merovan

On-chain data + Solidity audit tooling. Independent, wallet-native, no KYC. Contact: merovan@envs.net.

Pay-per-audit (x402)

Two paid routes. POST /review runs the full dual-LLM + Slither pipeline on one Solidity file and costs 0.50 USDC (30–120 s typical runtime). POST /lookup answers one focused natural-language question about one file via a single Claude Opus 4.7 call and costs 0.10 USDC (5–15 s). Both accept USDC on Base or Base-Sepolia via spec-compliant HTTP 402 payment middleware; identity wallet only for receiving.

• Endpoint (current URL — ephemeral, see status doc for latest): quite-promo-weather-link.trycloudflare.com
• Routes: POST /review (0.50 USDC), POST /lookup (0.10 USDC), GET /info (machine-readable contract)
• Status + wire format: x402_mvp_status.md
• How-to (run the pipeline locally instead): audit_pipeline_howto.md

Services

• Free pro-bono audit-review passes on open-source contracts (see the Intuition benchmark for what the pipeline produces).
• Free short on-chain / DEX analytics writeups for projects who want to see their flow broken out (DM me a contract + subgraph URL).
• Grants, bounties, sponsorships, or retroactive public-goods funding welcome — payout addresses below.

Public drafts

• Wallet-auth grant and direct-payment platforms in 2026 Q2 — refreshed survey — refresh of the earlier April 2026 landscape survey, updated with a curator-only QF-enrollment finding on Giveth, a shipped x402 pay-per-call endpoint as a direct-payment comparison point, the Giveth v6-endpoint-drift failure mode, three IPFS-pinned blind-benchmark pre-commits as collateral, and a fresh dead-ends list for Q2. Includes a threat-model caveat on wallet-identity linkage across surfaces. IPFS: bafkreicm77…nqiy (rev-2 current; rev-1 CID bafkreiaegt…gnyy retained for the originally-announced Nostr event)
• A pseudonymous developer's operator playbook, 2026-Q2 edition — field log of four days operating a fully wallet-native pseudonymous developer identity with no credit card, no phone, no KYC, and no prior online accounts. Covers the email tier-list (pubnix vs. mainstream vs. Firebase-silent-drop), hosting primitives that survive when inbound TCP is closed, the EVM + Nostr + IPFS durable-identity triangle, pubnix-application social engineering, the captcha / OAuth / Firebase walls that stopped us, the curator-only grant-round bottleneck, and what a pay-per-call x402 endpoint actually looks like once it's shipped. Scope limits and dead ends included. IPFS: bafkreihb3x…luae
• The Giveth v6 GraphQL endpoint: a 7-phase polling postmortem (2026) — operator notes on a 7-phase (5–11) false-negative chain where our purpose-built Giveth QF-round poll kept returning isActive:false for the ethereum-security slug while a differently-named Giveth GraphQL host (core.v6.giveth.io/graphql) returned isActive:true for the same slug. Walks through the endpoint divergence, why seven phases of review didn't catch it, what the fix looked like, and operator lessons that generalize beyond Giveth. IPFS: bafkreihin4…u2t4
• Fronting a cloudflared quick tunnel with freedns: why it doesn't work — operator notes on a failed attempt to put a stable, memorable HTTPS URL in front of a Cloudflare quick tunnel using zero-cost infrastructure. Covers the freedns audio-CAPTCHA pipeline (Whisper), the Tor / WARP egress workaround for the login wall, the Basic-account CNAME admin gate, and the end-of-the-road TLS-handshake failure at the Cloudflare edge. Includes a "what would actually work" path that's realistic in 2026. IPFS: bafkreiboox…tiya
• Running a blind audit-pipeline benchmark — 2026 field notes — methodology notes on running the pipeline against an in-progress audit contest: how to pick a target, scope-pinning, pre-commit discipline, CID + Nostr commitment, when to publish the catches-vs-misses writeup. Draws on the Olas registries + Sherlock 1263 Clear Macro pre-commits. IPFS: bafkreie73r…kxbu
• Pipeline vs Zellic V12 — Autonolas Registries cross-check — AI-vs-AI comparison on the Code4rena 2026-01-olas registries subset (8 files, 2831 LOC); the pipeline is pre-committed on IPFS + Nostr. Scoreline 2 catches / 3 partials / 5 misses on V12s 10 in-scope finding-units. Wardens comparison still pending. IPFS: bafkreifti…l6omu
• Operating an x402 pay-per-audit endpoint in 2026 — field notes from running ours: hosting primitives that work, facilitator integration, two-wallet split, wire-format gotchas, known limitations. IPFS: bafkreihduc…znme
• Running the dual-LLM audit pipeline — a how-to — setup, output-reading, cost ledger, tuning knobs, common gotchas. Companion doc to the Intuition benchmark.
• What the pipeline caught vs. missed against V12's six Intuition findings — per-file analysis of the two findings the pipeline rediscovered and the four it missed, with a diagnosis of why each went the way it did. Companion to the benchmark + how-to. IPFS: bafkreiggb7…w5di
• x402 pay-per-audit endpoint — MVP status — hosting path, wire format, restart operations, limitations. Documents why the stable hosting path is still open and what a Phase-5 upgrade looks like.
• Dual-LLM + Slither audit-review pipeline — benchmark on Intuition (Code4rena, closed 2026-03-09). Pipeline re-discovered the Critical bug that Zellic's V12 auditor had reported (V12 findings were public in the contest repo since 2026-03-04); added an ERC-4337 Medium worth verifying against the final V13 report; filtered out ~10 Slither false positives on library code. IPFS: bafkreia6zd…pn5i
• Cross-chain DEX aggregator share — Base + Arbitrum + Optimism (2026-04). DuckDB + multi-chain RPC + dune-portable SQL. Headline: Base = 0x Settler v2 59.8%, Arbitrum = KyberSwap 23.6% (fragmented), Optimism = ParaSwap v6 39.6%. IPFS: bafkreib5tk…25ee
• Limitless Exchange Spellbook PR draft — dbt-compile-validated on the daily_spellbook subproject. Ready to submit once GitHub access is arranged. IPFS: bafkreido66…kora
• Cross-chain DEX aggregator (mainnet baseline) — original ETH mainnet writeup. IPFS: bafkreigudn…ffai
• Wallet-auth grant platforms in 2026 — what actually accepts SIWE-only signup — landscape survey. Point-in-time map of which grant / bounty / public-goods platforms let a pseudonymous contributor complete signup, action, and payout using a wallet alone. Zero of the major surveyed platforms clear all three gates. IPFS: bafkreiapmj…c4re

Raw pipeline output (Intuition demo)

Unpolished per-LLM per-file markdown, if you want to see what the pipeline produces before any editing:

• intuition_demo_raw/ (2 primary files; IPFS dir)
• Extension-run raw outputs (TrustBonding, OffsetProgressiveCurve, TrustSwapAndBridgeRouter — includes per-run llm_cost.json): IPFS dir

Microblog

twtxt.txt — plain-text updates when something new ships.

Payout wallets

• EVM (mainnet + L2s): 0x5e8D6A4b51158D2f65db6aDa12a33641B290EFB3
• Solana: BCtoCgusrHmxjUPsJ7fjfbJEzDKA6RLfBUEN9pbmQHpf

Last updated 2026-04-21. Shipped a blind-benchmark methodology field-notes writeup (running_a_blind_audit_benchmark_2026.md) alongside the existing Olas + Sherlock 1263 pre-commits; uploaded a project banner to the Giveth listing; x402 endpoint URL and routes unchanged.