evm-audit-assembly

Name: Evm Audit Assembly
Author: austintgriffith

// Inline assembly, CREATE/CREATE2, EXTCODESIZE, and low-level opcode vulnerabilities. Covers metamorphic contracts, constructor-time code absence, assembly math overflow, and div-by-zero returning 0. Load when the contract uses inline assembly or CREATE2.

Run Skill in Manus

$ git log --oneline --stat

stars:5

forks:2

updated:February 28, 2026 at 16:14

File Explorer

5 files

SKILL.md

readonly

name	evm-audit-assembly
description	Inline assembly, CREATE/CREATE2, EXTCODESIZE, and low-level opcode vulnerabilities. Covers metamorphic contracts, constructor-time code absence, assembly math overflow, and div-by-zero returning 0. Load when the contract uses inline assembly or CREATE2.

EVM Audit — Assembly & Opcode Vulnerabilities

Load when auditing contracts that use inline assembly, Yul, CREATE/CREATE2, or low-level EVM opcodes.

Reference Files

references/checklist.md — Full assembly/opcode checklist

related-skills.json

same repository

evm-audit-access-control.md

from "austintgriffith/evm-audit-skills"

EVM smart contract audit checklist for non-obvious access control issues. Covers centralization risks, privilege escalation, two-step ownership, role management, and admin rug vectors. Use when auditing protocols with privileged roles, admin functions, or governance. Load references/checklist.md for the full checklist.

2026-02-285

evm-audit-bridges.md

from "austintgriffith/evm-audit-skills"

Cross-chain bridge vulnerabilities for LayerZero V2, Chainlink CCIP, Wormhole, Across, and general bridge security. Covers message ordering, fee handling, relayer trust, dust/normalization, and configuration pitfalls. Load when auditing any cross-chain protocol.

2026-02-285

evm-audit-chain-specific.md

from "austintgriffith/evm-audit-skills"

Chain-specific EVM quirks for Arbitrum, Optimism, Base, zkSync, Blast, BNB, Berachain and other L2s. Covers block.number behavior, sequencer downtime, address aliasing, retryable tickets, opcode differences, gas fee variations, and PUSH0 support. Load when deploying to any non-mainnet EVM chain.

2026-02-285

evm-audit-defi-amm.md

from "austintgriffith/evm-audit-skills"

AMM-specific vulnerabilities including Uniswap V3/V4 hooks, concentrated liquidity, swap routing, TWAMM, slippage, and DEX integration pitfalls. Load when auditing any AMM, DEX, swap router, or Uniswap V4 hook.

2026-02-285

evm-audit-defi-lending.md

from "austintgriffith/evm-audit-skills"

CDP, lending market, liquidation, and borrowing vulnerabilities. Covers collateral handling, health factors, auction liquidations, bad debt, interest accrual, and lending protocol integration (AAVE, Compound). Load when auditing any lending/borrowing protocol.

2026-02-285

evm-audit-defi-staking.md

from "austintgriffith/evm-audit-skills"

Liquid staking derivatives (stETH, rETH, cbETH, sfrxETH), LRTs, restaking, staking rewards, and yield farming vulnerabilities. Load when auditing staking protocols, LSD integrations, or yield aggregators.

2026-02-285

package.json