---

name: smart-contract-security description: "Guide for EVM/solidity smart contract security work: vulnerability taxonomy, review workflow, and where to place resources in README.md."

Smart Contract Security (EVM / Solidity)

Scope

Use this skill when working on:

• Solidity/EVM auditing resources
• EVM vulnerability categories and examples
• Tooling for contract analysis (static, dynamic, fuzzing)

Common Vulnerabilities (Cheat Sheet)

• Reentrancy
• Access control bugs
• Price oracle manipulation
• MEV / sandwich / frontrunning
• Flash loan enabled logic flaws
• Precision / rounding / decimal mismatch
• Signature and permit mistakes (EIP-2612 / Permit2)
• Upgradeability mistakes (UUPS / Transparent)

Recommended Review Workflow

1. Threat model: assets, trust boundaries, privileged roles
2. State machine: invariants, transitions, edge cases
3. Access control: ownership, roles, upgrade admin
4. External calls: reentrancy, callback surfaces, token hooks
5. Economic analysis: pricing, liquidity, oracle, incentives
6. Testing: unit tests + fuzzing + invariant tests
7. Reporting: severity, exploitability, PoC, remediation

Where to Add Links in README

• New analyzers/fuzzers: Development → Tools or Security (choose primary)
• Audit methodologies/standards: Security
• Practice labs/CTFs: Security Starter Pack → CTFs / Practice
• Audit report portfolios: Security Starter Pack → Audit Reports

Notes

Keep additions:

• English descriptions
• Non-duplicated URLs
• Minimal structural changes