How a Free Trial Became Continuous Coverage

‍

Uniswap Protocol has processed trillions of dollars in trading volume across contracts that have been reviewed, tested, and iterated on for years. The team progressed from a free AuditAgent scan, to an end-to-end AgentArena competition, and finally to the AuditAgent Business Plan. Each step followed naturally from results in the previous one.

‍

‍

How It Started

‍

The Uniswap codebase is one of the most audited in the Ethereum ecosystem, and the team is always on the lookout for new tools and approaches that can strengthen its security.

‍

Cody Born, Principal Engineer at Uniswap, ran a free AuditAgent scan against the Uniswap contracts after a conversation with a Nethermind Security engineer about what AI-assisted auditing could surface on a mature, heavily reviewed codebase. The early results were substantive enough to push the team to experiment with AI assisted auditing, so they ran an AgentArena competition targeting a new version of the UniswapX codebase that was in development at the time.

‍

‍

Phase One: Adversarial Analysis

‍

UniswapX is Uniswap's intent-based trading system, introducing settlement patterns and resolver interactions that add complexity beyond standard AMM logic. The AgentArena competition ran multiple independent AI security agents in parallel against the codebase, with findings judged by an AI arbiter and validated by human auditors.

‍

The result: 3 Medium and 2 Low severity findings, targeting core settlement logic, token transfer handling, Permit2 trust boundaries, and DCA execution design. The findings clustered around a specific class of issues: not obvious bugs, but subtle gaps between what the system appeared to guarantee and what it actually enforced under adversarial or edge-case conditions. All issues were addressed by Uniswap Labs.

‍

‍

Phase Two: Continuous Integration

‍

Results from the AuditAgent trial and the AgentArena competition pointed towards an opportunity. The team wanted security analysis running continuously alongside development, not arriving in batch at audit milestones.

‍

Acting on these results, Uniswap adopted the AuditAgent Business Plan, monitoring their GitHub repository and running automated analyses against active branches and new contract modules as part of their normal workflow. Soon after, two findings surfaced during CI review, including one of High severity, and were both addressed in active development, before reaching formal audit stages.

‍

We take our smart contract security very seriously. We've found that introducing automated audit platforms like AuditAgent into our contract development process helps developers flag things early, shortening the development cycle and keeping the quality bar high.
Cody Born, Principal Engineer, Uniswap

‍

The tool served as both a first-pass reviewer and a sparring partner, surfacing edge cases and design considerations that prompted internal discussion and, in several cases, led directly to code changes.

‍

‍

The Shape of the Engagement

‍

Uniswap's path through this engagement followed a methodical progression: a free trial that produced real findings, a competition that validated the approach against a meaningful benchmark, and Business Plan adoption that moved security analysis earlier in the development cycle. Each stage was driven by observation and results from the previous one.

‍

AgentArena and AuditAgent serve different functions. AgentArena runs at milestones, deploying multiple agents in parallel for concentrated adversarial analysis. AuditAgent runs both continuously through CI integration and on-demand for targeted scans, and Uniswap uses both modes against their codebase. Together they cover the full development cycle at different speeds.

‍

This agentic layer is one piece of a larger security stack. Comprehensive audits involve weeks of in-depth review by experienced security researchers, while formal verification produces mathematical proofs for critical components. Code that has been continuously analyzed throughout development reaches formal audit in better shape, freeing senior auditors and formal methods to focus on the harder, deeper problems.