Live Contract Risk Scoring with Intuition

Security happens to be a topic i have highlighted in a number of ways previously, so I’d make sure not to sound like a broken cymbal.

Web3 contract security is fundamentally broken with billions lost every year to exploits that someone probably saw coming, but the warnings never got to people.

Many teams treat security like a one-time thing - pay for audit, publish a pdf or an X post, and that’s it. But audits can miss up to 80% of flaws, cost a fortune, and go stale the moment the protocol upgrades, adds new integrations, or composability shifts introduce fresh attack surfaces.

We’ve seen this movie before:

1. Nomad protocol hack of 2022 ($190M) where its own audit had already flagged the vulnerability that would later be exploited but it was only ‘acknowledged’ and was never resolved until it was exploited.

Quantstamp audit (June 6, 2022) — QSP-19 “Proving With An Empty Leaf” — Status: Acknowledged.

2. A full year before ~$25M was lost in the imBTC (Lendf.me) reentrancy exploit, OpenZeppelin had publicly shown how ERC-777 tokens could be exploited, yet protocols never adapted and users remained unaware of the risks involved.

These two cases cost users their hard earned money because they were in the dark; not because the knowledge wasn’t there, but because it never made it into the hands of users, developers, or tools at the time.

Users are expected to read some ancient-scroll-of-uncertain-origins audit report to stay afloat, or have to hit into telegrams and query no high-school-level understanding of what the code says. Either way, it remains a dead-end with costly consequences (drain, hacks, loss).

But what if security expert warnings didn’t live in PDFs and scattered articles?

What if the warnings were live, ranked, and showed up pre-click?

Enter Intuition:

A public onchain “fact board” where teams post the real details of a project, contract addresses, codes, and others (developers, researchers, users, etc.) can co-sign or flag them (stake-based confidence) just like you vouch on ethos. Apps can then read the best current answer before a user clicks.

How reputation-based warning system can work with Intuition:

• security expert can make claims about contracts vulnerable to flashloan attack or reentrancy, etc. when they emerge.

• they stake ($$) on these claims which means Signal.

• if right, they earn rewards and stronger reputation; and vice versa.

• scores can be set to decay over time, i.e., if no one updates it, the system assumes risk info is old and becomes less trusted.

• the user during interaction (swaps, LPs) with the contract receives notifications like:

23% Risk — 12 experts flagged a reentrancy vulnerability, updated 3 hours ago

94% Safe — reviewed by 8 auditors, last checked 2 days ago

This way, users are protected, cost is cut, one-time audits become continuous monitoring, and tools (wallets, ai agents, aggregators) can automatically choose safer contracts to interact with. Security won’t depend on whoever reads the right pdf, instead a live signal that updates fasts as the risks do.

Also, as we move into a world where AI agents will do more than approve transactions on our behalf, Intuition becomes compulsory. Making stake-weighted human expertise the source of truth for agents, humans, and tools.

That’s the shift Intuition is bringing to the table.

I hope team finds it interesting and intuitive as well… gm!

X handle: @pgreyy

Great write up, super relatable tbh. Intuition was always bound to happen it was just matter of time , Crazy how just sharing what you know turns your opinion into an asset

Exactly. The Nomad case still blows my mind. They literally knew about the issue but left it sitting there. That’s the problem. Most teams see audits as the finish line instead of part of an ongoing process. Web3 moves too fast for “one and done” security. Every new integration or upgrade opens a fresh door, and if no one’s watching, someone else eventually will with bad intentions.

Really thoughtful idea live, verified warnings instead of buried audits is exactly what the space needs. Great perspective!

i guess problem is that current security infra don’t talk to each other and users still have no live signal they can trust before clicking.

that’s where i think intuition fits in. not “another audit tool,” but a reputation layer that all these systems can plug into.

so when forta bot fires an alert or drosera trap gets triggered, it doesn’t just stay inside that app - it becomes a staked claim on-chain, ranked by trust and freshness.

then wallets, agents, and aggregators can just pull that data and say:

26% risk — 14 experts + 2 detection bots flagged anomaly (updated 1h ago).

that’s a universal language of trust across tools but human + machine verified.
audits stop being pdfs, alerts stop being siloed tweets - it all turns into one living feed of risk intel that everyone can read from.

so yeah, drosera, forta, sherlock, hats: they could all run better on top of intuition.
same security stack, just finally connected by a shared reputation layer

good idea, sir! i like it

Good stuff PG, This is actually one of the most grounded takes I’ve seen on how Intuition could be used beyond identity or social data. Most exploits don’t happen because information isn’t known, but because it isn’t accessible or trusted in time. Turning expert insight into a live, stake-weighted signal solves both.

A decentralized warning layer like this doesn’t just improve security, it changes the economics of it, turning expertise into a continuous feedback market instead of a static audit cycle.

Love how you tied it back to AI agents too. The moment agents start transacting autonomously, they’ll need verifiable trust feeds like this. That’s where Intuition quietly becomes infrastructure, not just an app.

good job

That’s the core issue, too many teams treat audits as the endpoint rather than a step in continuous vigilance. this is solution-oriented, a good read

Very good write up chad, Keep your intuition strong always.