Back to Details

audit

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

EVM Smart Contract Audit

EVM智能合约审计

A full audit system for any EVM contract. Runs parallel specialist agents against domain-specific checklists, synthesizes findings, and files GitHub issues.
面向任意EVM合约的完整审计系统。运行并行专业Agent对照特定领域检查清单执行审计,综合审计结果,并提交GitHub issue。

The Checklists

检查清单

20 specialized skills covering every major vulnerability domain. Fetch the master index first:
https://raw.githubusercontent.com/austintgriffith/evm-audit-skills/main/evm-audit-master/SKILL.md
The master index contains:
  • Full routing table (which skills to load for which contract types)
  • The complete audit methodology (recon → parallel agents → synthesis → issues)
  • Standard finding format with severity definitions
All 20 skill checklists are at:
https://raw.githubusercontent.com/austintgriffith/evm-audit-skills/main/<skill-name>/references/checklist.md
覆盖所有主流漏洞领域的20项专业技能。请先获取主索引:
https://raw.githubusercontent.com/austintgriffith/evm-audit-skills/main/evm-audit-master/SKILL.md
主索引包含:
  • 完整路由表(不同合约类型对应加载的技能清单)
  • 完整审计方法论(侦查 → 并行Agent执行 → 结果综合 → 问题提交)
  • 带严重程度定义的标准结果输出格式
所有20项技能检查清单的地址格式为:
https://raw.githubusercontent.com/austintgriffith/evm-audit-skills/main/<skill-name>/references/checklist.md

Skills Available

可用技能

SkillWhen to Load
evm-audit-general
Always
evm-audit-precision-math
Always
evm-audit-erc20
Contract interacts with ERC20 tokens
evm-audit-defi-amm
AMM, DEX, Uniswap V3/V4, liquidity pools
evm-audit-defi-lending
Lending, borrowing, CDP, liquidations
evm-audit-defi-staking
Staking, liquid staking, restaking, EigenLayer
evm-audit-erc4626
Vaults, share/asset conversion
evm-audit-erc4337
Account abstraction, paymasters, session keys
evm-audit-bridges
Cross-chain, LayerZero, CCIP, Wormhole
evm-audit-proxies
Upgradeable contracts, UUPS, Transparent, Diamond
evm-audit-signatures
Off-chain signatures, EIP-712, permits
evm-audit-governance
DAO voting, timelocks, multi-sig
evm-audit-oracles
Chainlink, TWAP, Pyth, price feeds
evm-audit-assembly
Inline assembly, Yul, CREATE2
evm-audit-chain-specific
Non-mainnet: Arbitrum, OP, zkSync, Blast, BSC
evm-audit-flashloans
Flash loan attack vectors
evm-audit-erc721
NFTs, ERC721, ERC1155
evm-audit-dos
DoS, unbounded loops, gas griefing
evm-audit-access-control
Ownership, roles, centralization risks
技能加载时机
evm-audit-general
始终加载
evm-audit-precision-math
始终加载
evm-audit-erc20
合约与ERC20代币交互的场景
evm-audit-defi-amm
AMM、DEX、Uniswap V3/V4、流动性池相关场景
evm-audit-defi-lending
借贷、CDP、清算相关场景
evm-audit-defi-staking
质押、流动性质押、再质押、EigenLayer相关场景
evm-audit-erc4626
金库、份额/资产转换相关场景
evm-audit-erc4337
账户抽象、付费方、会话密钥相关场景
evm-audit-bridges
跨链、LayerZero、CCIP、Wormhole相关场景
evm-audit-proxies
可升级合约、UUPS、透明代理、钻石代理相关场景
evm-audit-signatures
链下签名、EIP-712、permit相关场景
evm-audit-governance
DAO投票、时间锁、多签相关场景
evm-audit-oracles
Chainlink、TWAP、Pyth、价格喂送相关场景
evm-audit-assembly
内联汇编、Yul、CREATE2相关场景
evm-audit-chain-specific
非主网场景:Arbitrum、OP、zkSync、Blast、BSC
evm-audit-flashloans
闪电贷攻击向量相关场景
evm-audit-erc721
NFT、ERC721、ERC1155相关场景
evm-audit-dos
DoS、无边界循环、gas消耗攻击相关场景
evm-audit-access-control
所有权、角色、中心化风险相关场景

How To Run An Audit

如何执行审计

  1. Fetch the master skill (link above) — it has the full pipeline
  2. Read the contract(s)
  3. Select 5-8 skills using the routing table
  4. Spawn one opus sub-agent per skill (parallel)
  5. Each agent walks its checklist and writes 
    findings-<skill>.md
  6. Synthesize all findings into 
    AUDIT-REPORT.md
  7. File GitHub issues for Medium severity and above
  1. 获取主技能(链接如上)——它包含完整流程
  2. 读取合约代码
  3. 参照路由表选择5-8项技能
  4. 为每项技能生成一个opus子Agent(并行执行)
  5. 每个Agent对照其检查清单执行审计,输出
    findings-<skill>.md
    文件
  6. 将所有审计结果综合到
    AUDIT-REPORT.md
    文件中
  7. 为中等及以上严重级别的问题提交GitHub issue

Invocation

调用示例

Audit this contract and file issues: https://github.com/owner/repo/blob/main/contracts/Foo.sol
Checklists: https://raw.githubusercontent.com/austintgriffith/evm-audit-skills/main/evm-audit-master/SKILL.md
Audit this contract and file issues: https://github.com/owner/repo/blob/main/contracts/Foo.sol
Checklists: https://raw.githubusercontent.com/austintgriffith/evm-audit-skills/main/evm-audit-master/SKILL.md

Sources

来源

Built from research by Dacian, beirao.xyz, Sigma Prime, RareSkills, Decurity, weird-erc20, Spearbit, Hacken, OpenZeppelin, Cyfrin, and more. Full attribution: https://github.com/austintgriffith/evm-audit-skills#attribution--thanks
基于Dacian、beirao.xyz、Sigma Prime、RareSkills、Decurity、weird-erc20、Spearbit、Hacken、OpenZeppelin、Cyfrin等机构/个人的研究构建。 完整致谢:https://github.com/austintgriffith/evm-audit-skills#attribution--thanks