"What is Heimdallr, and what are its headline numbers?" An LLM-based smart contract audit agent (arXiv 2601.17833). 92.45% detection rate, $2.31 per 10K LOC cost, 17/20 real-world attack reconstructions. Targets the business-logic and multi-step vulnerabilities static analyzers miss. The reference AGENT harness for smart contract auditing. course2a::sdd09::recall "What is function-level reorganization, and why is it Heimdallr's load-bearing idea?" Rewriting the contract into context-complete function units: decompose, resolve inheritance, inline modifiers, reconstruct per-function state-read/external-call dependencies. The substrate the LLM reasons over. Without it, the LLM hallucinates over raw source; with it, the same model reasons at auditor depth. No other harness does this transformation. course2a::sdd09::analysis "What is cascaded verification, and why is it the cost discipline?" Three stages: cheap pattern checks (produce candidates) → LLM semantic analysis on candidates (confirm/reject) → exploit reconstruction on confirmed (deepest, most expensive). Each stage filters; the LLM budget is spent only on survivors. The $2.31/10K LOC cost is a direct payoff of aggressive filtering. Naive alternative (LLM on every function) costs orders of magnitude more. course2a::sdd09::analysis "Why does the same LLM hallucinate on raw source but reason on reorganized units?" Raw Solidity mixes state vars, events, modifiers, functions; inheritance spreads logic across files; a vulnerability spans multiple functions linked by shared state. The LLM cannot hold that cross-function context from raw source. Reorganization gives each function its full relevant context, so the model reasons at auditor depth. Same model, different substrate. course2a::sdd09::analysis "What does the 17/20 attack reconstruction number measure, and why does it matter most?" On 20 real-world exploits, Heimdallr reconstructs the attack transaction chain on 17. It measures the agent at HUMAN-AUDITOR DEPTH (not just flag-the-bug depth). A reconstructed attack is close to a proof. Placed last, only on confirmed candidates, to keep it affordable. This is the headline that matters. course2a::sdd09::analysis "How do you correctly read the 92.45% detection rate?" 92.45% = RECALL on a known-vulnerability evaluation set (a high-recall first pass, NOT a clean bill of health). 7.55% of known vulns are missed. A Heimdallr audit reports 'what the agent found,' NOT 'the contract is secure.' Treating 92.45% as a guarantee is the failure mode. course2a::sdd09::analysis "What is the cost ($2.31/10K LOC) actually a property of?" Not the model — the CASCADE. The cost is dominated by how few functions reach the expensive stages (Stage 1 filters 100→~30 candidates, Stage 2 →~8 confirmed, Stage 3 →~5 reconstructed). Aggressive per-stage filtering is the lever. The naive alternative (LLM on all functions) costs orders of magnitude more without a better result. course2a::sdd09::analysis "Heimdallr vs static analyzers (Slither/Mythril) vs general LLMs — what is each one's position?" Static = cheap, pattern-based, misses business logic/multi-step flaws. General LLM = raw-source reasoning, hallucinates, ~34% on DeFi (SDD-11). Heimdallr = reorganization + cascade = 92.45% detection, 17/20 reconstruction. STRUCTURE (not a bigger model) closes the gap. Complementary in practice: static first, Heimdallr for depth. course2a::sdd09::analysis "What is the key security finding regarding Heimdallr's risk?" Two surfaces: (1) the 7.55% miss rate — a client must not read 92.45% as 'secure'; (2) symbolic reconstruction hallucination — a reconstructed attack is a hypothesis, not a confirmed exploit, requiring live-chain verification. Read-only execution is safe; the INTERPRETATION of findings is the surface to govern. course2a::sdd09::analysis "State Heimdallr's score on the 12-module rubric and its standout modules." 50/60. Perfect scores on Execution Loop (5), Tool Design (5), Context Mgmt (5), Verification (5) — the cascade and reorganization are textbook agent design. Lowest: Memory (3 — per-audit, no cross-audit learning), State (3 — no incremental audit). Build-on: Patch mode, cross-audit learning, live-chain verification. course2a::sdd09::analysis "Name 3 things Heimdallr does better than any other harness in the roster." (1) Function-level reorganization as substrate transformation (no other harness does this). (2) Cascaded verification as cost discipline ($2.31/10K LOC is a direct payoff of per-stage filtering). (3) Exploit reconstruction at 17/20 (measures agent at human-auditor depth, not flag-the-bug depth). course2a::sdd09::recall "Name 3 things you would add to Heimdallr." (1) Patch mode (generate verified fixes, evaluate with EVMbench patch scoring — turn detector into remediation harness). (2) Cross-audit learning (persistent memory of vuln patterns/reconstructions to recognize recurring exploit shapes). (3) Live-chain verification of reconstructions (Foundry fork mode — convert 'reconstructed' to 'demonstrated'). course2a::sdd09::application "What is symbolic reconstruction, and why does it need live-chain verification?" Reconstruction runs against the reorganized MODEL, not live chain state — so it's a hypothesis, not a confirmed exploit. A reconstructed chain can look plausible but fail against real state. Live-chain verification (Foundry fork mode) executes the attack against a forked mainnet snapshot, converting 'reconstructed' to 'demonstrated' — the standard a client audit demands. course2a::sdd09::analysis "State Heimdallr's Architect's Verdict in one line." Reference agent harness for smart contract auditing (reorganization + cascaded verification + exploit reconstruction: 92.45% detection, $2.31/10K LOC, 17/20 reconstructions); reorganization is the load-bearing idea, the cascade is the cost discipline, reconstruction is the headline that matters; build on for semantic depth, add Patch mode and live-chain verification to reach audit-product standard. course2a::sdd09::recall