Wake Arena is a multi-agent AI audit service for Solidity codebases. It combines LLM reasoning, graph-driven analysis (data dependencies and control flow), and a battle-tested static analysis detector library built from years of Ackee audits.
In benchmark testing, Wake Arena discovered 43 of 94 high-severity vulnerabilities across historical audit competitions, outperforming plain GPT-5 (24/94), plain Opus 4.5 (21/94), and Zellic’s automated scanner V12 (41/94).
Benchmarks are useful, but production is the real test. Let’s take a closer look what happened when teams used Wake Arena on production code and what they changed in response.
What Wake Arena does
Wake Arena is designed to help teams arrive at a premium audit with cleaner code. It:
- Finds meaningful issues early, focusing on high-signal vulnerabilities, not volume.
- Explains findings like an auditor, including impact, exploit path, and where it happens in code.
- Links evidence using code snippets, line numbers, and a structured summary for easy triage.
Protocols get a security review based to an auditor workflows than a generic “LLM scan” – and one they can iterate on quickly.
Across the three protocols, Wake Arena surfaced 192 issues that were triaged by the teams as 142 true positives and 50 false positives (a ~3:1 TP/FP ratio). Most importantly, 79 issues across the 5 reports led to concrete code changes: 5 (LUKSO), 68 (IPOR Fusion), and 6 (Monerium).
Furthermore, we are thankful for the user feedback and will use it to make Wake Arena even more manageable and transparent at scale.
LUKSO: “very good and helpful” for hardening shipped code faster
LUKSO, an EVM L1 focused on digital identity and consumer applications, served as a design partner during development and used Wake Arena on their Solidity codebase.
Scan outcome
- 10 total findings in a single scan: 2 High, 6 Medium, 1 Low, 1 Warning
- 2 false positives reported
- TP/FP ratio (per client triage): 8 / 2
- The team reported they’ll fix 1 High, 1 Medium, and 1 Low shortly after receiving the report
Positive feedback
“The PDF looks really super great, I was very impressed by how well written it was overall.”
“The ‘Finding Summary’ table is top notch. Exactly what I was looking for.”
“Very impressed by how the PDF report looks like and how well it was written… I would definitely recommend this tool to catch early bugs to anyone before going to a formal security audit.”
– LUKSO team feedback
In the same feedback, the team also mentioned report sections they relied on most: Severity & Confidence explanation, Audit Overview / Overall Security Assessment / Recommendations, and line-numbered code snippets.
Observed impact
The report quickly enabled:
- Triage (what matters, why it matters)
- Verification (where it is in code)
- Iteration (fix → re-run → compare)
Product improvements (based on LUKSO’s feedback)
- Clarifying that the PDF is an AI-driven automated analysis (not a manual audit report).
- Adding more explicit remediation guidance per finding (concrete next steps, typical fixes, and verification tips).
- Keeping the report “audit-like” in usability, without confusing it with a human audit deliverable.
IPOR Fusion: fast iteration and clear security trade-offs
IPOR Lab, a DeFi team building interest-rate and yield products, used Wake Arena on IPOR Fusion across multiple runs in December 2025:
Scan outcome
- 3 reports in 4 days, enabling rapid hardening cycles during active development.
- TP/FP ratio (per client triage): 126 / 47 (~2.7:1)
- The IPOR Labs team systematically triaged findings into:
- 68 Valid → required code changes
- 58 Acknowledged → accepted trade-off / mitigation in architecture
- 47 False positives / invalid → detailed rebuttals based on execution constraints
- Per the client, some issues were classified as higher severity in the report than what their team ultimately assigned.
Positive feedback
IPOR’s response shows a consistent pattern: findings were evaluated against explicit trust boundaries and execution constraints (who can call what, and under which authority), not in isolation.
“We spend many hours analyzing it, have to say that the tool is very nice.”
– IPOR Labs, report response
This is important because it mirrors how senior auditors work: claims must be bound to a realistic attacker model.
Observed impact
- In their triage, the IPOR Labs team classified 68 findings as true positives (requiring code or documentation changes) and 47 as false positives/invalid.
- Examples they marked as Valid (required changes) included fee math / ERC-4626 semantic mismatches and slippage-guard configuration issues (as reflected in their per-finding responses).
- Examples they marked as False positive hinged on execution constraints (e.g., components not being publicly reachable, restricted execution paths, and designs that avoid residual balances between transactions).
Wake Arena accelerates high-quality engineering conversations around invariants, trust boundaries, and trade-offs – all before a premium audit.
Monerium: turning findings into merged fixes with tests
Monerium, a regulated issuer of fiat-backed on-chain money, used Wake Arena on src/SwapV1V2.sol and published their triage and fixes in a public issue: “Ackee Wake – AI Audit Report for src/SwapV1V2.sol”. Full report: Wake Arena PDF.
Scan outcome
- 6 items fixed (H1–H5, W1)
- 1 item rejected as “by design” (I1), with rationale and a recommended alternative flow for relayers/aggregators
- TP/FP ratio (per client triage): 6 / 1
- They documented trade-offs instead of hand-waving them (e.g., small gas increases to remove ambiguous “no-op” semantics for integrators)
Positive feedback
“We acknowledge this as a valid finding and have implemented a fix.”
“For consistency and integration safety, we’ve modified all swap functions to always execute transfers… eliminating any potential confusion for integrators.”
– Monerium, public issue response
Public verification
- 41 tests passing
- 100% coverage for SwapV1V2.sol (lines/statements/branches/functions)
The results are actionable findings that convert into clearer semantics for integrators, better documentation, and shipped code changes, with regression protection.
What’s next for Wake Arena?
We’re focusing on workflow and visibility improvements when the tool runs across multiple protocols and teams:
- Admin panels (internal + ecosystem/protocol) to give teams better control over:
- Monthly scan usage
- Number of remaining scans in their plan
- Number of issues found per protocol
- Issues table & richer statuses with individual findings, severity, and counts, plus per-protocol status visibility. Statuses expanded from two to five to improve accuracy and workflow: Reported, Valid, Acknowledged, Fixed, Invalid.
- Email management + AI report views per organization / protocol.
- Better context inputs for higher accuracy of AI results.
Conclusion
Wake Arena reduces time-to-fix on the issues that matter before you spend premium auditor hours on avoidable basics.
The tool identified a total of 192 issues across the three protocols. Following triage by each team, these were classified as 142 true positives and 50 false positives, resulting in a favorable ~3:1 true positive to false positive ratio. More importantly, 79 of these issues, spanning the 5 reports, prompted code fixes: 5 for LUKSO, 68 for IPOR Fusion, and 6 for Monerium.
We’re building admin panels and richer issue workflows, improved management tools, and better context inputs to make Wake Arena easier to operate at scale and more useful per scan.
If you want an auditor-style, evidence-backed report that your team can triage quickly, and re-run after fixes to keep tightening the codebase, use Wake Arena.
