Prowl

Appearance

Custom Strategy Editor

Overview

Users write their own attack thesis in natural language. The agent follows this as its primary directive, augmented by the platform's shared knowledge base.

Web3 Strategy Examples

Reentrancy Focus

"Look for reentrancy in the withdrawal flow, especially cross-contract calls that update balances after external calls. Also check if any fee calculations can be manipulated via flash loans."

Oracle Manipulation

"Check all price oracle integrations. Look for stale price feeds, single oracle dependencies, and any way to manipulate the TWAP window. Pay special attention to the liquidation flow — can an attacker trigger cascading liquidations?"

Access Control

"Audit all access control modifiers. Check for missing onlyOwner guards on critical functions. Look for privilege escalation paths and unprotected initialization functions."

Web2 Strategy Examples

Auth & Session

"Focus on the authentication and session management endpoints. Check for IDOR vulnerabilities in the /api/users/ routes, test for JWT token manipulation, and look for SSRF in any URL-fetching functionality. Pay special attention to file upload handlers."

API Security

"Test all API endpoints for rate limiting bypasses, mass assignment vulnerabilities, and broken object-level authorization. Check if any admin endpoints are accessible without proper role checks."

Injection

"Scan for SQL injection in all database query paths, test for command injection in any system call wrappers, and check for template injection in user-facing content rendering."

Strategy Templates

Phase 1 introduces a strategy templates library — pre-built attack theses for common target types:

  • DeFi Lending Protocol
  • DEX / AMM
  • NFT Marketplace
  • Token Bridge
  • REST API (Node.js)
  • REST API (Python/Django)
  • GraphQL API
  • File Upload Service

Users can save and reuse custom configurations.

How Strategies Work

  1. User writes or selects a strategy
  2. Strategy becomes the agent's primary directive
  3. Agent augments the strategy with platform knowledge base patterns
  4. Agent reports findings within the strategy's scope
  5. Out-of-scope findings are still reported but flagged as "bonus"

Prowl Protocol — Decentralized AI-Powered Bug Bounty Platform

© 2026 Prowl. All rights reserved.