Vibranium Audits · R.I.T.A. Methodology

No black box.

Every point in a R.I.T.A. score is attributable to a finding you can see, with the weight printed next to it. Rules are authored by the auditors behind 480+ smart-contract audits — not an unexplainable model.

Scan risk score (0–100, higher = riskier)

Starts at 0; each finding adds its weight; capped at 100. Verdicts: ≥60 red flags · 25–59 review recommended · <25 no automated flags. Informational findings carry zero weight.

FindingWeightNotes
OFAC-sanctioned address+80CRITICAL — appears on the U.S. Treasury SDN list (self-hosted, refreshed daily)
Honeypot token+60HIGH — buyers may be unable to sell (GoPlus)
Scam-list match+50HIGH — recorded phishing / stealing / cybercrime activity
Unlimited approval to unverified spender+40HIGH
Owner can mint / hidden owner+30MEDIUM — skipped for trust-listed tokens (USDT/USDC have these by design)
Flagged-address interaction+25MEDIUM
Mixer exposure / high transfer tax (≥10%)+20MEDIUM
Unverified contract source+15MEDIUM
Blacklist function present+5LOW — a capability, not evidence of use; also skipped for trust-listed tokens

Protocol security score (Monitor, 100 → 0)

Starts at 100; open incidents subtract until triaged (acknowledged, resolved, muted, or marked false-positive). Repeated identical events within a cooldown window fold into one incident — alert quality over alert volume.

Open CRITICAL incident−40
Open HIGH incident−25
Open MEDIUM incident−10
Open LOW incident−5

What we promise — and what we don't

Run a free scanFounding seats