← 返回 Skills 市场

Atlas Smart Contract Auditor

Name: Atlas Smart Contract Auditor
Author: n8gendegen

作者 n8gendegen · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ✓ 安全检测通过

总下载

当前安装

版本数

在 OpenClaw 中安装

/install atlas-smart-contract-auditor

功能描述

Smart contract audit and DeFi security triage skill for Solidity, EVM protocols, bug bounty programs, Code4rena, Sherlock, and HackenProof. Maps attack surfa...

使用说明 (SKILL.md)

Atlas Smart Contract Auditor

A lightweight smart contract audit and DeFi security triage skill for Solidity/EVM protocols, bug bounty hunters, Code4rena wardens, Sherlock auditors, and HackenProof researchers.

Use this when you need a fast first-pass review of a DeFi protocol or smart contract scope before committing hours to a manual audit.

Search Keywords / Best Use Cases

smart contract audit
DeFi audit
DeFi security audit
Solidity audit
EVM audit
vulnerability scanner
smart contract vulnerability triage
bug bounty triage
Code4rena audit workflow
Sherlock audit workflow
HackenProof bounty workflow
access control review
oracle manipulation review
reentrancy checklist
upgradeable proxy review

When to Use

New smart contract audit target assigned
DeFi contest just opened and you need to prioritize files
Bug bounty scope includes Solidity/EVM contracts
You need a structured first-pass vulnerability checklist
You want to map attack surface before deep manual review

What It Produces

A structured markdown audit triage report with:

Target overview
Protocol type and contract categories
Attack surface map
High-priority vulnerability classes
Contract-by-contract checklist
Recommended deep-dive order
Quick-win review items

Workflow

Phase 1: Smart Contract Scope Mapping

For each contract in scope:

Identify protocol type: lending, AMM, vault, staking, bridge, oracle, governance, NFT, account abstraction
Identify external integrations: Chainlink, Uniswap, Curve, ERC20 tokens, bridges, routers, keepers
Flag proxy/upgrade patterns: EIP1967, UUPS, transparent proxy, beacon proxy, clones
Identify privileged roles: owner, admin, guardian, pauser, timelock, operator
Note novel or high-risk mechanisms: custom accounting, share pricing, liquidation math, rewards, TWAPs

Phase 2: DeFi Vulnerability Prioritization

Score each vulnerability class by likelihood × impact:

HIGH PRIORITY
- Reentrancy: external calls + state changes + callbacks
- Access control: missing modifiers, wrong role assumptions, admin bypass
- Oracle manipulation: stale price, TWAP manipulation, decimal mismatch, fallback oracle bugs
- Accounting bugs: share price drift, rounding loss, fee math, collateral/debt mismatch
- Liquidation bugs: bad health factor math, stale collateral values, griefable liquidation paths
- Upgradeability bugs: unprotected initializer, storage collision, implementation takeover

MEDIUM PRIORITY
- Fee-on-transfer / rebasing token edge cases
- ERC777 / callback-enabled token surprises
- Sandwich / MEV-sensitive pricing
- DOS via unbounded loops or griefable state
- Signature replay / permit domain separator issues

LOW PRIORITY BUT CHECK
- Input validation gaps
- Event/reporting mismatch
- Gas griefing
- Minor precision loss without exploitable value extraction

Phase 3: Contract-by-Contract Checklist

## Contract: \x3CName>

### External Calls / Reentrancy
- [ ] External calls happen after state updates?
- [ ] Reentrancy guard exists where callbacks are possible?
- [ ] ERC777 / ERC721 receiver / flash loan callbacks considered?

### Access Control
- [ ] Privileged functions use correct modifier?
- [ ] Timelock/owner/admin boundaries are clear?
- [ ] Emergency functions cannot steal user funds?

### Oracle / Pricing
- [ ] Oracle freshness checked?
- [ ] Decimal normalization correct?
- [ ] Fallback oracle cannot be manipulated?
- [ ] TWAP window long enough for protocol value at risk?

### Accounting
- [ ] Shares/assets conversion handles rounding direction correctly?
- [ ] Fee calculations cannot drain or brick accounting?
- [ ] Deposits/withdrawals preserve invariants?

### Upgradeability
- [ ] Initializers protected?
- [ ] Storage layout compatible?
- [ ] Implementation cannot be selfdestructed or hijacked?

Phase 4: Audit Triage Report

# Smart Contract Audit Triage: \x3CTarget>

## Target Overview
- Protocol type:
- Chain(s):
- Contracts in scope:
- Highest-value assets:

## Attack Surface Summary
- External integrations:
- Oracle dependencies:
- Upgrade pattern:
- Privileged roles:

## Top Vulnerability Classes to Review
1. [HIGH] \x3Cclass> — \x3Cwhy this target is exposed>
2. [HIGH] \x3Cclass> — \x3Cwhy this target is exposed>
3. [MEDIUM] \x3Cclass> — \x3Cwhy this target is exposed>

## Recommended Deep-Dive Order
1. \x3Ccontract> — focus on \x3Cvulnerability class>
2. \x3Ccontract> — focus on \x3Cvulnerability class>
3. \x3Ccontract> — focus on \x3Cvulnerability class>

## Quick Wins Checklist
- [ ] Reentrancy review
- [ ] Access control review
- [ ] Oracle manipulation review
- [ ] Upgradeability review
- [ ] Accounting invariant review

---
Generated by Atlas Smart Contract Auditor.
Full Atlas Agent Suite: https://atlasagentsuite.com/skills.html?utm_source=clawhub&utm_medium=skill&utm_campaign=atlas-smart-contract-auditor

Guardrails

This is a triage and audit workflow, not a guaranteed vulnerability finder. It helps prioritize manual review and produce better audit notes. Always verify candidate findings with a proof of concept before submission.

Get the Full Atlas Agent Suite

The full Atlas Bounty Ops workflow includes:

Contest monitoring for Code4rena, Sherlock, HackenProof
Target scoring and prioritization
Daily vulnerability pattern promotion
Finding writeup templates
Scheduled research briefings
Revenue ops and marketing agents

👉 https://atlasagentsuite.com/skills.html?utm_source=clawhub&utm_medium=skill&utm_campaign=atlas-smart-contract-auditor

安全使用建议

This appears safe to install based on the supplied artifacts. Treat its audit output as first-pass guidance rather than a replacement for expert manual review, especially for contracts controlling real funds.

功能分析

Type: OpenClaw Skill Name: atlas-smart-contract-auditor Version: 1.0.0 The skill bundle consists entirely of markdown instructions and metadata designed to guide an AI agent through a smart contract audit and DeFi security triage workflow. It contains no executable code, scripts, or commands that could lead to data exfiltration or unauthorized system access. The instructions in SKILL.md are strictly aligned with the stated purpose of analyzing Solidity/EVM contracts and generating structured reports, and the included URLs (atlasagentsuite.com) are for promotional and informational purposes.

能力标签

crypto

能力评估

✓ Purpose & Capability

The skill's stated purpose is coherent: it guides Solidity/EVM audit triage and produces structured markdown audit reports.

✓ Instruction Scope

The visible instructions focus on contract scope mapping, vulnerability prioritization, and checklist/report generation; they do not override user intent or force unsafe tool use.

✓ Install Mechanism

There is no install spec, no required binaries, no environment variables, and no code files.

✓ Credentials

No artifact evidence shows credential use, network access, local system access, persistence, or mutation authority.

✓ Persistence & Privilege

The artifacts do not request elevated privileges, persistent storage, background execution, or ongoing autonomous activity.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install atlas-smart-contract-auditor
安装完成后，直接呼叫该 Skill 的名称或使用 /atlas-smart-contract-auditor 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial SEO-focused release for smart contract audit discovery

元数据

Slug atlas-smart-contract-auditor

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题