ZK-XGen-AI — Privacy Infrastructure Platform

🖥️

Best Viewed on Desktop

The technical documentation and app previews are optimized for desktop viewing.

🛠️

28 Tools

10 traditional analyzers + 6 LLM agents + 12 drain-focused modules. Each implements the AnalysisTool protocol and runs in parallel via Ray.

10 Traditional Tools (Table 1 + Table 3)

Tool	Technique	Timeout	Mem	Config	Strengths	Weaknesses
Slither ↗	Pattern matching	120s	2GB	All detectors	Fast, comprehensive	High FP rate
Mythril ↗	Symbolic exec.	300s	4GB	Depth 22, tx 120s	Deep analysis	Slow, path explosion
Echidna ↗	Fuzzing	180s	2GB	Limit 50K, seq 100	Real exploits	Needs properties
Medusa ↗	Parallel fuzzing	180s	2GB	Workers 8	Multi-core speed	Property-based
Hevm ↗	Symbolic exec.	300s	4GB	Symbolic, iter 1K	Formal guarantees	Limited scalability
Aderyn ↗	AST analysis	60s	1GB	Default	Rust speed	Pattern-limited
Halmos ↗	SMT solving	300s	4GB	Default solver	Math proofs	Complex setup
Manticore ↗	Symbolic exec.	600s	8GB	Reentrancy, overflow	Multi-tx analysis	Very slow
Heimdall ↗	Decompilation	120s	2GB	Decompile+analyze	Bytecode reverse	Accuracy varies
Panoramix ↗	Decompilation	60s	1GB	To pseudocode	Bytecode analysis	Accuracy varies

12 Drain-Focused Modules (Table 2)

Custom-built modules targeting high-value DeFi attack vectors, informed by documented attack patterns including MEV extraction, blockchain extractable value, and liquidation cascades.

▶circom

Circom circuit vulnerabilities, constraint issues

▶zk-verifier

ZK verifier contract weaknesses

▶bridge

Cross-chain

Bridge protocol attacks, message replay

▶oracle

DeFi

Price oracle manipulation, TWAP

▶governance

Protocol

Timelock bypass, voting attacks

▶proxy

Upgrade

UUPS/EIP-1967 proxy vulnerabilities

▶bytecode

Reverse Eng.

Decompiled bytecode analysis

▶ai-fuzzing

Hybrid

LLM-guided fuzzing campaigns

▶symbolic

Hybrid

LLM-enhanced path exploration

▶defi

DeFi

Flash loans, AMM manipulation

▶rollup

Layer 2 specific vulnerabilities

▶DAG

Cross-ctr

Dependency graph attack chains

Zentinel-audit Output Visualizations

Two analysis modes: Inside Contract shows per-contract findings with severity, tool source, and detail panel. Cross-Contract builds a dependency graph revealing multi-hop attack chains invisible to individual tools.

🔍 Inside Contract

Per-contract findings analysis

🔗 Cross-Contract

Dependency graph & attack chains

🔗 Cross-Contract

Relationship Analysis • 2026-01-29

Contracts

Connections

Critical

High

⚠ Cross-Contract Issues (95)

Arbitrary Call Vulnerability with Permis...

arbitrary_call • high • AuthorizedExecutor

Inconsistent Access Control Logic

business_logic • high • L1Forwarder

Cross-Chain Message Replay Vulnerability...

crosschain_replay • high • L1Forwarder

DELEGATECALL in Loop with msg.value Reus...

delegatecall_loop • critical • Multicall

Cross-Chain Message Replay Vulnerability...

crosschain_replay • critical • L2MessageStore

Flash Loan Price Manipulation

oracle • critical • PuppetPool

Oracle Manipulation via Balance Manipula...

oracle • critical • PuppetPool

Missing Access Control on Critical Admin...

business_logic • critical • IStableSwap

Edge Types

Calls

External

Delegatecall ⚠

Finding Distribution by Source (Table 8)

Slither

401

60%

Mythril

Other traditional (8)

LLM agents

13.3%

Drain modules

9.7%

Total: 669 findings. LLM agents + drain modules = 154 additional findings (23%) including business logic flaws and cross-contract vulns.