph those agents need to reason reliably.
$ mcp.query("which paths can transfer value?")
$ mcp.query("what role or signer protects this call?")
$ mcp.query("what changed in this pull request?")
$ mcp.query("did fix #42 close the value path?")
returns graph evidence, not guesses
MCP context layer
Not an AI auditor. The evidence layer agents need.
AI security agents are only as good as their context. ilold gives agents deterministic graph facts, source spans, traces, reports, and prior findings so Claude Code, Codex, Cursor, and audit bots start from evidence.
Security posture
MCP, but security-first.
Security context is sensitive. ilold should expose evidence to agents through narrow, reviewable interfaces rather than handing an LLM arbitrary shell access or unscoped repository state.
ilold
Pilot the evidence graph behind AI-assisted audits.
Use ilold as the graph-backed context layer for EVM and Solana smart contract review, audit preparation, AI agents, and fix proof.