The hardest bugs to find are not always the elaborate multi-step exploits that span hundreds of lines. Sometimes the problem is a single misplaced parenthesis that sits in production for over a year, quietly producing incorrect calculations that are easy to read past, even in code that has been audited repeatedly.
AuditAgent, our AI auditing tool, flagged exactly that kind of error during a recent engagement. One finding said something very interesting about where AI helps most in security reviews.
During a recent engagement, Nethermind Security audited a DeFi protocol that lets users take options-style positions and pays premium to the liquidity providers backing them. AuditAgent flagged an inconsistency in the protocol's premium-settlement logic, which updates premium accumulators when option positions are burned. That logic decides how much premium the remaining liquidity providers can claim, so a defect there corrupts the accounting for everyone still in the pool.
The code updates s_premiumLast for both token0 (right slot) and token1 (left slot). The snippet below is from an early commit, and the same error was present in the following commit Nethermind audited, over a year later.
unchecked {
uint256[2][4] memory _premiumAccumulatorsByLeg = premiumAccumulatorsByLeg;
uint256 _leg = leg;
// if there's still liquidity, compute the new grossPremiumLast
// otherwise, we just reset grossPremiumLast to the current grossPremium
s_grossPremiumLast[chunkKey] = totalLiquidity != 0
? LeftRightUnsigned
.wrap(
uint128(
uint256(
Math.max(
(int256(
grossPremiumLast.rightSlot() * totalLiquidityBefore
) -
int256(
_premiumAccumulatorsByLeg[_leg][0] *
positionLiquidity
)) + int256(legPremia.rightSlot() * 2 ** 64),
0
)
) / totalLiquidity
)
)
.toLeftSlot(
uint128(
uint256(
Math.max(
(int256(
grossPremiumLast.leftSlot() * totalLiquidityBefore
) -
int256(
_premiumAccumulatorsByLeg[_leg][1] *
positionLiquidity
)) + int256(legPremia.leftSlot()) * 2 ** 64,
0
)
) / totalLiquidity
)
)
: LeftRightUnsigned
.wrap(uint128(premiumAccumulatorsByLeg[_leg][0]))
.toLeftSlot(uint128(premiumAccumulatorsByLeg[_leg][1]));
}
Isolating the two calculations shows the difference.
Right slot (token0):
)) + int256(legPremia.rightSlot() * 2 ** 64),
Left slot (token1):
)) + int256(legPremia.leftSlot()) * 2 ** 64,
The difference is where one parenthesis sits. In the left slot calculation, legPremium.leftSlot() is cast to int256 first and then multiplied by 2**64, which is correct. In the right slot calculation, the multiplication happens before the cast. Since legPremium.rightSlot() returns an int128 and 2**64 fits within int128, Solidity performs the multiplication in int128 arithmetic. The maximum value of int128 is roughly 2^127 - 1, so if legPremium.rightSlot() exceeds 2^63 - 1 (approximately 9.22e18), the multiplication overflows.
Because this lives inside an unchecked block, there is no revert. The overflow wraps to a negative number, gets cast to int256 as a large negative value, and skews the accumulator calculation, after which Math.max(..., 0) clamps the result to zero. That zeroes out s_premiumLast for the position and produces incorrect premium accounting for the remaining liquidity. The claimable premium calculation, totalLiquidity * (accumulator - premiumLast), then returns inaccurate results.

The error has been in the codebase for over a year, surviving multiple rounds of private audits and several public contests. Three things kept it hidden.
The code is dense. The protocol is complex, and that function alone runs to more than 100 lines covering multiple token types, liquidity calculations, and accumulator adjustments. Reading that much detail, a reviewer starts pattern-matching, and the right and left slot calculations look identical because they share the same structure. The only thing separating them is the position of one parenthesis.
The edge case is hard to test for. The protocol has one of the strongest test suites in DeFi and exercises a wide range of scenarios, but the bug only appears when legPremium.rightSlot() exceeds 2^63 - 1. Fuzzing might reach that condition, yet an assertion checking whether s_premiumLast was wrongly zeroed only gets written by someone who already suspects this calculation. The bug stayed hidden because no one had reason to question this invariant, not because the testing was weak.
The failure is silent. There is no revert, no failed transaction, and no obvious error: the function completes and leaves the state incorrect. Premium calculations drift in ways that are hard to notice or trace back to one parenthesis.
The model does not pattern match past a subtle difference, and it gives every line the same attention. Six hours into a dense codebase, a human reviewer's eyes may slide over near-identical blocks, and the model's do not. This finding fits that pattern: the asymmetry between left and right slot handling is the kind of inconsistency a human could miss, while the model catches it. It is a mechanical discovery rather than a clever one, and the model excels at mechanical consistency.
The model only flagged the inconsistency, though. Working out why it mattered, tracing the overflow through the unchecked block, and explaining the downstream effect on premium accounting took a skilled auditor to investigate and confirm. The model found the needle, and the auditor understood why it was sharp.
The future is elite auditors augmented by AI. A senior auditor's time is best spent on logic review, attack path analysis, and the creative work that finds novel exploits. Asking a human to manually scan for typos, casting errors, and copy-paste inconsistencies wastes the expertise. The model handles the mechanical pass, so the auditors can focus on where it counts.
This parenthesis sat in production for over a year and passed through multiple security reviews, and AuditAgent caught it on the first pass. That is not a substitute for human expertise. It is what lets human expertise reach further.
Anyone is welcome to test their code with AuditAgent on their own repositories at auditagent.nethermind.io.
If you need a security audit in the future, please don't hesitate to reach out to us at nethermind-security@nethermind.io.