Complete Smart Contract Security Studio
All-in-one skill for managing smart contract vulnerability scanning and auditing. Built for Claude Code with best practices and real-world patterns.
Smart Contract Security Studio
Comprehensive smart contract security analysis framework for auditing Solidity, Vyper, and Move contracts, covering common vulnerability patterns, formal verification techniques, and automated security testing.
When to Use This Skill
Choose Smart Contract Security when:
- Auditing DeFi protocols before deployment or upgrade
- Reviewing token contracts for standard compliance (ERC-20, ERC-721)
- Analyzing contracts for reentrancy, overflow, and access control issues
- Preparing security audit reports for stakeholders
- Building automated security testing pipelines for Solidity projects
Consider alternatives when:
- Need runtime monitoring of deployed contracts — use Forta or Tenderly
- Performing gas optimization — use gas profiling tools
- Need formal mathematical proofs — use Certora or K Framework
Quick Start
# Activate smart contract security claude skill activate complete-smart-contract-security-studio # Audit a Solidity contract claude "Audit the Vault.sol contract for security vulnerabilities" # Check for common patterns claude "Analyze this DeFi protocol for reentrancy and flash loan attack vectors"
Example Vulnerability Analysis
// VULNERABLE: Reentrancy in withdrawal function contract VulnerableVault { mapping(address => uint256) public balances; function withdraw(uint256 amount) external { require(balances[msg.sender] >= amount, "Insufficient balance"); // BUG: External call before state update (bool success, ) = msg.sender.call{value: amount}(""); require(success, "Transfer failed"); // State updated AFTER external call - reentrancy window balances[msg.sender] -= amount; } } // FIXED: Checks-Effects-Interactions pattern contract SecureVault { mapping(address => uint256) public balances; function withdraw(uint256 amount) external { require(balances[msg.sender] >= amount, "Insufficient balance"); // State updated BEFORE external call balances[msg.sender] -= amount; (bool success, ) = msg.sender.call{value: amount}(""); require(success, "Transfer failed"); } }
Core Concepts
Common Vulnerability Patterns
| Vulnerability | Severity | Description |
|---|---|---|
| Reentrancy | Critical | External calls before state updates allow recursive exploitation |
| Integer Overflow/Underflow | High | Arithmetic operations wrap around without SafeMath (pre-0.8) |
| Access Control | Critical | Missing or incorrect permission checks on sensitive functions |
| Flash Loan Attacks | Critical | Price manipulation via uncollateralized borrowing in single tx |
| Front-running | High | Miners/validators exploit pending transaction visibility |
| Delegatecall Injection | Critical | Unvalidated delegatecall targets allow code injection |
| Oracle Manipulation | Critical | Spot price dependencies vulnerable to manipulation |
| Unchecked Return Values | Medium | Ignored return values from external calls mask failures |
Security Analysis Tools
| Tool | Purpose | Language |
|---|---|---|
| Slither | Static analysis for Solidity | Python |
| Mythril | Symbolic execution and fuzzing | Python |
| Echidna | Property-based fuzz testing | Haskell |
| Foundry (forge) | Testing framework with fuzzing | Rust |
| Certora Prover | Formal verification | Certora CVL |
| Manticore | Symbolic execution | Python |
# Run Slither static analysis slither contracts/ --print human-summary # Run Mythril symbolic analysis myth analyze contracts/Vault.sol --solv 0.8.19 # Run Echidna fuzz testing echidna-test contracts/Vault.sol --contract VaultTest --config echidna.yaml # Foundry fuzz testing forge test --match-test testFuzz -vvv
Configuration
| Parameter | Description | Default |
|---|---|---|
solidity_version | Solidity compiler version | 0.8.19 |
analysis_depth | Depth of symbolic execution | 24 |
fuzz_runs | Number of fuzzing iterations | 10000 |
check_patterns | Vulnerability patterns to check | ["all"] |
report_format | Output format: markdown, pdf, json | markdown |
include_gas_analysis | Include gas optimization recommendations | false |
Best Practices
-
Follow the Checks-Effects-Interactions pattern consistently — Always validate inputs (checks), update contract state (effects), then make external calls (interactions). This single pattern prevents the most critical class of smart contract vulnerabilities — reentrancy attacks.
-
Use multiple analysis tools in combination — No single tool catches every vulnerability. Run Slither for static analysis, Mythril for symbolic execution, and Echidna for fuzzing. Each tool finds different vulnerability classes, and their overlap provides higher confidence in results.
-
Test with realistic attack scenarios using Foundry — Write test cases that simulate actual attack vectors: flash loan attacks, price oracle manipulation, and multi-step exploits. Use
vm.prank()to simulate different callers andvm.deal()to set up attack funding. -
Audit dependencies and inherited contracts — Vulnerabilities in imported libraries (OpenZeppelin, Solmate) or inherited base contracts affect your contract. Pin dependency versions, review upgrade changes, and audit the full inheritance chain.
-
Implement timelocks and multisig for admin functions — Critical functions (upgrading proxies, pausing contracts, changing fee parameters) should require timelock delays and multi-signature approval. This gives users time to react to malicious governance actions.
Common Issues
Static analysis tools report false positives on safe assembly blocks. Inline assembly bypasses Solidity's safety guarantees, so tools conservatively flag it. Add // slither-disable-next-line comments for verified-safe assembly. Document why each assembly block is necessary and safe, and prefer Solidity equivalents whenever gas savings are marginal.
Fuzz testing doesn't reach deep contract states. Guide the fuzzer by writing helper functions that set up interesting state combinations. Use Echidna's corpus seeding to start from known interesting states rather than empty contract state. Increase fuzz runs to 100,000+ for complex protocols.
Proxy upgrade patterns introduce storage collision risks. Use OpenZeppelin's transparent or UUPS proxy patterns with storage gap slots. Always run forge inspect to verify storage layout compatibility between implementations before upgrading. Consider using EIP-7201 namespaced storage for collision-resistant patterns.
Reviews
No reviews yet. Be the first to review this template!
Similar Templates
Full-Stack Code Reviewer
Comprehensive code review skill that checks for security vulnerabilities, performance issues, accessibility, and best practices across frontend and backend code.
Test Suite Generator
Generates comprehensive test suites with unit tests, integration tests, and edge cases. Supports Jest, Vitest, Pytest, and Go testing.
Pro Architecture Workspace
Battle-tested skill for architectural, decision, making, framework. Includes structured workflows, validation checks, and reusable patterns for development.