Files
seli_auditor-BF16/README.md

236 lines
7.0 KiB
Markdown
Raw Normal View History

---
license: other
tags:
- solidity
- smart-contract-audit
- qwen2.5-coder
- gguf
- lora
pipeline_tag: text-generation
base_model: Qwen/Qwen2.5-Coder-7B-Instruct
---
# SELI Auditor BF16
SELI Solidity audit artifact.
## Variant
**Merged BF16 Hugging Face model.** This variant contains the seed adapter plus the local SELI fine-tune merged into the Qwen2.5-Coder base.
Training stack:
```text
Qwen/Qwen2.5-Coder-7B-Instruct
-> merge seed adapter: jhsu12/solidity-vulnerability-detector
-> train local SELI LoRA on audit dataset
-> merge local SELI LoRA
-> artifact: BF16 safetensors model
```
Use this variant for highest quality Transformers/vLLM/SGLang serving when VRAM allows.
## Base And Fine-Tune Stack
- Base model: `Qwen/Qwen2.5-Coder-7B-Instruct`
- HF card base model: `Qwen/Qwen2.5-Coder-7B-Instruct`
- Seed adapter: `jhsu12/solidity-vulnerability-detector`
- Local fine-tune: `SELI audit dataset`
- Artifact: `merged BF16 model`
- Created: `2026-05-14 01:52:51 UTC`
## Training Data Coverage
Counts below are computed from the context-filtered Qwen2.5-Coder training files available during upload.
| Metric | Value |
|---|---:|
| Raw JSONL rows | 4072 |
| Context-filtered rows used | 3441 |
| Rows dropped for context overflow | 631 |
| Max training context | 4096 tokens |
| Named bug shapes | 95 |
| Shape mentions | 570 |
| Coverage axes | 111 |
| Proof gates | 69 |
| Bypass-hypothesis rows | 570 |
| Line-label rows | 570 |
### Strong Shape Families
- `solidity`: 3204
- `access-control`: 3106
- `amm`: 3095
- `accounting`: 2571
- `decompiler`: 2504
- `reentrancy`: 2481
- `oracle`: 2299
- `upgradeability`: 2112
- `foundry`: 1967
- `money-flow`: 1832
- `flashloan`: 1786
- `economic-model`: 1664
- `signature`: 1554
- `defi-hacks`: 1383
- `constructor-plane`: 1187
- `fork-poc`: 1168
- `incident-reconstruction`: 1168
- `multi-tx-window`: 1113
- `ast-ir`: 700
- `proof-gates`: 591
- `line-level`: 570
- `regression`: 570
- `tool-use`: 562
- `bridge-trust-config`: 541
### Source Families
- `historical_poc_foundry`: 789
- `defihacklabs_incident_index`: 594
- `curated_line_level_regression_suite`: 570
- `local_skill_archive`: 499
- `static_tool_artifact`: 496
- `local_skill`: 192
- `curated_vulnerable_contracts`: 143
- `foundry_vulnerability_labs`: 54
- `taxonomy_and_testcases`: 36
- `ctf_training`: 23
- `incident_intel_feed`: 4
- `curated_regression`: 4
- `audit_finding_dataset`: 3
- `contest_judging_guidelines`: 2
- `decompiler_tooling`: 2
- `security_standard`: 2
- `incident_database`: 2
- `audit_model_adapter_index`: 1
- `static_analyzer_json_schema`: 1
- `curated_vulnerability_dataset`: 1
### Named Shape Coverage
| Shape | Count |
|---|---:|
| `epoch snapshot reward shared-pool reentrancy` | 6 |
| `read-only reentrancy shared-pool price cache` | 6 |
| `entrypoint asymmetry` | 6 |
| `shared-escrow partial claim clear` | 6 |
| `delegated operator shared-pool reentrancy` | 6 |
| `emergency-withdraw shared-pool accounting bypass` | 6 |
| `cross-domain auth` | 6 |
| `shared ETH refund nonce callback` | 6 |
| `nested multicall deferred settlement shared-pool reentrancy` | 6 |
| `stale liability cache shared-pool accounting` | 6 |
| `liquidation callback shared collateral` | 6 |
| `stale oracle` | 6 |
| `async bridge finalize shared-escrow reentrancy` | 6 |
| `arbitrary call allowance drain` | 6 |
| `whitelist trycatch token callback shared-pool reentrancy` | 6 |
| `Foundry invariant proof` | 6 |
| `ZK public input binding` | 6 |
| `Merkle replay` | 6 |
| `multicall deferred-settlement shared-pool reentrancy` | 6 |
| `approval callback claim reuse shared-pool reentrancy` | 6 |
| `signed delta cast` | 6 |
| `referral MLM shared reward-pool reentrancy` | 6 |
| `Heimdall decompiled CFG` | 6 |
| `ERC4626 share inflation` | 6 |
| `router liquidity delta shared-pool reentrancy` | 6 |
| `AST IR state mapping` | 6 |
| `governance flashloan` | 6 |
| `proxy storage collision` | 6 |
| `read-only reentrancy` | 6 |
| `ERC1155 receiver shared-pool reentrancy` | 6 |
| `cross-contract guard-domain shared-pool reentrancy` | 6 |
| `router balance-sweep shared-pool reentrancy` | 6 |
| `rescue sweep alias shared-pool bypass` | 6 |
| `shared-pool reentrancy two-user harness` | 6 |
| `static analyzer false negative` | 6 |
| `selector ambiguity` | 6 |
| `multi-asset basket partial-settle shared-pool reentrancy` | 6 |
| `EIP-7702 delegated EOA bypass` | 6 |
| `cross-function reentrancy` | 6 |
| `cooldown alias shared-pool reentrancy` | 6 |
| `liquidation shared collateral reentrancy` | 6 |
| `queued-claim reentrancy delete-after-transfer` | 6 |
| `NFT callback reentrancy` | 6 |
| `slippage/mep` | 6 |
| `nominal LP accounting shared-pool bypass` | 6 |
### Proof-Gated Audit Behaviors
- `SOURCE_AVAILABILITY_CHECK`: 570
- `MANUAL_REVIEW_PACKET`: 570
- `STATE_WRITER_READER_TABLE`: 570
- `FALSE_POSITIVE_CONTROLS`: 570
- `MONEY_FLOW_GRAPH`: 396
- `PATH_PROFIT_SWEEP`: 396
- `CALL_FLOW_TRACE`: 330
- `TWO_USER_SHARED_POOL_POC`: 288
- `SUM_CLAIMS_LTE_ASSETS_INVARIANT`: 288
- `FOUNDRY_POC`: 144
- `FOUNDRY_TRACE`: 144
- `BRANCH_BYPASS_MATRIX`: 120
- `RECEIVER_HOOK_TRACE`: 48
- `TOKENIZED_POSITION_CLAIM_BURN_CHECK`: 48
- `BALANCE_DELTA_PARITY_CHECK`: 42
- `ALLOWANCE_SIDE_EFFECT_TRACE`: 30
- `CLAIM_CONSUMPTION_BEFORE_APPROVAL_CHECK`: 30
- `LOCK_SCOPE_MATRIX`: 30
- `MULTI_ENTRYPOINT_REENTRANCY_POC`: 30
- `LIQUIDATION_COMMIT_ORDER_CHECK`: 24
- `BORROWER_DEBT_COLLATERAL_INVARIANT`: 24
- `PER_USER_CLAIM_CLOSE_BEFORE_CALLBACK_CHECK`: 24
- `PREDICATE_SPECIFIC_CEI_TRACE`: 24
- `MESSAGE_CONSUMPTION_BEFORE_PAYOUT_CHECK`: 18
### Coverage Axes
- `line_level_evidence`: 570
- `invariant_binding`: 570
- `near_miss_control`: 570
- `asset_liability_delta`: 378
- `shared_pool_claims`: 378
- `rounding_and_donation`: 378
- `two_user_harness`: 288
- `victim_backing`: 288
- `sum_claims_lte_assets`: 288
- `per_user_claim_invalidation`: 288
- `self_reentry`: 276
- `cross_function_reentry`: 276
- `post_callback_state_write`: 276
- `authority_source`: 120
- `downstream_identity`: 120
- `nonce_domain_binding`: 120
- `receiver_hook_reachability`: 48
- `tokenized_claim_burn_order`: 48
- `batch_id_reordering`: 48
- `staleness`: 42
- `same_tx_manipulation`: 42
- `liquidity_depth`: 42
- `source_domain`: 30
- `message_nonce`: 30
## Minimal Usage
```python
from transformers import AutoModelForCausalLM, AutoTokenizer
model_id = "0xtoshi/seli_auditor-BF16"
tok = AutoTokenizer.from_pretrained(model_id, trust_remote_code=True)
model = AutoModelForCausalLM.from_pretrained(
model_id,
torch_dtype="bfloat16",
device_map="auto",
trust_remote_code=True,
)
```
## Intended Use
Authorized smart-contract security review, local regression testing, PoC planning in owned/authorized scopes, audit triage, and invariant-focused code review. The dataset is intentionally proof-gated around finding classes such as shared-pool reentrancy, callback ordering, money-flow drift, AST/IR mapping, decompiler parity, transfer parity, stale accounting, bridge replay, oracle manipulation, access-control bypass, proxy/storage collision, and Foundry proof construction.
This repository was uploaded by `seli.sh`.