// Security audit and code review for Solidity smart contracts. Trigger phrases - audit, check PR, security review, pre-audit preparation, vulnerability check, or when preparing code for external audit.
Write bulloak tree specifications (.tree files) for smart contract integration tests. Trigger phrases - write a tree, create test tree, BTT spec, bulloak tree, Branching Tree Technique, or when writing integration tests for contract functions.
Verify smart contracts on Etherscan, Routescan, and Blockscout block explorers. This skill should be used when the user asks to "verify contract", "verify on etherscan", "verify on blockscout", "verify on routescan", "verify on chain scan". Handles standard verification, Etherscan V2 API, Routescan, Blockscout verification, proxy patterns, and factory-created contracts.
Write Foundry-based tests and scripts. Trigger phrases - foundry testing, write test, fuzz test, fork test, invariant test, deploy script, gas benchmark, coverage, or when working in tests/ or scripts/ directories.
Protocol domain knowledge - Lockup (vesting), Flow (streaming), Airdrops (merkle distribution). This skill provides context when implementing business logic, understanding protocol formulas, state transitions, or answering questions about how Sablier protocols work.
Write production-quality Solidity contracts. Trigger phrases - write contract, implement function, add feature, add error, gas optimization, event design, contract architecture, or when working in src/ directories.
| name | audit |
| agent | Plan |
| user-invocable | true |
| description | Security audit and code review for Solidity smart contracts. Trigger phrases - audit, check PR, security review, pre-audit preparation, vulnerability check, or when preparing code for external audit. |
Audit and code review guidance for Solidity smart contracts. For detailed vulnerability patterns, see bundled references.
| Reference | Content | When to Read |
|---|---|---|
.claude/skills/audit/references/vulnerability-checklist.md | 17 vulnerability categories | During security reviews |
.claude/skills/audit/references/audit-workflow.md | Step-by-step audit process | When conducting formal audits |
.claude/skills/audit/references/pre-audit-checklist.md | Code quality + testing prep | Before external audit |
Workflow: Use pre-audit-checklist to prepare → vulnerability-checklist to review → audit-workflow for formal
process.
| Type | Purpose | Depth | When to Use |
|---|---|---|---|
| Self-Review | Pre-submission sanity check | Quick | Before creating a PR |
| PR Review | Verify changes meet standard | Moderate | When reviewing others' PRs |
| Deep Review | Thorough security analysis | Deep | Before mainnet deployment |
| Audit | Comprehensive security audit | Thorough | Pre-launch or after major change |
| Issue | Detection |
|---|---|
| Missing access control | New external functions without modifiers |
| State after external | .call{}/transfer followed by state changes |
| Unchecked return values | .call() without checking success |
| Missing events | State changes without event emission |
| Incomplete error info | Errors without diagnostic parameters |
| Test coverage gaps | New code paths without corresponding tests |
| Breaking changes | Interface modifications without deprecation |
| Gas regression | New loops, storage operations in hot paths |
| Severity | Definition |
|---|---|
| Critical (C) | Direct fund loss or permanent freeze |
| High (H) | Significant loss under specific conditions |
| Medium (M) | Limited loss or functionality impairment |
| Low (L) | Minor issues, deviations from best practices |
| Informational | Suggestions and observations |
Full checklist: See
.claude/skills/audit/references/vulnerability-checklist.mdfor comprehensive patterns.
| Severity | Key Checks |
|---|---|
| Critical | Reentrancy (CEI), Access control, Unchecked .call(), Delegatecall targets, Signature replay |
| High | Flash loan assumptions, Oracle manipulation, Front-running, Integer overflow, Price inflation |
| Medium | Fee-on-transfer tokens, Rebasing tokens, Unbounded loops, Timestamp dependence |
| Prefix | Meaning |
|---|---|
BLOCKING: | Must fix before merge |
IMPORTANT: | Should fix, but can be follow-up |
SUGGESTION: | Nice to have, optional |
NIT: | Minor style preference |
QUESTION: | Clarification needed |
Security properties that MUST always hold. Read the authoritative invariants from the codebase.
| Package | Location |
|---|---|
| Lockup | lockup/tests/invariant/README.md |
| Flow | flow/tests/invariant/README.md |
When reviewing code, read the package's invariant README and verify:
| Category | Check |
|---|---|
| Value conservation | Total in = total out + total remaining |
| Monotonic state | Withdrawn/streamed amounts never decrease |
| Access control | Only authorized roles modify state |
| State machine | Only valid transitions occur (see README) |
Test this skill with these prompts:
withdraw function"SablierFlow.sol contract"