Crucible — Audit Your Contract by Attacking It

A professional smart-contract audit costs $30,000–$100,000 and takes 4–6 weeks. One missed bug — like the reentrancy flaw that drained $60M from The DAO — can empty a contract in a single transaction. Crucible runs that adversarial audit in under ten minutes. Crucible is a smart-contract security tool that audits your code by attacking it. Instead of a checklist, it stages a real fight between two teams of AI agents collaborating in a shared Band room. The Architect maps the contract's attack surface. The Red Lead reads the code and — this is the core innovation — recruits the exact specialist attackers it needs at runtime through Band's participant tools (band_lookup_peers → band_add_participant). The attacking team assembles itself based on what the code exposes; nothing is pre-scripted. Each specialist runs a real exploit on a live Anvil blockchain fork, producing a verifiable transaction hash. In our demo, the vault drains from 100 ETH to 0 — reentrancy (tx 0xe76b2188…) and access-control (tx 0x84d0f4a1…). The defending Engineer then patches the code under fire; the specialists re-run the exact same exploits against the patch, and both revert — the vault holds at 100 ETH. A neutral Judge agent scores every round and compiles a hardening verdict, which a human approves. The agents propose; the human decides. Band is the load-bearing layer: two opposing teams plus a referee coordinate in one room via @mention routing, across multiple AI providers (AI/ML API, Featherless), with runtime recruitment as the central mechanic. Remove Band and the fight can't happen. Nothing in the demo is faked — vault balances are read from chain state, exploits broadcast real transactions, and the full 12-step siege ran end-to-end live on Band before being recorded for the replay. Crucible: find the bug before the attacker does.