skills for everythingsolodit-skill
Smart contract security audit assistant powered by Solodit API and professional audit tools. Capabilities: (1) Search 50,000+ vulnerabilities from top audit firms, (2) Fetch verified contracts from Etherscan/BSCScan/etc by URL or address, (3) Run static analysis with Slither/Aderyn/Mythril, (4) Fuzz testing with Echidna/Medusa/Foundry, (5) Write security tests for EVM/Solana/Neo/TON/Move/Cairo/CosmWasm, (6) Generate PoC exploits, (7) Create audit reports in Code4rena/Sherlock/Cyfrin style, (8) Debug transactions with Phalcon/Tenderly. Triggers: "audit", "security review", "vulnerability", "exploit", "PoC", "solodit", "slither", "aderyn", "echidna", "fuzz", "reentrancy", "flash loan", "oracle manipulation", "etherscan", "contract address".
SKILL.md
| Name | solodit-skill |
| Description | Smart contract security audit assistant powered by Solodit API and professional audit tools. Capabilities: (1) Search 50,000+ vulnerabilities from top audit firms, (2) Fetch verified contracts from Etherscan/BSCScan/etc by URL or address, (3) Run static analysis with Slither/Aderyn/Mythril, (4) Fuzz testing with Echidna/Medusa/Foundry, (5) Write security tests for EVM/Solana/Neo/TON/Move/Cairo/CosmWasm, (6) Generate PoC exploits, (7) Create audit reports in Code4rena/Sherlock/Cyfrin style, (8) Debug transactions with Phalcon/Tenderly. Triggers: "audit", "security review", "vulnerability", "exploit", "PoC", "solodit", "slither", "aderyn", "echidna", "fuzz", "reentrancy", "flash loan", "oracle manipulation", "etherscan", "contract address". |
name: solodit-skill description: | Smart contract security audit assistant powered by Solodit API and professional audit tools.
Capabilities: (1) Search 50,000+ vulnerabilities from top audit firms, (2) Fetch verified contracts from Etherscan/BSCScan/etc by URL or address, (3) Run static analysis with Slither/Aderyn/Mythril, (4) Fuzz testing with Echidna/Medusa/Foundry, (5) Write security tests for EVM/Solana/Neo/TON/Move/Cairo/CosmWasm, (6) Generate PoC exploits, (7) Create audit reports in Code4rena/Sherlock/Cyfrin style, (8) Debug transactions with Phalcon/Tenderly.
Triggers: "audit", "security review", "vulnerability", "exploit", "PoC", "solodit", "slither", "aderyn", "echidna", "fuzz", "reentrancy", "flash loan", "oracle manipulation", "etherscan", "contract address".
Solodit Security Audit Skill
Configuration
Required Environment Variables:
# Solodit API (required)
export SOLODIT_API_KEY=sk_your_key_here
# Blockchain Explorers (optional, for fetching contracts)
export ETHERSCAN_API_KEY=xxx
export BSCSCAN_API_KEY=xxx
export ARBISCAN_API_KEY=xxx
# RPC URLs (optional, for fork testing)
export ETH_RPC_URL=https://eth-mainnet.g.alchemy.com/v2/xxx
Get Solodit API key: https://solodit.cyfrin.io (Profile → API Keys)
Quick Commands
# Search vulnerabilities
python3 scripts/solodit_api.py search --keywords "reentrancy" --impact HIGH
# Fetch contract from Etherscan URL
python3 scripts/fetch_contract.py "https://etherscan.io/address/0x..."
# Fetch by address
python3 scripts/fetch_contract.py 0x1234... --chain ethereum
# Detect project framework
python3 scripts/project_detector.py /path/to/project
# Run static analysis
slither .
aderyn .
# Run fuzzing
forge test --fuzz-runs 10000
echidna . --contract InvariantTest
Workflows
1. Audit from Contract Address/URL
# Fetch verified source
python3 scripts/fetch_contract.py "https://etherscan.io/address/0x..."
# Run static analysis
cd contracts/ContractName
slither .
aderyn . -o report.md
# Search similar vulnerabilities
python3 scripts/solodit_api.py search --keywords "relevant keyword"
2. Search Vulnerabilities
python3 scripts/solodit_api.py search --keywords "flash loan"
python3 scripts/solodit_api.py search --impact HIGH --firms Cyfrin,Sherlock
python3 scripts/solodit_api.py search --tags "Oracle,Reentrancy" --category DeFi
python3 scripts/solodit_api.py search --days 30 --limit 50
See references/filters.md for all filter options.
3. Static Analysis
| Tool | Command | Best For |
|---|---|---|
| Slither | slither . | Quick comprehensive scan |
| Aderyn | aderyn . | Fast Rust-based analysis |
| Mythril | myth analyze src/Contract.sol | Deep symbolic execution |
| Solhint | solhint 'src/**/*.sol' | Code style/linting |
| 4naly3er | yarn analyze /path | Auto QA reports |
See references/audit_tools.md for detailed usage.
4. Fuzzing & Invariant Testing
| Tool | Command | Use Case |
|---|---|---|
| Foundry Fuzz | forge test --fuzz-runs 10000 | Property testing |
| Echidna | echidna . --contract Test | Invariant testing |
| Medusa | medusa fuzz | Parallel fuzzing |
| Halmos | halmos --contract Test | Symbolic testing |
5. Transaction Analysis
| Tool | Usage |
|---|---|
| Phalcon | https://phalcon.blocksec.com - Paste tx hash |
| MetaSleuth | https://metasleuth.io - Address tracing |
| Tenderly | tenderly debug tx <hash> |
| Foundry | cast run <tx_hash> --debug |
6. Write Security Tests
Detect framework → Use appropriate template:
| Chain | Framework | Reference |
|---|---|---|
| EVM | Foundry | test_frameworks/evm_foundry.md |
| EVM | Hardhat | test_frameworks/evm_hardhat.md |
| Solana | Anchor | test_frameworks/solana_anchor.md |
| Neo N3 | Neo-Test/Express/Fairy | test_frameworks/neo.md |
| TON | Blueprint/Tact | test_frameworks/ton.md |
| Move | Aptos/Sui CLI | test_frameworks/move.md |
| Cairo | Starknet Foundry | test_frameworks/cairo.md |
| CosmWasm | cw-multi-test | test_frameworks/cosmwasm.md |
7. Generate PoC Exploits
| Vulnerability | Template |
|---|---|
| Reentrancy | poc_templates/reentrancy.md |
| Flash Loan | poc_templates/flash_loan.md |
| Oracle Manipulation | poc_templates/oracle_manipulation.md |
| Access Control | poc_templates/access_control.md |
| Integer Overflow | poc_templates/integer_overflow.md |
| Price Manipulation | poc_templates/price_manipulation.md |
8. Generate Audit Reports
| Style | Template | Use Case |
|---|---|---|
| Code4rena | report_templates/code4rena.md | Competitions |
| Sherlock | report_templates/sherlock.md | Sherlock platform |
| Cyfrin | report_templates/cyfrin.md | Professional |
| Generic | report_templates/generic.md | General |
Supporting: finding_template.md | severity_guide.md
Full Audit Workflow
# 1. Get code (local or from explorer)
python3 scripts/fetch_contract.py "https://etherscan.io/address/0x..."
# 2. Detect framework
python3 scripts/project_detector.py ./contracts/Target
# 3. Quick static analysis
slither . --filter-paths "test|lib"
aderyn . -o aderyn-report.md
# 4. Search similar vulnerabilities
python3 scripts/solodit_api.py search --keywords "lending oracle" --impact HIGH
# 5. Run tests
forge test -vvv
# 6. Fuzz critical functions
forge test --fuzz-runs 10000
# 7. Generate report (choose template)
# Use report_templates/*.md