AI Smart Contract Auditor Interview Questions

A strong answer explains the check-effects-interactions pattern, external call before state update, and references the DAO hack as a canonical example.

The candidate should describe state mutability, how payable enables unintended ETH reception, and the role of onlyOwner and custom modifiers.

A good answer covers the stack-based architecture, opcodes, gas metering, and why deterministic execution matters for consensus.

The candidate should explain pre-0.8 unchecked arithmetic, the SafeMath library, and built-in overflow checks in modern Solidity.

A thorough answer covers the public mempool, transaction ordering, sandwich attacks, and basic mitigations like commit-reveal schemes.

A strong answer addresses oracle price manipulation, insufficient collateralization checks, rounding errors in liquidation calculations, and flash loan-assisted liquidations.

The candidate should compare static analysis (Slither) vs. symbolic execution (Mythril), their coverage trade-offs, and how they complement each other.

A comprehensive answer covers storage collision, function selector clashing, the unstructured storage pattern, and OpenZeppelin's TransparentProxy approach.

The candidate should discuss TWAP vs. spot prices, Chainlink's architecture, the DODO and bZx exploits, and median-based aggregation.

A good answer covers timelocks, multi-sig wallets, role-based access control, separation of admin and governance roles, and the risks of centralized upgrade keys.

The candidate should explain atomic borrowing, balance manipulation during a single transaction, and invariants that protocols must enforce.

A strong answer discusses invariant definitions, stateful fuzzing, differential testing against a reference implementation, and corpus management.

The candidate should address message validation, trust assumptions, validator key management, and reference the Wormhole and Ronin bridge exploits.

A thorough answer covers inflation attacks, share rounding exploits, first-depositor manipulation, and the importance of virtual shares.

The candidate should explain reference vs. value types, storage pointer bugs in older Solidity versions, and gas implications.

A strong answer covers liquidity fragmentation, fee-on-transfer token interactions, precision loss in sqrtPrice math, and economic invariants beyond reentrancy.

The candidate should discuss LLM-generated invariants for Certora/KEVM, hallucination risks in property generation, and the need for human validation of AI-suggested specifications.

A comprehensive answer covers snapshot-based voting, voting power delegation, governance contract audit, and the Beanstalk exploit as a case study.

The candidate should explain unstructured storage slots, storage gap reservations, diff analysis between implementation versions, and automated storage layout comparison tools.

A strong answer covers CVSS-like scoring models, LLM chain-of-thought reasoning for exploitability assessment, retrieval-augmented generation from exploit databases, and patch generation with verification loops.

The candidate should discuss UserOperation validation, bundler trust assumptions, paymaster sponsorship abuse, and signature replay across chains.

A thorough answer discusses insolvency conditions, the importance of holistic protocol modeling, and examples like bad debt cascades in lending protocols.

The candidate should discuss automation trigger reliability, off-chain data integrity, the TradeOff between decentralization and latency, and failure mode analysis.

A strong answer covers adversarial prompting to find LLM biases, differential analysis against canonical implementations, and the importance of property-based testing over code review alone.

The candidate should cover CI/CD integration with Slither/Mythril, invariant fuzzing in pipelines, storage layout diff checks, and gas regression monitoring.

A strong answer emphasizes professional integrity, the auditor's obligation to accurate reporting, the risks of hiding findings, and constructive communication approaches.

The candidate should discuss post-incident forensics, reviewing the original audit scope, determining if the vulnerability was within the audited code or introduced later, and professional liability considerations.

A strong answer covers risk-based prioritization, automated pre-screening with Slither and LLMs, focusing on novel code vs. battle-tested libraries, and clear scope negotiation.

The candidate should describe building a proof-of-concept exploit attempt, testing with Hardhat/Foundry, checking for cross-function reentrancy, and documenting the reasoning.

A thorough answer covers scope clarity, collaborating with economic analysts, flagging code-level assumptions about token supply mechanics, and knowing the limits of your expertise.

The candidate should discuss coordinated disclosure timelines, private notification to maintainers, assessing blast radius, and potentially involving security DAOs or CERTs.

A strong answer addresses chain-specific opcode differences, bridge dependency risks, deployment verification across chains, and testing against each chain's block gas limits.

The candidate should discuss verification pipelines, requiring line-number-to-source mapping, cross-referencing with static analyzers, and human-in-the-loop validation workflows.

A thorough answer covers governance participation thresholds, timelock delays, emergency guardian roles, and the principle of defense in depth even for governance-approved changes.

The candidate should discuss zero-trust on AI-generated code, the importance of understanding developer intent, testing against specifications rather than trusting code generation, and common LLM coding patterns that introduce vulnerabilities.

A strong answer covers tool-use agents, function-level code chunking, retrieval from vulnerability databases, and structured output formatting with confidence scores.

The candidate should discuss dataset curation from SWC registry and past audits, instruction-tuning format, evaluation metrics (precision, recall on known vulns), and avoiding overfitting to superficial patterns.

A thorough answer covers deduplication logic, severity normalization across sources, confidence-weighted ranking, and UI considerations for auditor review workflows.

The candidate should discuss few-shot examples, chain-of-thought prompting, role-based system prompts for security analysts, and structured output with evidence extraction.

A strong answer covers embedding models for code and natural language, vector databases like Pinecone or Weaviate, RAG architecture, and the importance of domain-specific fine-tuning.

The candidate should discuss GitHub Actions integration, automated Slither and LLM analysis triggers, result gating on severity thresholds, and cost management for API calls.

A thorough answer covers benchmark design, the SWC registry as ground truth, metrics like precision/recall/F1, false positive rate analysis, and comparison against traditional tools.

The candidate should discuss hallucination risks, adversarial robustness, the gap between pattern matching and deep reasoning, and setting appropriate expectations about AI as an augmentation tool.

A strong answer covers model hosting, batch inference pipelines, cost optimization with spot instances, monitoring model drift, and A/B testing against baseline detectors.

The candidate should discuss NLP entity extraction, relationship classification, knowledge graph databases like Neo4j, and how this graph feeds back into RAG-based audit assistants.

A strong answer demonstrates systematic thinking, persistence, creative attack modeling, and clear communication of the finding.

The candidate should mention specific sources (security Twitter, audit platforms, research papers), participation in CTFs, and continuous tool experimentation.

A strong answer shows diplomatic assertiveness, evidence-based argumentation, willingness to listen, and prioritizing security outcomes over ego.

The candidate should discuss risk-based prioritization, transparent scope communication, using AI tools for efficiency, and knowing when to push back on timelines.

A strong answer demonstrates leadership, generosity with knowledge, understanding that security is a collective effort, and specific contributions to open-source or educational initiatives.