ArchonArchon
Archon Documentation
Open app

Scope an audit target and run Archon without creating misleading reports.

Running a scan

A scan is only as useful as its scope. Before submitting a target, define what Archon is allowed to review and what should be considered out of scope.

  • Protocol name — the product or subsystem being reviewed.
  • Source location — repository URL, verified source, or file list.
  • Commit or version — use an immutable commit hash for reproducible reports.
  • Target chain — Mantle Mainnet unless testing another chain explicitly.
  • Critical invariants — examples: total shares match assets, only owner can upgrade, claims cannot be replayed.
  • Out-of-scope contracts — mocks, vendored libraries, old deployments, or generated files.

Scan hygiene

  • Prefer exact commits over mutable branches.
  • Include interfaces used by the target contracts.
  • Exclude large generated artifacts unless they are actually deployed.
  • Run tests after applying any patch generated by Archon.

Interpreting degraded states

If a scan cannot fetch a dependency, compile a target, or verify a proof, Archon should label that section as degraded. Do not treat degraded sections as passed checks.

PreviousOverviewNext Findings & severity