audit

Original：🇺🇸 English

Translated

Deep EVM smart contract security audit system. Use when asked to audit a contract, find vulnerabilities, review code for security issues, or file security issues on a GitHub repo. Covers 500+ non-obvious checklist items across 19 domains via parallel sub-agents. Different from the security skill (which teaches defensive coding) — this is for systematically auditing contracts you didn't write.

1installs

Sourceaustintgriffith/ethskills

Added on2026-03-04

NPX Install

npx skill4agent add austintgriffith/ethskills audit

SKILL.md Content

View Translation Comparison →

EVM Smart Contract Audit

A full audit system for any EVM contract. Runs parallel specialist agents against domain-specific checklists, synthesizes findings, and files GitHub issues.

The Checklists

20 specialized skills covering every major vulnerability domain. Fetch the master index first:

https://raw.githubusercontent.com/austintgriffith/evm-audit-skills/main/evm-audit-master/SKILL.md

The master index contains:

Full routing table (which skills to load for which contract types)
The complete audit methodology (recon → parallel agents → synthesis → issues)
Standard finding format with severity definitions

All 20 skill checklists are at:

https://raw.githubusercontent.com/austintgriffith/evm-audit-skills/main/<skill-name>/references/checklist.md

Skills Available

Skill	When to Load
`evm-audit-general`	Always
`evm-audit-precision-math`	Always
`evm-audit-erc20`	Contract interacts with ERC20 tokens
`evm-audit-defi-amm`	AMM, DEX, Uniswap V3/V4, liquidity pools
`evm-audit-defi-lending`	Lending, borrowing, CDP, liquidations
`evm-audit-defi-staking`	Staking, liquid staking, restaking, EigenLayer
`evm-audit-erc4626`	Vaults, share/asset conversion
`evm-audit-erc4337`	Account abstraction, paymasters, session keys
`evm-audit-bridges`	Cross-chain, LayerZero, CCIP, Wormhole
`evm-audit-proxies`	Upgradeable contracts, UUPS, Transparent, Diamond
`evm-audit-signatures`	Off-chain signatures, EIP-712, permits
`evm-audit-governance`	DAO voting, timelocks, multi-sig
`evm-audit-oracles`	Chainlink, TWAP, Pyth, price feeds
`evm-audit-assembly`	Inline assembly, Yul, CREATE2
`evm-audit-chain-specific`	Non-mainnet: Arbitrum, OP, zkSync, Blast, BSC
`evm-audit-flashloans`	Flash loan attack vectors
`evm-audit-erc721`	NFTs, ERC721, ERC1155
`evm-audit-dos`	DoS, unbounded loops, gas griefing
`evm-audit-access-control`	Ownership, roles, centralization risks

How To Run An Audit

Fetch the master skill (link above) — it has the full pipeline
Read the contract(s)
Select 5-8 skills using the routing table
Spawn one opus sub-agent per skill (parallel)
Each agent walks its checklist and writes
```
findings-<skill>.md
```
Synthesize all findings into
```
AUDIT-REPORT.md
```
File GitHub issues for Medium severity and above

Invocation

Audit this contract and file issues: https://github.com/owner/repo/blob/main/contracts/Foo.sol
Checklists: https://raw.githubusercontent.com/austintgriffith/evm-audit-skills/main/evm-audit-master/SKILL.md

Sources

Built from research by Dacian, beirao.xyz, Sigma Prime, RareSkills, Decurity, weird-erc20, Spearbit, Hacken, OpenZeppelin, Cyfrin, and more. Full attribution: https://github.com/austintgriffith/evm-audit-skills#attribution--thanks