🦀 ClawHub
Smart Contract Audit
by @mzfshark
Audit Solidity contracts for common vulnerabilities and design risks.
TERMINAL
clawhub install axodus-smartcontracts-audits📖 About This Skill
name: smart-contract-audit description: Audit Solidity contracts for common vulnerabilities and design risks. metadata: author: RedHat Dev version: 1.0.0 owner: RedHat Dev Agent category: blockchain
SKILL: smart-contract-audit
Purpose
Perform a deterministic, evidence-based vulnerability review of Solidity contracts and produce a prioritized audit report with concrete fixes.When to Use
Inputs
scope (required, string[]): contract files and dependencies.threat_model (optional, string): assets at risk, attacker capabilities, trust assumptions.deployment_assumptions (optional, string): upgradeability, admin keys, multisig/DAO governance.Steps
1. Map the system: - entrypoints (public/external) - privileged roles - external calls and token transfers 2. Run checklist-based review: - access control (missing/overbroad roles) - reentrancy surfaces (external calls, callbacks) - accounting correctness (under/overflow, rounding, precision, fee logic) - ERC standard compliance (events, return values) - upgradeability hazards (storage layout, initializer patterns) - DoS vectors (unbounded loops, griefing) 3. Identify invariants and where they can break. 4. Produce findings with reproduction notes and recommended fixes.Validation
Output
Audit report (example schema):summary: ""
findings:
- id: "SC-001"
severity: "critical|high|medium|low|info"
title: ""
location: ["contracts/X.sol:123"]
description: ""
impact: ""
recommendation: ""
assumptions: ["..."]
Safety Rules
Example
Scope:["contracts/Vault.sol", "contracts/Token.sol"]
Output: includes reentrancy review of withdraw() and role boundaries for setFee().
⚡ When to Use
💡 Examples
Scope: ["contracts/Vault.sol", "contracts/Token.sol"]
Output: includes reentrancy review of withdraw() and role boundaries for setFee().