oxdev/security-auditor-grpo

Overview

oxdev/security-auditor-grpo is a specialized 0.5 billion parameter smart contract security auditor model, fine-tuned from Qwen2.5-Coder-0.5B-Instruct. It leverages Group Relative Policy Optimization (GRPO) on real-world audit findings to identify vulnerabilities in Solidity smart contracts. The model provides structured audit reports, including vulnerability classification (e.g., reentrancy, access control, oracle manipulation), severity assessment (Critical/High/Medium/Low), detailed descriptions, impact analysis, proof-of-concept exploit code, and recommended fixes.

Key Capabilities

• Vulnerability Identification: Detects a wide range of smart contract vulnerabilities across categories like Reentrancy, Access Control, Oracle Manipulation, Flash Loan, Overflow/Underflow, Front-running, DoS, Token Issues, Storage, Cross-chain, Liquidation, Signature, Initialization, and Rounding.
• Structured Audit Findings: Generates comprehensive reports with classification, severity, description, impact, exploit code, and fixes.
• GRPO Fine-tuning: Trained using Group Relative Policy Optimization on a dataset of synthetic samples, showing significant improvement in format compliance and finding rate.
• Efficient for Triage: As a 0.5B parameter model with a 32,768 token context length, it's designed for rapid analysis and initial vulnerability assessment.

Important Notes

• Performance: This is a compact 0.5B model, suitable for quick triage rather than replacing professional audits. Future versions (V2) are planned with training on 50,902 real audit findings for significant quality improvements.
• Inference Configuration: Users should set use_cache=True when loading the model for inference to avoid substantial slowdowns.