What the Product Is:

Almanax is an AI-powered tool designed for automating the auditing process of smart contracts before they are deployed on Stellar. It aims to make the auditing process faster, more affordable, and continuous, thereby enhancing the security of smart contracts by identifying and fixing vulnerabilities to prevent exploitation by hackers​​​​.

Problems It Solves, How, and for Whom:

• Problems Solved:
  • Due to their immutability, smart contracts need to go through security audits before being deployed on mainnet to ensure there aren’t bugs or vulnerabilities in the code. 
  • Traditional security audits have incredibly high costs (even up to $200k+) and lengthy processes (top auditors have long waitlists) associated with them, making them inaccessible for many projects.
  • Inefficiencies and ineffectiveness of manual audits, which often fail to prevent breaches even when conducted​​​​.
• How It Solves Them:
  • Utilizes large language models (LLMs)  and other AI algorithms trained on a vast repository of smart contract audits and known vulnerabilities to automate the audit process.
  • Delivers audit outcomes within seconds, reducing the time and cost associated with traditional audits.
  • Offers a subscription model for continuous monitoring to identify new vulnerabilities or security events as they emerge, moving beyond the point-in-time limitation of conventional audits​​.
• Target Audience:
  • Stellar/Soroban developers and companies looking to deploy smart contracts on Stellar.

Benefits:

• Significantly reduces the costs of audits, making security more accessible for a wider range of projects.
• Shortens the wait times for audits from months to seconds, facilitating faster development and deployment of projects.
• Transforms the auditing process from a snapshot in time to a continuous monitoring solution, enhancing ongoing security assurance​​.

How It Works and Its Use of Stellar/Soroban:

Almanax’s general functionalities include:

• Collecting and structuring Stellar/Soroban specific data from various sources, including publicly available Soroban audits and known vulnerabilities databases.
• Using this data to train an LLM and other AI algorithms, which are then fine-tuned to identify vulnerabilities in Soroban smart contracts and generate audit reports with recommended fixes specific to Soroban.
• The process involves detecting vulnerabilities, explaining their nature, proposing solutions, and evaluating the effectiveness of these solutions through a feedback loop​​. 

[Deliverable 1: AI Model Training and Fine-Tuning - $25,000]

• Brief Description: Collect a comprehensive dataset of publicly available Soroban audits and Rust vulnerabilities, to fine-tune an LLM for detecting vulnerabilities in Soroban smart contracts and generating audit reports with solutions.
• Measure of Completion: The LLM can successfully audit a Soroban contract with high precision and recall in identifying Soroban smart contract vulnerabilities.
• Estimated Completion: 3 weeks from project initiation.
• Budget: $25,000

[Deliverable 2: Development of Version 1 (V1) - $20,000]

• Brief Description: 
  • Design and develop user-facing website (authentication, upload, audit history, checkout)
  • Integrate LLM from milestone 1 into the website 
  • Set up evaluation pipeline to measure LLM performance
• Measure of Completion: Deployment of a functional website with LLM integration
• Estimated Completion: 5 weeks from project initiation.
• Budget: $20,000

[Deliverable 3: Product Launch and Initial Audits - $5,000]

• Brief Description: Launch a beta version of the automated auditor for Soroban projects, engage with design partners for validation, and execute initial 10 free audits to establish the tool’s effectiveness and gather initial market feedback.
• Measure of Completion: Beta launch announcement, completion of 10 free audits, and collected feedback from initial users and partners. 
• Estimated Completion: 6 weeks from project initiation.
• Budget: $5,000

Phase 1 (part of this proposal): Activation and Initial Development (0-1.5 Months)

• Objective: Lay the foundational technology and infrastructure for the auditing tool.
• Deliverables: As outlined in the Activation Award request, including AI model training, V1 development, and initial beta launch.

Phase 2: AI refinement and V1 launch (1.5-3/4.5 months) 

• Objective: Refine the tool based on initial feedback, enhance AI capabilities, and publicly launch the product.
• Deliverables:
  • Advanced AI Model Enhancements: Incorporate feedback and new data to improve model accuracy and expand vulnerability detection.
  • Feature Expansion: Develop additional user-centric features based on feedback, such as enhanced reporting and integration capabilities with other tools.
  • Publicly launch V1 of the product 

Phase 3: Continuous monitoring capabilities and V2 launch (3/4.5 - 4.5/6 months) 

• Objective: Incorporate continuous monitoring capabilities and integrate the new enhanced AI system. We might need to raise a new round of financing in this period. 
• Deliverables:
  • Continuous Monitoring feature: Allow projects to subscribe to continuous monitoring for their smart contracts to identify new vulnerabilities after the launch. 
  • New enhanced AI system: integrate the new version of our AI system, with enhanced auditing capabilities 
  • Launch V2 of the product 

Phase 1 is covered in this activation award proposal. 

Phase 2 and phase 3 cover the remaining expected roadmap. The estimate is that Phase 2 and 3 will require around $100k. 

Almanax was founded by Francesco Piccoli, Maxwell Watson, and the Defize Incubator, who combine their shared expertise in Web3 and cybersecurity. 

Francesco was the former Head of Product at AnChain.AI, a Silicon Valley-based company developing AI-powered blockchain analytics products for institutions like the US SEC, FinCEN, IRS, and Italian Police. Before AnChain, Francesco conducted AI research in the autonomous driving industry. 

Linkedin: https://www.linkedin.com/in/francesco-piccoli/

Twitter: https://twitter.com/francescpicc

Former Senior Software Engineer at Coinbase, Maxwell led Coinbase’s blockchain infrastructure projects. Prior to that, he built Capsule8’s security products which led to its acquisition by cybersecurity giant Sophos. 

Linkedin: https://www.linkedin.com/in/mmwtsn

Twitter: https://twitter.com/mmwtsn