Archon whitepaper v2.1 — verifiable DevTools for Mantle. HTML edition; the PDF is the citable edition.
Archon whitepaper
Archon Whitepaper · V2.1 · June 2026
Verifiable DevTools for Mantle: AI-assisted smart-contract auditing and receipt-calibrated gas optimization, with every report anchored on Mantle as a challengeable on-chain proof. This page is the HTML edition; the PDF is the citable edition — same claims, same labels.
Reading convention. This document describes the live product as deployed at the time of writing. Capabilities that are planned rather than shipped are explicitly labeled as planned. That convention is itself part of Archon's design: a tool whose claims cannot be trusted in its own whitepaper cannot be trusted in its reports.
Executive summary
Archon turns Solidity source into three connected artifacts for Mantle builders: a deterministic, AI-explained audit report; a gas report whose data-availability numbers are calibrated against what Mantle actually charges; and an on-chain proof that lets anyone re-derive, re-check, and publicly challenge the work. It rejected the legacy fee oracle after finding it under-reports Mantle's real charged DA fee by roughly 99.96%, and built a receipt-calibrated model in its place (§05, Table 1).
Trust the reproducible evidence, not the auditor's claim. Archon is deliberately not positioned as a replacement for expert human review, formal verification, or protocol-specific audits — it is the verifiable layer underneath them: faster feedback for builders, stronger evidence trails for teams, and a public, machine-checkable record for the ecosystem.
01 · The problem
Audits are distributed as unverifiable PDFs. The dominant audit artifact is a static report that behaves like a final presentation rather than a verifiable record: a reader is expected to trust the brand on the cover. Teams cannot answer which exact source was analyzed, under what assumptions, or whether the deployed bytecode still corresponds to the audited code.
DA cost is invisible — and the canonical oracle misreports it. Mantle's modular DA architecture makes the data-availability component of gas opaque to most tooling. The interface most tools reach for, GasPriceOracle.getL1Fee, diverges from what the chain actually charges by orders of magnitude (Table 1). Cost advice built on it is invisibly wrong.
02 · Thesis: verifiable DevTools
DevTools for crypto should be verifiable by default — producing artifacts humans can inspect, machines can consume, and public infrastructure can anchor. Four commitments shape every architectural decision:
| Commitment | Meaning in practice |
|---|---|
| Deterministic first | Detection is rule-based (solc, Slither, Archon's Mantle rule engine, AST detectors). AI explains and prioritizes findings; it never invents them. Identical input produces identical findings — which is what makes reports hashable and challengeable. |
| Measured, or labeled | Gas deltas come from Foundry measurement runs and on-chain receipts. Where measurement is impossible (pre-deployment), the value is a calibrated estimate and is tagged as such in the UI, API, and stored record. The distinction is structural. |
| Anchored and challengeable | Every report yields a deterministic SHA-256 hash and IPFS metadata, anchorable on Mantle. A public challenge ledger accepts scoped disputes referencing the on-chain proof. Verifiability without a feedback channel is theater. |
| Read-only by default | Scanning never sends a transaction and never touches user funds. The single on-chain write is explicit, user-approved proof logging — gasless via Archon's server agent, or self-custody from the user's wallet. |
03 · System architecture
One pipeline, three artifacts, seven layers. Every layer can improve independently: gas pricing can be recalibrated without touching the proof model; the proof registry can evolve without breaking report exports.
The execution pipeline runs stage-by-stage with explicit failure behavior: code parse (canonical source hash, scope metadata) → static analysis (solc as a truth gate, Slither + Mantle rules; unresolved imports degrade to reduced-mode AST rules with a visible banner) → Mantle context and protocol rules → gas measurement → bounded AI enrichment (batched, timed out, schema-validated, with deterministic fallback) → generated Foundry tests → report assembly and hashing.
04 · The audit engine
Deterministic detection produces findings with file/line anchors, categories, severities, and confidence. AI enrichment — through a pluggable provider layer — adds explanations, Mantle-specific context, exploit scenarios, recommended fixes, and minimal patch diffs; it is bounded (batched, a 75-second per-call timeout with a single transient retry, per-finding schema validation), and falls back to deterministic templates, with the report logging the exact cause per batch when that happens. Each report ships generated Foundry regression tests so findings become executable checks rather than prose.
05 · The Mantle gas engine
Where a real transaction exists, the charged l1Fee is read directly from its receipt — a measured value by definition. For pre-deployment analysis, Archon maintains a calibrated model derived from recent live receipts' fee parameters, validated against the same ground truth, refreshed periodically, and always labeled as calibrated.
Why not the oracle? Receipt ground truth was compared against GasPriceOracle.getL1Fee on live Mantle transactions:
| Tx | Bytes | Receipt l1Fee (charged) | Oracle getL1Fee (predicted) | Divergence |
|---|---|---|---|---|
0x82d995…088ef | 342 | 699,231,354,481,640 wei | 313,344,079,825 wei | 99.955% |
0xb9ce87…1a7c5 | 2,037 | 6,874,261,528,561,290 wei | 2,361,496,520,609 wei | 99.966% |
Table 1 — Oracle prediction vs. on-chain ground truth. The legacy predeploy under-reports Mantle's real charged DA fee by roughly 2,500×. Mantle receipts expose the richer post-migration fee fields (l1Fee, l1GasUsed, l1GasPrice, l1BaseFeeScalar, blob fee fields, daFootprintGasScalar, operator fees) that the legacy interface cannot reproduce. Full evidence: ADR 0007.
The optimizer applies a deterministic rule catalog (storage caching, calldata shape, unchecked arithmetic in safe contexts, visibility, event data, bytecode-size patterns), validates patches by compilation, measures where a Foundry harness applies, and separates three types of evidence: measured, estimated, and unpriced. Reports and the public leaderboard state their traffic assumptions explicitly.
06 · The proof layer
Every report yields a deterministic hash over canonicalized metadata, pinned to IPFS, and anchorable on Mantle through ArchonProofRegistry (0xe7043e2ec95eF357FbBa3359BA2f1edb10cEAD2a, verified source) under ERC-8004 Agent #97 — in gasless (server-pays) or self-custody mode. logAuditProof() is permissionless and idempotent per report hash. A successful anchor also appends an ERC-8004 Reputation Registry giveFeedback entry against Agent #97 (feedbackHash = the report hash) from a funded non-owner client — best-effort and non-blocking, so the standard agent-reputation trail accrues alongside the registry anchor without ever failing it. Public verification re-derives the hash and re-checks the chain without a wallet; a challenge ledger accepts scoped disputes against reports and optimizations.
07 · Trust and verifiability model
Exactly what is guaranteed: deterministic findings are reproducible from the same source; hashes are re-derivable; anchored records are independently checkable; measured numbers cite receipts or harness runs. What is not guaranteed: that a scan finds every vulnerability, that AI prose is infallible, or that a proof certifies safety — a proof certifies provenance. Reduced modes (failed enrichment, missing pinning, un-anchored proofs) are visible states, never silent downgrades.
08 · Platform and integrations
The app (Audit Studio, Gas Optimizer, Cost Guard, proofs, validation, Sentinel continuous monitoring, and verified builds), public surfaces (landing, docs, public reports, leaderboard, the Gas Observatory, and a permanent per-contract address page + badge), the REST API with OpenAPI 3.1 reference — including a signed agent verdict + MCP server — the archon-scan CLI, the CI GitHub Action and GitHub App with live PR evidence, the VS Code extension (published on Open VSX), planned webhooks, and report/test/patch exports. AI and storage run on the cloud provider layer: OpenAI gpt-4o-mini is the live enrichment model and Tencent Cloud COS is a live, best-effort artifact backup (region ap-hongkong); the Tencent Hunyuan inference adapter is built-in and inert pending a key — all status verifiable at /api/providers.
09 · Business model and GTM
Security and cost are the two line items every Mantle team already pays for; Archon quantifies both, with proof. Distribution follows the developer workflow: the first useful result requires no procurement, CI makes the tool part of the merge path, and public surfaces compound into reputation.
| Tier | Who it serves | Mechanics |
|---|---|---|
| Free | Individual builders | Capped-depth scans, public proof verification, public leaderboard — which doubles as organic acquisition. |
| Pro | Teams shipping on Mantle | Deep scans, full gas measurement runs, generated test suites, anchored proofs, workspace history; per-seat with metered heavy compute. |
| CI / API | Protocols and platforms | The Action gates PRs on gas regressions; the API embeds scan-and-verify into external pipelines. CI is the retention engine. |
| Ecosystem | Mantle programs and platforms | Dashboards, attestations, and program-level integrations. |
Current pricing posture: all tiers free during the hackathon period; indicative pricing published.
10 · Roadmap
| Horizon | Direction |
|---|---|
| Now (live) | Audit and gas engines on Mantle Mainnet; proof anchoring in both modes; public verification, leaderboard, challenge ledger; docs, CLI, CI Action + GitHub App, generated tests; Sentinel continuous monitoring with drift alerts; verified-build attestations; the Gas Observatory; an agent trust API + MCP server (signed verdicts that recover to Agent #97); per-contract address pages + badges; the VS Code extension (Open VSX); public pricing. |
| Next | Reliability hardening across upload/repo inputs; public API keys and webhooks; deeper protocol packs; the Tencent Hunyuan inference adapter activated on a provisioned key (Tencent COS artifact backup is already live); team workspaces. |
| Later | ERC-8004 Validation Registry integration when an official Mantle address ships; cross-agent attestations; staked challenges (designed in ADR 0014; design-only, nothing deployed); ecosystem dashboards. |
The end state is an audit-and-optimization layer whose outputs are consumed not only by humans but by other agents — exactly what verifiable, machine-checkable reports make possible, and exactly what ERC-8004 identity was designed for.
11 · Security, limitations and disclaimers
Archon is a developer security tool, not a guarantee of safety. Automated scans can miss vulnerabilities, misunderstand business logic, or overstate impact. AI-generated explanations should be reviewed by humans. Gas recommendations should be tested against the target codebase and deployment process. Proof records are provenance records, not certifications of correctness. Fee models are bounded by changing Mantle gas conditions and are published with their assumptions.
12 · References and appendix
- ArchonProofRegistry:
0xe7043e2ec95eF357FbBa3359BA2f1edb10cEAD2a(verified, Mantle Mainnet 5000) - ERC-8004 Identity / Reputation:
0x8004A169…539a432/0x8004BAa1…dE9b63— Archon is Agent #97 - DA methodology: ADR 0007 — Mantle gas oracle verification
- ERC-8004: Trustless Agents: eips.ethereum.org/EIPS/eip-8004
- Source: github.com/Franlinozz/Archon · Citable edition: whitepaper PDF v2.1