[Proposal setup] Proposal title

Please provide your proposal title

by TxPipe - Early Aiken vulnerability detection using AI

[Proposal Summary] Budget Information

Enter the amount of funding you are requesting in ADA

96000

[Proposal Summary] Time

Please specify how many months you expect your project to last

7

[Proposal Summary] Translation Information

Please indicate if your proposal has been auto-translated

No

Original Language

en

[Proposal Summary] Problem Statement

What is the problem you want to solve?

Late discovery of vulnerabilities in Aiken code causes costly delays and increases the risk of exploits. There is no accessible, Cardano-specific tool to surface issues early in the developer workflow

[Proposal Summary] Supporting Documentation

Supporting links

• https://txpipe.io
,
• https://github.com/txpipe

[Proposal Summary] Project Dependencies

Does your project have any dependencies on other organizations, technical or otherwise?

No

Describe any dependencies or write 'No dependencies'

no dependencies

[Proposal Summary] Project Open Source

Will your project's outputs be fully open source?

Yes

License and Additional Information

Apache 2.0

[Theme Selection] Theme

Please choose the most relevant theme and tag related to the outcomes of your proposal

Developer Tools

[Campaign Category] Category Questions

Mention your open source license and describe your open source license rationale.

Apache 2.0 was chosen because it is a permissive and business-friendly license, widely adopted across the open-source ecosystem, and it provides legal clarity with explicit patent protection for contributors and users.

How do you make sure your source code is accessible to the public from project start, and people are informed?

The repository will be public from day one, with all development activity shared transparently. Updates will be announced through public channels, and a dedicated Discord channel will allow direct community interaction.

How will you provide high quality documentation?

A comprehensive public documentation site will be maintained, including user guides, developer references, and contribution guidelines, following the same high standards established in TxPipe’s previous open-source projects.

[Your Project and Solution] Solution

Please describe your proposed solution and how it addresses the problem

Problem Statement

Security remains one of the most critical challenges for Cardano dApp developers, particularly in the early stages of protocol design. Vulnerabilities caught late in the development cycle lead to costly delays, reduced trust, and potential on-chain exploits.

At the same, the Cardano community has been gathered knowledge of best-practices and known footguns which is very useful for building Cardano smart contracts. This knowledge base should be used as early as possible in the development process to reduce costs and improve security.

Proposed Solution

This project addresses that gap by giving developers an accessible, audit-informed analysis tool that identifies risks early—combining deterministic heuristics with AI models trained on real audit data. By making high-quality security feedback available directly in local development workflows, it helps strengthen the overall security posture of the Cardano ecosystem while lowering the barrier to building robust, mainnet-ready protocols.

TxPipe is particularly well positioned to develop such a tool, drawing on extensive experience in auditing methodologies, vulnerability pattern recognition, and structured reporting formats. Having conducted more than 25 audits for top-tier Cardano projects, the team has deep insight into common pitfalls and best practices in smart contract security. Data which will be used both for definition of heuristics and training of the AI models.

The tool is NOT intended to replace formal third-party audits, but rather to improve the development workflow by enabling earlier detection and remediation of issues before formal review.

Scope

A comprehensive solution for this problem requires an approach that combines different analysis strategies. We envision a final solution that incorporates the following features:

• Heuristic Analysis Engine – Rule-based scanning of Aiken smart contracts to detect known vulnerability patterns, unsafe constructs, and protocol-level logic flaws.
• Domain-Specific LLM Fine-tuning – A custom RAG (Retrieval-Augmented Generation) process that uses a knowledge base built from TxPipe’s and other curated audit reports, capable of contextual reasoning about specific Aiken code.
• Structured Output Format – Risk-level classification and actionable recommendations, optimized for developer consumption.
• Local Development Integration – CLI and/or IDE extensions to run scans directly in the developer’s environment.

[Your Project and Solution] Impact

Please define the positive impact your project will have on the wider Cardano community

• By enabling the detection of known vulnerabilities in Aiken on-chain code, this project will streamline the audit process, accelerating dApp deployment and reducing development costs.
• The combination of deterministic heuristics with an audit-trained LLM creates a reusable, adaptable security framework that evolves alongside the ecosystem.
• This tool will elevate the baseline for secure development, strengthening not only individual projects but also the overall resilience of the Cardano network.

[Your Project and Solution] Capabilities & Feasibility

What is your capability to deliver your project with high levels of trust and accountability? How do you intend to validate if your approach is feasible?

TxPipe is an active member of the Cardano ecosystem

TxPipe has been developing open-source tools for the Cardano ecosystem for over 2 years and we're not going anywhere. Evidence of our commitment can be found by evaluating the continuous activity of our public code repositories.

Experience developing in the Cardano ecosystem

TxPipe has helped developed several dApps for the Cardano ecosystem. This experience allows us to evaluate the feasibility of the project and its potential benefit from a developer's perspective.

Successful Catalyst proposals

We have successfully completed several Catalyst proposals. This may serve as evidence that our team has the required capabilities to fulfill these type of projects.

Development process will be public and open-source

Both the output and the development process will be public and open-source. This approach provides an easy way for the Catalyst team and the Cardano community to evaluate the progress at each step of the process.

[Milestones] Project Milestones

Milestone Title

Project Scaffold and Architecture

Milestone Outputs

• Architecture document with system design and component diagrams
• Code repository with project structure ready for feature development
• Configured CI workflows to ensure a robust development methodology

Acceptance Criteria

• Architecture design reflects scope and features of the platform
• The code repository structure reflects the components described in the architecture
• The CI workflows runs mock tests in preparation for further development

Evidence of Completion

• Link architectural documentation.
• Link to open-source code repository.
• Link to CI workflows in Github
• Video walkthrough of the designed architecture

Delivery Month

1

Cost

28800

Progress

10 %

Milestone Title

Heuristics Engine Development

Milestone Outputs

• A functioning Heuristic Analysis Engine capable of rule-based scanning.
• Initial set of rules detecting common vulnerability patterns in Aiken smart contracts.
• Data files documenting vulnerability patterns and rules applied.
• Integration with a user-facing CLI for running heuristic scans.

Acceptance Criteria

• Successfully identify a predefined list of vulnerability patterns in test scenarios.
• Performance metrics meeting specified benchmarks for speed and accuracy.
• User-facing CLI operates seamlessly with heuristic analysis functionalities.

Evidence of Completion

• Test reports showcasing vulnerability detection in sample smart contracts.
• Documented implementation of heuristic rules with associated results.
• Repository of data files used for testing and validation.
• Demonstrations of CLI integration in user environments.

Delivery Month

3

Cost

26600

Progress

50 %

Milestone Title

LLM Fine-tuning

Milestone Outputs

• Artifact to run a fine-tuned Language Model using Retrieval-Augmented Generation.
• Knowledge base built from audit reports integrated into the model.
• Training material, including curated audit reports and structured datasets.
• Integration with a user-facing CLI for executing LLM-based analyses.

Acceptance Criteria

• Generates reasonable and context-aware analyses of Aiken code.
• Provides user feedback indicates improved understanding of code vulnerabilities.
• User-facing CLI allows easy access to the LLM functionalities.

Evidence of Completion

• Case studies highlighting improvements in security analysis using the model.
• Archive of training datasets and audit reports used for model fine-tuning.
• Video showcasing usage of the CLI to access LLM features in user scenarios.

Delivery Month

6

Cost

26200

Progress

90 %

Milestone Title

Final Report

Milestone Outputs

• publicly available source-code for the complete vulnerabilty detection system
• publicly available binaries for installing the user-facing tooling
• publicly available documentation showing how to install and use the tool
• a close out video showcasing the final output of the project
• a close out report describing the project process and outcome

Acceptance Criteria

• the provided source code is comprehensive and matches the proposal scope
• the user-facing tools can be installed using the provided binaries
• the documentation is comprehensive, including setup and configuration instructions
• the close out video follows Catalyst guidelines
• the close out report follows Catalyst guidelines

Evidence of Completion

• Source-code available in our Github repository (URL TBD)
• Link to binary releases available for download (URL TBD)
• Link to documentation website with install and configuration instructions (URL TBD)
• Close out video uploaded to YouTube (URL TBD)
• Close out report uploaded to Google drive (URL TBD)

Delivery Month

7

Cost

14400

Progress

100 %

[Final Pitch] Budget & Costs

Please provide a cost breakdown of the proposed work and resources

• Aiken Auditor – 1.5 months = ₳30,000
• Backend Developer – 1 month = ₳15,000
• Frontend Developer – 1 month = ₳8,333
• AI Engineer – 1.5 months = ₳22,500
• Site Reliability Engineer – 0.5 month = ₳6,667
• Project Manager – 0.25 FTE over 6 months = ₳7,500
• Hosting (6 months) = ₳6,000

Total Request: ₳96,000 (0.6 ADA/USD)

[Final Pitch] Value for Money

How does the cost of the project represent value for the Cardano ecosystem?

The bulk of the budget falls under the software development category. TxPipe has extensive experience in the field, allowing it to provide good value for money. The hourly rates are defined using fair market prices. The estimation for the level of effort takes into account all of the optimizations that our team is capable of providing after years of experience developing software solutions in the Cardano ecosystem.

[Required Acknowledgements] Consent & Confirmation

Terms and Conditions:

Yes