功能描述

审计finding三级验收流水线：自身forge test验证 → GitHub CI → 审查员评审。确保提交真实可靠的验证级产出。

使用说明 (SKILL.md)

Audit Verification Pipeline

Name: Audit Verification Pipeline
Author: yuzengbaao

触发条件

触发场景

场景	对应能力	说明
写完 PoC 准备验证	Level 1: Self-Verification	forge build + forge test 确认攻击效果
准备提交 finding 到外部平台	Level 3: Pre-submission checklist	提交前必须完成三级验收
forge test 结果不确定	Quality Self-Assessment	判断 PASS 是否等于 finding 真实
判断 finding 严重度	Severity Assessment Guide	防止高估（Medium→Low 惯例）
推送审计代码到 GitHub	Level 2: GitHub CI	CI 必须配置防止跳过验证

决策流程

发现可疑代码 → 写 PoC → forge build → forge test
  ├─ PASS + 攻击效果确认 → 质量自评 → 提交宝总决策 → (是) 提交外部平台
  ├─ PASS + 无攻击效果 → 丢弃（FALSE POSITIVE）
  └─ FAIL → 修复（最多3轮）→ 仍失败 → 丢弃

反触发（不使用此技能的场景）

没有 PoC 代码时：纯代码审查或白板分析不需要 forge 验证
非 Solidity 项目：此流水线基于 Foundry，不适用于 Rust/Go/Python 审计
理论级发现：没有可运行 PoC 的发现标记为理论级，不进入验收流程
宝总明确说"先看看"时：探索阶段不触发正式验收

Overview

三级验收流水线，确保每个审计finding经过确定性验证后才作为交付物。

核心原则: 代码生成虽具概率性，但验证是确定性的。没有forge test PASS的finding不是交付物。

Three-Level Acceptance

Level 1: Self-Verification (forge test PASS)
Level 2: GitHub CI (automated, prevents skipping)
Level 3: Auditor Review (novelty, severity, quality)

Serial dependency: L1 → L2 → L3. Skipping levels = no verification.

Level 1: Self-Verification

Step-by-step

1. Read source code → identify suspicious pattern
2. Write finding description (draft)
3. Write Foundry PoC (.t.sol)
4. forge build → fix compilation errors (expect 2-3 rounds)
5. forge test → check result:
   - PASS + attack effect confirmed → REAL
   - PASS + attack effect = 0 → FALSE POSITIVE
   - FAIL (PoC bug) → fix PoC, retry
   - FAIL (code correct) → FALSE POSITIVE, discard
6. Quality self-assessment
7. Present to 宝总 for Level 3 decision

PoC Template

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.x;

import "forge-std/Test.sol";
import "../src/TargetContract.sol";

contract POC_FindingName is Test {
    TargetContract target;

    function setUp() public {
        // Deploy contracts
        // Setup state
    }

    function test_attack_succeeds() public {
        // Step 1: Setup attack prerequisites
        // Step 2: Execute attack
        // Step 3: Assert attack effect (NOT just that tx succeeds)
        assertGt(attackerProfit, 0, "Attack must produce profit");
    }
}

Common Pitfalls

vm.roll vs vm.warp: vm.roll changes block number only, use vm.warp for timestamp
StaleMessage: Some protocols check message freshness, set correct timestamp
NotTolled/Payable: Auth functions may require fee payment (e.g., kiss())
Unicode in Solidity: Replace —, → etc. with ASCII
Library paths: Check actual file location, not assumed paths
Virtual shares/balance: Protocol-specific virtual accounting can absorb rounding (Morpho lesson)
PASS ≠ correct: PoC passing doesn't mean finding is real — verify attack EFFECT, not just mechanism

Quality Self-Assessment Template

【提交前质量自评】
- Finding ID: [F-XX]
- Verification: [ ] Compiled [ ] forge test PASS [ ] Attack effect verified
- Severity: [H/M/L/I] — Rationale: [why this severity]
- Novelty: [New / Known / Duplicate] — Source if known: [link]
- Known limitations: [any caveats]

Level 2: GitHub CI (TODO)

Required Workflow

# .github/workflows/audit-test.yml
name: Audit PoC Tests
on: [push, pull_request]
jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: foundry-rs/foundry-toolchain@v1
      - run: forge test --match-path "test/POC_*.t.sol" -vv
      - run: forge build

Purpose

Prevents Level 1 from being skipped due to session termination or memory loss. Every push must pass forge test before PR can be submitted.

Level 3: Auditor Review

What auditors check (that forge test cannot)

Novelty: Is this a known finding? Check previous audit reports
Severity accuracy: Is Medium really Medium? (Sablier lesson: 2/5 overstated)
Impact quantification: Precise loss calculation, not qualitative
Report quality: Clear reproduction steps, code references, remediation
Protocol economics: DeFi-specific game theory, incentive analysis

Pre-submission checklist

forge test PASS (Level 1)
CI green on push (Level 2)
Checked previous audit reports for duplicates
Severity assessment justified with numbers
Impact quantified (not just "funds lost")
Report follows platform submission format
Presented to 宝总 for approval

Severity Assessment Guide

Severity	Criteria
HIGH	Direct fund loss, DoS of core function, permission escalation
MEDIUM	Indirect loss, constrained DoS, griefing with economic cost
LOW	Best practice violation, defense-in-depth, theoretical with no practical exploit
INFO	Code quality, documentation, no security impact

Common overestimation: If impact requires multiple unlikely conditions, downgrade one level. Common underestimation: If impact is systemic (affects all users), upgrade one level.

Lessons from Retrospective Verification (2026-03-31)

135 findings submitted, 0 verified → Cantina ban
29 findings retroactively verified: 28 real (96.6%), 1 FP (3.4%)
Code analysis capability is solid; verification layer was missing
False positive example: Morpho F-01 (virtual shares absorb rounding)
Severity overestimation example: Sablier F-03, F-05 (Medium → Low)
PoC compilation errors are normal, expect 2-3 rounds of fixes
forge test PASS ≠ finding correct, verify attack EFFECT not just mechanism

安全使用建议

This is primarily a procedural checklist for auditors: it tells you how to write and verify Foundry PoCs, set up a GitHub CI workflow, and perform human review. Before installing or automating this skill: - Clarify runtime dependencies: SKILL.md expects the Foundry toolchain (forge) and repository access, but the skill metadata lists no required binaries. Ensure Foundry is installed where the agent would run these steps. - Repository and CI access: the workflow operates on repo files and instructs adding a GitHub Actions workflow. If you allow an agent to run these steps, ensure it has only the minimum repo/CI permissions and that no sensitive secrets are exposed to test runs. - Review PoC code manually before executing: Forge tests often execute arbitrary smart-contract code from the repository; run tests in isolated environments and review PoC code to avoid running untrusted payloads or leaking keys. - If you need this skill to run fully automatically, request the publisher to update metadata to declare required binaries (forge/foundry) and any needed permissions; lacking that, treat the skill as an instruction-only checklist for human use. Confidence would increase to high if the publisher updated the metadata to list required binaries/permissions or provided an installer, or if they confirmed this is intentionally a documentation-only skill.

功能分析

Type: OpenClaw Skill Name: audit-verification-pipeline Version: 1.0.0 The skill bundle defines a legitimate three-level verification pipeline for smart contract auditing using the Foundry (forge) framework. It provides structured instructions for an AI agent to write PoCs, run tests, and perform quality assessments to ensure audit findings are valid. No indicators of data exfiltration, malicious execution, or harmful prompt injection were found in SKILL.md or the associated metadata.

能力评估

✓ Purpose & Capability

Name, description, and SKILL.md all describe a three-level audit verification pipeline (local Foundry PoC → GitHub CI → human auditor). The steps and artifacts in the instructions are coherent with the stated purpose.

ℹ Instruction Scope

Instructions ask humans (or an agent) to read repo source, write Foundry PoC tests, run `forge build`/`forge test`, add a GitHub Actions workflow, and check historical reports. That scope is appropriate for the pipeline, but it assumes access to repository files and the Foundry toolchain — the SKILL.md itself does not declare these runtime dependencies explicitly.

✓ Install Mechanism

Instruction-only skill with no install steps or code files; nothing will be written to disk by the skill package itself. This is low-risk. However, operational steps in SKILL.md rely on external tools (Foundry) that are not installed by the skill.

⚠ Credentials

The skill requests no environment variables or credentials, which is appropriate. But the SKILL.md presumes access to the repository and to GitHub CI; if an automated agent were given permissions to run these steps, it could interact with repo contents and CI — the skill metadata does not document those required permissions.

✓ Persistence & Privilege

Skill is not always-on and has no install hooks. It does not request persistent agent-level privileges or modify other skills. Autonomous invocation is allowed (platform default) but the workflow includes an explicit human approval step (level 3).

版本历史

v1.0.0

audit-verification-pipeline v1.0.0 – Initial release - Introduces a three-level audit finding verification pipeline: Self-verification (forge test), GitHub CI, and auditor review. - Ensures findings have working PoCs, automated test verification, and independent review before submission. - Provides clear decision flowcharts, quality self-assessment templates, and common PoC pitfalls. - Includes severity assessment and checklists to reduce false positives and over/underestimation. - Targets Solidity projects using Foundry; not applicable for code review without PoC or non-Solidity audits.

元数据

Slug audit-verification-pipeline

版本 1.0.0

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 1

常见问题