back to all skills

smart-contract-auditor

web3v1.0.0

Audit Solidity smart contracts for vulnerabilities, gas optimization, and best practices.

copied ✓
openclawclaude-codecursorcodex
0 installsVirusTotal: cleanSource code

Smart Contract Auditor

Audit Checklist

1. Access Control

  • onlyOwner / role-based access on sensitive functions
  • No unprotected selfdestruct
  • No unprotected proxy upgrade functions
  • Ownership transfer is two-step (propose + accept)
  • No default public visibility on state variables

2. Reentrancy

  • External calls are last (checks-effects-interactions pattern)
  • ReentrancyGuard on functions with external calls + state changes
  • No cross-function reentrancy via shared state

3. Integer Safety

  • Solidity 0.8+ (built-in overflow protection) or SafeMath
  • Checked division (no divide by zero)
  • Casting between types checked for truncation

4. Input Validation

  • All user inputs validated (address != 0, amount > 0)
  • Array bounds checked
  • Ether values validated

5. Token Handling

  • SafeERC20 for all token transfers (handles non-standard returns)
  • Check return values of transfer / transferFrom
  • Handle fee-on-transfer tokens if applicable
  • Handle rebasing tokens if applicable

6. Flash Loan Protection

  • Price oracles use TWAP (not spot price)
  • Critical functions have minimum time delays
  • Governance votes have sufficient voting periods

7. Front-Running Protection

  • Commit-reveal for sensitive operations
  • Maximum slippage parameters on swaps
  • Deadline parameters on transactions

8. Gas Optimization

  • Use uint256 instead of smaller types (EVM operates on 256-bit)
  • Pack storage variables (multiple small vars in one slot)
  • Use calldata instead of memory for read-only function params
  • Cache storage reads in local variables
  • Use ++i instead of i++
  • Use custom errors instead of require strings

Full vulnerability catalog: references/vulnerability-catalog.md Gas optimization guide: references/gas-optimization.md Complete audit process: references/audit-checklist.md

References

  • references/vulnerability-catalog.md — Top 20 vulnerabilities with examples
  • references/gas-optimization.md — Gas saving patterns
  • references/audit-checklist.md — Step-by-step audit process