Prevent costly vulnerabilities in your Solidity code. This skill provides proven security patterns, vulnerability detection checklists, and gas optimization techniques used by professional auditors to protect DeFi protocols and smart contracts.
Die Skill-ZIP herunterladen
In Claude hochladen
Gehe zu Einstellungen → Fähigkeiten → Skills → Skill hochladen
Einschalten und loslegen
Teste es
Verwendung von "solidity-security". Is this withdraw function secure? function withdraw() public { uint256 amount = balances[msg.sender]; payable(msg.sender).transfer(amount); balances[msg.sender] = 0; }
Erwartetes Ergebnis:
This function is VULNERABLE to reentrancy. The external call happens before the state update. An attacker can recursively call withdraw before the balance is set to zero. FIX: Apply Checks-Effects-Interactions pattern: first set balances[msg.sender] = 0, then make the external call. Alternatively, use OpenZeppelin's ReentrancyGuard with the nonReentrant modifier.
Verwendung von "solidity-security". How do I add access control to my admin-only function?
Erwartetes Ergebnis:
Import OpenZeppelin's Ownable contract and use the onlyOwner modifier. Alternatively, implement role-based access with a mapping and custom modifier. Ensure the function validates msg.sender is authorized before executing sensitive operations.
Sicherheitsaudit
SicherAll 72 static analysis findings are false positives. The detected patterns (shell backticks, dynamic requires, weak cryptography) exist within markdown code blocks demonstrating Solidity security concepts and JavaScript testing examples. This skill contains only educational documentation with no executable code. The skill legitimately teaches smart contract security best practices including reentrancy prevention, access control, and gas optimization.
Qualitätsbewertung
Was du bauen kannst
Building a DeFi Protocol
Implement secure lending, borrowing, or exchange contracts with proper reentrancy guards and access control.
Auditing Smart Contracts
Review existing contracts for vulnerabilities before mainnet deployment or integration.
Learning Solidity Security
Understand common attack vectors and proven mitigation patterns for secure development.
Probiere diese Prompts
Review my Solidity contract for common vulnerabilities including reentrancy, overflow, and access control issues. Point out any insecure patterns and suggest fixes.
Help me add reentrancy protection to my withdraw function. Show me both the Checks-Effects-Interactions pattern and the OpenZeppelin ReentrancyGuard approach.
Analyze my contract for gas optimization opportunities. Focus on storage packing, calldata usage, and reducing redundant operations while maintaining security.
Review my contract for audit readiness. Check for NatSpec documentation, input validation, emergency stop mechanisms, and proper event emission. Create a security checklist.
Bewährte Verfahren
- Always apply Checks-Effects-Interactions pattern: validate inputs, update state, then make external calls
- Use OpenZeppelin's audited contracts for ReentrancyGuard, Ownable, and Pausable instead of custom implementations
- Enable Solidity 0.8+ for built-in overflow/underflow protection or use SafeMath library for older versions
Vermeiden
- Never use tx.origin for authentication - it can be phished by malicious contracts
- Avoid making external calls before updating contract state, as this enables reentrancy attacks
- Do not use floating pragma - always pin to a specific Solidity version to ensure deterministic compilation