flowchart TB
GEN["THE GENERAL LLM (the 34% baseline)<br/>reasons from text · no domain tools · no encoded patterns<br/>guesses at DeFi-native failure modes"]
GEN -->|add three pillars of specificity| PILLARS
subgraph PILLARS["Three Pillars of Specificity"]
P1["Pillar 1 — DOMAIN TOOLING (graft)<br/>Foundry (fork/fuzz/invariant) · Tenderly · RPCs · DeFi SDKs<br/>agent EXECUTES hypotheses, not just describes"]
P2["Pillar 2 — DOMAIN KNOWLEDGE ENCODING<br/>attack-pattern templates:<br/>oracle manipulation · flash-loan economics<br/>MEV (sandwich/front-run) · compositional risk<br/>structured expertise the base model lacks"]
P3["Pillar 3 — DOMAIN-SPECIFIC VERIFICATION<br/>fork chain → replay attack → confirm loss<br/>(EVMbench Exploit standard, SDD-10)<br/>a finding is a demonstrated tx, not a claim"]
end
PILLARS --> AGENT
AGENT["THE PURPOSE-BUILT DEFI AGENT (the 92%)<br/>domain tools + encoded patterns + execution verification<br/>reasons about DeFi-native failure modes at auditor depth"]
style GEN fill:#1a1015,stroke:#9494a0,color:#9494a0
style PILLARS fill:#0d1b2a,stroke:#5eead4,color:#5eead4
style AGENT fill:#0d1b2a,stroke:#5eead4,color:#5eead4
Reading: The 92% vs 34% gap is not a model-size story — it is a domain-specificity story. A general LLM, however large, was not trained to reason about DeFi-native failure modes at depth. Closing the gap does not require retraining the base model; it requires adding three external pillars. Domain tooling lets the agent execute (fork, replay) rather than describe. Encoded attack-pattern knowledge gives it the finite, learnable shapes of DeFi attacks. Execution verification makes every finding a demonstrated transaction. The pillars compound — each alone is insufficient — and together they turn a text reasoner into an auditor.
flowchart LR
subgraph GENERAL["General LLM Strengths (gap narrows)"]
G1[missing access-control modifier]
G2[standard reentrancy]
G3[integer overflow]
end
subgraph DEFI["DeFi-Native Classes (gap widens to 92 vs 34)"]
D1[oracle manipulation<br/>flash-loan → skew → liquidate]
D2[flash-loan economics<br/>atomic single-tx capital inversion]
D3[MEV<br/>sandwich · front-running]
D4[compositional risk<br/>A→B integration vuln]
end
GENERAL -. "general training covers these" .-> DEFI
DEFI -. "absent from training at depth" .-> GAP[domain agent wins here]
style GENERAL fill:#0d1b2a,stroke:#5eead4,color:#5eead4
style DEFI fill:#0d1b2a,stroke:#5eead4,color:#5eead4
style GAP fill:#1a1015,stroke:#5eead4,color:#e4e4e8
Reading: The 92% vs 34% gap is not uniform — it compounds on DeFi-native classes. On general vulnerabilities (a missing modifier, standard reentrancy, integer issues), the gap narrows because the general training data covers these. On DeFi-native failure modes — oracle manipulation, flash-loan economics, MEV, compositional risk — the gap widens, because these are absent from general training at reasoning depth. This is the decision frame: if your target is general smart-contract security, a general LLM may suffice; if your target is DeFi-specific risk, the domain agent is the only reliable path.
flowchart TB
TASK[incoming task] --> ROUTE{route by capability needed}
ROUTE -->|breadth task: triage, explain, report, test-gen| GENPATH[General LLM<br/>sufficient quality<br/>lower cost]
ROUTE -->|DeFi-specific detection: oracle, flash-loan, MEV, composition| DOMPATH[Domain Agent<br/>3 pillars<br/>92% detection]
GENPATH --> MERGE[combined output]
DOMPATH --> MERGE
MERGE --> RESULT[deliverable:<br/>general findings + demonstrated DeFi attacks]
style TASK fill:#1a1015,stroke:#5eead4,color:#e4e4e8
style ROUTE fill:#1a1015,stroke:#5eead4,color:#e4e4e8
style GENPATH fill:#0d1b2a,stroke:#5eead4,color:#5eead4
style DOMPATH fill:#0d1b2a,stroke:#5eead4,color:#5eead4
style MERGE fill:#0d1b2a,stroke:#5eead4,color:#5eead4
Reading: The pragmatic architecture is hybrid and per-task. Not every capability needs the 92% — triage, explanation, report generation, and test scaffolding run fine on the general LLM at lower cost. Deep detection on DeFi-specific classes needs the domain agent's three pillars. The router sends each task to the right engine; the outputs merge into a single deliverable (general findings plus demonstrated DeFi attacks). Making the hybrid explicit — rather than paying the domain-agent cost on every capability — is the cost-optimization decision. The specialist handles the high-risk depth; the generalist handles the breadth.
flowchart TB
Q1{Is the target domain<br/>DeFi-specific risk?}
Q1 -->|no, general smart-contract| GENERAL[General LLM + good prompt<br/>sufficient — don't specialize]
Q1 -->|yes, DeFi-specific| Q2{What is the cost of<br/>a missed vulnerability?}
Q2 -->|low value / quick check| GENERAL
Q2 -->|high value protocol| Q3{Is the base model<br/>the same?}
Q3 -->|yes — pillars are external| BUILD[Build the domain agent<br/>3 pillars (tool/knowledge/verification)<br/>no retraining needed]
Q3 -->|want a from-scratch DeFi model| TRAIN[Retrain / fine-tune<br/>rarely justified — pillars<br/>capture most of the gain]
style Q1 fill:#1a1015,stroke:#5eead4,color:#e4e4e8
style Q2 fill:#1a1015,stroke:#5eead4,color:#e4e4e8
style Q3 fill:#1a1015,stroke:#5eead4,color:#e4e4e8
style GENERAL fill:#0d1b2a,stroke:#5eead4,color:#5eead4
style BUILD fill:#0d1b2a,stroke:#5eead4,color:#5eead4
style TRAIN fill:#1a1015,stroke:#9494a0,color:#9494a0
Reading: The build decision is a decision tree, not a default. If the target is general smart-contract security (not DeFi-specific), the general LLM with a good prompt is sufficient — do not specialize. If the target is DeFi-specific risk, weigh the cost of a missed vulnerability: low-value quick checks accept the 34%; high-value protocols justify the domain agent. And critically — the base model is the same; the three pillars are external. Retraining or fine-tuning a from-scratch DeFi model is rarely justified, because the pillars (tooling, knowledge, verification) capture most of the 92% gain at a fraction of the training cost. This is the pragmatic path the diagram is meant to steer toward.
# Diagrams — SDD-11: Purpose-Built DeFi AI Systems
---
## Diagram 1 — The Three Pillars of Specificity (General LLM → Domain Agent)
```mermaid
flowchart TB
GEN["THE GENERAL LLM (the 34% baseline)<br/>reasons from text · no domain tools · no encoded patterns<br/>guesses at DeFi-native failure modes"]
GEN -->|add three pillars of specificity| PILLARS
subgraph PILLARS["Three Pillars of Specificity"]
P1["Pillar 1 — DOMAIN TOOLING (graft)<br/>Foundry (fork/fuzz/invariant) · Tenderly · RPCs · DeFi SDKs<br/>agent EXECUTES hypotheses, not just describes"]
P2["Pillar 2 — DOMAIN KNOWLEDGE ENCODING<br/>attack-pattern templates:<br/>oracle manipulation · flash-loan economics<br/>MEV (sandwich/front-run) · compositional risk<br/>structured expertise the base model lacks"]
P3["Pillar 3 — DOMAIN-SPECIFIC VERIFICATION<br/>fork chain → replay attack → confirm loss<br/>(EVMbench Exploit standard, SDD-10)<br/>a finding is a demonstrated tx, not a claim"]
end
PILLARS --> AGENT
AGENT["THE PURPOSE-BUILT DEFI AGENT (the 92%)<br/>domain tools + encoded patterns + execution verification<br/>reasons about DeFi-native failure modes at auditor depth"]
style GEN fill:#1a1015,stroke:#9494a0,color:#9494a0
style PILLARS fill:#0d1b2a,stroke:#5eead4,color:#5eead4
style AGENT fill:#0d1b2a,stroke:#5eead4,color:#5eead4
```
**Reading**: The 92% vs 34% gap is not a model-size story — it is a domain-specificity story. A general LLM, however large, was not trained to reason about DeFi-native failure modes at depth. Closing the gap does not require retraining the base model; it requires adding three external pillars. Domain tooling lets the agent execute (fork, replay) rather than describe. Encoded attack-pattern knowledge gives it the finite, learnable shapes of DeFi attacks. Execution verification makes every finding a demonstrated transaction. The pillars compound — each alone is insufficient — and together they turn a text reasoner into an auditor.
---
## Diagram 2 — DeFi-Native Failure Modes (Where the Gap Compounds)
```mermaid
flowchart LR
subgraph GENERAL["General LLM Strengths (gap narrows)"]
G1[missing access-control modifier]
G2[standard reentrancy]
G3[integer overflow]
end
subgraph DEFI["DeFi-Native Classes (gap widens to 92 vs 34)"]
D1[oracle manipulation<br/>flash-loan → skew → liquidate]
D2[flash-loan economics<br/>atomic single-tx capital inversion]
D3[MEV<br/>sandwich · front-running]
D4[compositional risk<br/>A→B integration vuln]
end
GENERAL -. "general training covers these" .-> DEFI
DEFI -. "absent from training at depth" .-> GAP[domain agent wins here]
style GENERAL fill:#0d1b2a,stroke:#5eead4,color:#5eead4
style DEFI fill:#0d1b2a,stroke:#5eead4,color:#5eead4
style GAP fill:#1a1015,stroke:#5eead4,color:#e4e4e8
```
**Reading**: The 92% vs 34% gap is not uniform — it compounds on DeFi-native classes. On general vulnerabilities (a missing modifier, standard reentrancy, integer issues), the gap narrows because the general training data covers these. On DeFi-native failure modes — oracle manipulation, flash-loan economics, MEV, compositional risk — the gap widens, because these are absent from general training at reasoning depth. This is the decision frame: if your target is general smart-contract security, a general LLM may suffice; if your target is DeFi-specific risk, the domain agent is the only reliable path.
---
## Diagram 3 — The Hybrid Architecture (Per-Task, Not All-or-Nothing)
```mermaid
flowchart TB
TASK[incoming task] --> ROUTE{route by capability needed}
ROUTE -->|breadth task: triage, explain, report, test-gen| GENPATH[General LLM<br/>sufficient quality<br/>lower cost]
ROUTE -->|DeFi-specific detection: oracle, flash-loan, MEV, composition| DOMPATH[Domain Agent<br/>3 pillars<br/>92% detection]
GENPATH --> MERGE[combined output]
DOMPATH --> MERGE
MERGE --> RESULT[deliverable:<br/>general findings + demonstrated DeFi attacks]
style TASK fill:#1a1015,stroke:#5eead4,color:#e4e4e8
style ROUTE fill:#1a1015,stroke:#5eead4,color:#e4e4e8
style GENPATH fill:#0d1b2a,stroke:#5eead4,color:#5eead4
style DOMPATH fill:#0d1b2a,stroke:#5eead4,color:#5eead4
style MERGE fill:#0d1b2a,stroke:#5eead4,color:#5eead4
```
**Reading**: The pragmatic architecture is hybrid and per-task. Not every capability needs the 92% — triage, explanation, report generation, and test scaffolding run fine on the general LLM at lower cost. Deep detection on DeFi-specific classes needs the domain agent's three pillars. The router sends each task to the right engine; the outputs merge into a single deliverable (general findings plus demonstrated DeFi attacks). Making the hybrid explicit — rather than paying the domain-agent cost on every capability — is the cost-optimization decision. The specialist handles the high-risk depth; the generalist handles the breadth.
---
## Diagram 4 — The Build Decision Framework (When to Specialize)
```mermaid
flowchart TB
Q1{Is the target domain<br/>DeFi-specific risk?}
Q1 -->|no, general smart-contract| GENERAL[General LLM + good prompt<br/>sufficient — don't specialize]
Q1 -->|yes, DeFi-specific| Q2{What is the cost of<br/>a missed vulnerability?}
Q2 -->|low value / quick check| GENERAL
Q2 -->|high value protocol| Q3{Is the base model<br/>the same?}
Q3 -->|yes — pillars are external| BUILD[Build the domain agent<br/>3 pillars (tool/knowledge/verification)<br/>no retraining needed]
Q3 -->|want a from-scratch DeFi model| TRAIN[Retrain / fine-tune<br/>rarely justified — pillars<br/>capture most of the gain]
style Q1 fill:#1a1015,stroke:#5eead4,color:#e4e4e8
style Q2 fill:#1a1015,stroke:#5eead4,color:#e4e4e8
style Q3 fill:#1a1015,stroke:#5eead4,color:#e4e4e8
style GENERAL fill:#0d1b2a,stroke:#5eead4,color:#5eead4
style BUILD fill:#0d1b2a,stroke:#5eead4,color:#5eead4
style TRAIN fill:#1a1015,stroke:#9494a0,color:#9494a0
```
**Reading**: The build decision is a decision tree, not a default. If the target is general smart-contract security (not DeFi-specific), the general LLM with a good prompt is sufficient — do not specialize. If the target is DeFi-specific risk, weigh the cost of a missed vulnerability: low-value quick checks accept the 34%; high-value protocols justify the domain agent. And critically — the base model is the same; the three pillars are external. Retraining or fine-tuning a from-scratch DeFi model is rarely justified, because the pillars (tooling, knowledge, verification) capture most of the 92% gain at a fraction of the training cost. This is the pragmatic path the diagram is meant to steer toward.