| name | security-audit |
| description | Smart contract security audit assistant powered by Solodit API. Search 50,000+ vulnerabilities, fetch contracts from 40+ chains, run static analysis, generate PoC exploits and audit reports.
|
| version | 1.0.0 |
| author | OS-Lihua <os-lihua@users.noreply.github.com> |
| tags | ["security","audit","vulnerability","solodit","slither","aderyn","exploit","poc","smart-contract"] |
Security Audit Skill
Smart contract security audit assistant powered by Solodit API and professional audit tools.
Quick Start
python3 scripts/solodit_api.py search --keywords "reentrancy" --impact HIGH
python3 scripts/fetch_contract.py "https://etherscan.io/address/0x..."
python3 scripts/project_detector.py /path/to/project
Scripts
Environment Variables
| Variable | Required | Description |
|---|
SOLODIT_API_KEY | Yes | Solodit API key from https://solodit.cyfrin.io |
ETHERSCAN_API_KEY | No | Etherscan API key for fetching contracts |
BSCSCAN_API_KEY | No | BSCScan API key |
ARBISCAN_API_KEY | No | Arbiscan API key |
Capabilities
- Search Vulnerabilities - Query 50,000+ findings from top audit firms (Cyfrin, Sherlock, Code4rena, etc.)
- Fetch Contracts - Download verified source code from 40+ blockchain explorers
- Detect Frameworks - Auto-detect project framework (Foundry, Hardhat, Anchor, etc.)
- Static Analysis - Run Slither, Aderyn, Mythril for automated scanning
- Fuzz Testing - Echidna, Medusa, Foundry for invariant testing
- PoC Generation - Templates for reentrancy, flash loan, oracle manipulation exploits
- Report Generation - Code4rena, Sherlock, Cyfrin style audit reports
Best Practices
- Always verify contract source before auditing
- Use multiple static analysis tools for comprehensive coverage
- Search Solodit for similar vulnerabilities in related protocols
- Write PoC tests to confirm findings
- Follow severity guidelines when rating issues