Heimdallr
The reference agent harness for smart contract auditing: function-level reorganization, cascaded verification, 92.45% detection at $2.31/10K LOC, 17/20 real attack reconstructions.
Function-level reorganization is the load-bearing idea. Rewriting the contract into context-complete function units (resolving inheritance, inlining modifiers, reconstructing state and external-call dependencies) is what lets the LLM reason at auditor depth instead of hallucinating over raw source. The same model on raw source vs reorganized units produces dramatically different results. No other harness in the roster performs this transformation.
Cascaded verification is the cost discipline behind $2.31/10K LOC. Cheap pattern checks produce candidates, LLM semantic analysis confirms or rejects, and exploit reconstruction runs only on the confirmed few. Spending the LLM budget only on survivors is what makes the agent affordable at audit scale; the naive alternative (LLM on every function) costs orders of magnitude more.
The 17/20 reconstruction rate is the headline that matters. Exploit reconstruction measures the agent at human-auditor depth — it shows how the vulnerability would be exploited, not just that it exists. Placed last, only on confirmed candidates, it is the deepest verification short of a live exploit.
92.45% detection is a high-recall first pass, not a clean bill of health. The 7.55% miss rate is the risk a client must not read as 'secure,' and symbolic reconstructions are hypotheses requiring live-chain confirmation. The read-only execution is safe; the interpretation of findings is the surface to govern.