solidity-dev skill

---
name: solidity-dev
description: Complete Solidity smart contract development - building, testing, gas optimization, and security scanning. Use this skill for .sol files, Foundry commands, deployment scripts, gas analysis, or security review.
---

# Solidity Development

Comprehensive skill for EVM/Solidity smart contract development, combining build/test workflows, gas optimization, and security analysis.

## When This Skill Activates

- Working on `.sol` files
- Running Foundry commands (forge, cast, anvil)
- Contract deployment or testing
- ABI or interface changes
- Gas optimization tasks
- Security review or pre-audit preparation

## Scope

- Solidity contracts (core protocol)
- Foundry tests and scripts
- Deployment scripts
- Contract interfaces and ABIs
- Gas analysis and optimization
- Security scanning (Slither)

---

## Part 1: Development Workflows

### Build & Test

```bash
forge build
forge test
forge test -vvv  # verbose
forge test --match-test "testSpecificFunction"
forge test --match-path test/SomeContract.t.sol
```

### Deploy

```bash
forge script script/Deploy.s.sol --broadcast --rpc-url $RPC_URL
```

### After Contract Changes

1. Update interface if signature changed
2. Rebuild ABIs: `forge build`
3. Run tests: `forge test`
4. Sync to frontend if needed

### Code Standards

- Use OpenZeppelin for standard patterns
- Custom errors over require strings
- Events for all state changes
- NatSpec comments on public functions
- WAD math (1e18) for precision, convert at boundaries

---

## Part 2: Gas Optimization

### Gas Analysis Commands

```bash
# Create baseline snapshot
forge snapshot --snap .gas-baseline

# Run gas report
forge test --gas-report

# Compare against baseline
forge snapshot --diff .gas-baseline

# Check specific function
forge test --match-test test_PlaceOrder --gas-report -vvv

# Storage layout analysis
forge inspect ContractName storage-layout --pretty
```

### Optimization Patterns

| Pattern | Savings | Example |
|---------|---------|---------|
| **Storage Packing** | ~20,000 gas/slot | Combine `uint128 + uint128` into single slot |
| **Calldata vs Memory** | ~60 gas/word | Use `calldata` for read-only arrays |
| **Unchecked Math** | ~40 gas/op | Use `unchecked {}` when overflow impossible |
| **Cache Storage** | ~100 gas/read | `uint256 cached = storageVar;` |
| **Short-circuit** | Variable | Put cheaper checks first in `require` |
| **Avoid Zero Init** | ~3 gas/var | Don't initialize to default values |

### Gas Optimization Checklist

- [ ] Storage variables packed efficiently
- [ ] Hot path functions use `calldata` for arrays
- [ ] Loops have `unchecked` increments
- [ ] Storage reads cached in local variables
- [ ] No redundant zero-initializations
- [ ] Short-circuit conditions ordered by cost

### Anti-Patterns

- Don't optimize cold paths at expense of readability
- Don't use `assembly` unless savings > 1000 gas
- Don't sacrifice security for gas savings

---

## Part 3: Security Analysis

### Slither Commands

```bash
# Full analysis
slither . --config-file slither.config.json

# Target specific contract
slither src/ContractName.sol

# Generate JSON report
slither . --json slither-report.json

# Run specific detector
slither . --detect reentrancy-eth

# Function summary
slither . --print function-summary
```

### High-Severity Detectors

| Detector | Severity | Description |
|----------|----------|-------------|
| `reentrancy-eth` | HIGH | Reentrancy with ETH transfer |
| `reentrancy-no-eth` | HIGH | Reentrancy without ETH |
| `arbitrary-send-eth` | HIGH | Arbitrary ETH destination |
| `controlled-delegatecall` | HIGH | Delegatecall to user input |
| `suicidal` | HIGH | Selfdestruct with user control |
| `uninitialized-state` | HIGH | Uninitialized state variables |

### Security Checklist

#### Access Control
- [ ] All external functions have proper modifiers
- [ ] Owner/admin functions protected
- [ ] Role-based access properly enforced

#### Reentrancy
- [ ] CEI pattern followed (Checks-Effects-Interactions)
- [ ] External calls after state updates
- [ ] ReentrancyGuard on vulnerable functions

#### Math & Validation
- [ ] Arithmetic checked or intentionally unchecked
- [ ] Division by zero protected
- [ ] Zero address checks
- [ ] Array bounds checked

### Common Vulnerability Patterns

#### Reentrancy
```solidity
// VULNERABLE
function withdraw() external {
    uint256 amount = balances[msg.sender];
    (bool success,) = msg.sender.call{value: amount}("");
    balances[msg.sender] = 0; // State update AFTER external call
}

// FIXED
function withdraw() external nonReentrant {
    uint256 amount = balances[msg.sender];
    balances[msg.sender] = 0; // State update BEFORE external call
    (bool success,) = msg.sender.call{value: amount}("");
}
```

#### Access Control
```solidity
// VULNERABLE
function setPrice(uint256 price) external {
    currentPrice = price; // No access control
}

// FIXED
function setPrice(uint256 price) external onlyOwner {
    currentPrice = price;
}
```

### DeFi-Specific Checks

- [ ] No same-block price dependencies (flash loan risk)
- [ ] Slippage protection on swaps
- [ ] Commit-reveal for sensitive ops
- [ ] Deadline parameters respected
- [ ] Oracle manipulation protected (use TWAP/Chainlink)

---

## Audit Preparation Checklist

- [ ] `forge build` compiles without warnings
- [ ] `forge test` passes with >80% coverage
- [ ] Slither runs clean (or issues documented)
- [ ] All external functions documented (NatSpec)
- [ ] Access control matrix documented
- [ ] Invariant tests pass
- [ ] Dependencies audited/pinned