impact
Value exit, accounting, authorization, liquidation, oracle, external call, periphery/core boundary, admin, cross-contract — each adds heuristic impact points.
Blind spots (v5)
High impact. Weak review evidence. Inspect first.
A likely blind spot is a high-impact or complex surface with weak local review evidence.
It is not a vulnerability. arkheionx blind-spots ranks these candidates with a
transparent, additive score and explains every point it assigns.
The score
Nothing is hidden.
blind_spot_score = impact + review_gap + complexity + assumption
85+ very-high
65-84 high
40-64 medium
below 40 monitorreview gap
No direct test observed adds the most; unknown and partial coverage add less; a tested surface adds nothing.
complexity
External calls, loops, try/catch, signature/Merkle/domain logic, cross-contract calls, and periphery routes each add points.
assumption
Unverified guarding assumptions add points, with a bonus when several stack on one surface.
Run it
Pick where to spend review time.
arkheionx blind-spots .
arkheionx blind-spots . --json
arkheionx blind-spots . --out .arkheionx/blind-spots --limit 15Boundary
A review priority, not a severity.
The blind spot score is a heuristic review priority. It is never a probability, a severity,
or an exploitability estimate. ArkheionX does not confirm vulnerabilities. Human review is
required. See docs/BLIND_SPOT_INTELLIGENCE.md.