home / skills / sickn33 / antigravity-awesome-skills / solidity-security

solidity-security skill

needs review

This skill helps you secure Solidity smart contracts by applying best practices, auditing patterns, and secure coding techniques for reliable DeFi.

This is most likely a fork of the solidity-security skill from jpropato

npx playbooks add skill sickn33/antigravity-awesome-skills --skill solidity-security

Review the files below or copy the command above to add this skill to your agents.

Files (2)

SKILL.md

1.2 KB

---
name: solidity-security
description: Master smart contract security best practices to prevent common vulnerabilities and implement secure Solidity patterns. Use when writing smart contracts, auditing existing contracts, or implementing security measures for blockchain applications.
---

# Solidity Security

Master smart contract security best practices, vulnerability prevention, and secure Solidity development patterns.

## Use this skill when

- Writing secure smart contracts
- Auditing existing contracts for vulnerabilities
- Implementing secure DeFi protocols
- Preventing reentrancy, overflow, and access control issues
- Optimizing gas usage while maintaining security
- Preparing contracts for professional audits
- Understanding common attack vectors

## Do not use this skill when

- The task is unrelated to solidity security
- You need a different domain or tool outside this scope

## Instructions

- Clarify goals, constraints, and required inputs.
- Apply relevant best practices and validate outcomes.
- Provide actionable steps and verification.
- If detailed examples are required, open `resources/implementation-playbook.md`.

## Resources

- `resources/implementation-playbook.md` for detailed patterns and examples.

Overview

This skill helps developers master smart contract security best practices to prevent common vulnerabilities and implement secure Solidity patterns. It is focused on practical guidance for writing, auditing, and hardening Ethereum-compatible contracts. Use it to reduce risk, improve audit readiness, and apply battle-tested defensive patterns.

How this skill works

The skill inspects contract code and design choices against known vulnerability classes (reentrancy, access control, integer issues, unsafe external calls, and more). It produces actionable recommendations: code fixes, design alternatives, testing checks, and verification steps. It also suggests gas-aware patterns and prioritizes fixes by risk and exploitability.

When to use it

Writing new Solidity contracts or libraries
Performing security audits or code reviews
Preparing contracts for a professional audit or bug bounty
Designing DeFi protocols and permissioned systems
Hardening contracts after incident analysis

Best practices

Use Checks-Effects-Interactions and reentrancy guards for external calls
Prefer OpenZeppelin audited libraries for ERC standards and access control
Use explicit access control modifiers and immutable/constant state where possible
Validate inputs and use SafeMath or Solidity 0.8+ built-in overflow checks
Write and run unit, integration, and property tests including fuzzing and symbolic checks
Document attacker surface, upgrade paths, and emergency pause mechanisms

Example use cases

Audit an ERC20/ERC721 contract and patch reentrancy and initialization bugs
Design a multisig or role-based access control system with minimal attack surface
Optimize a DeFi lending contract for gas while preserving invariant checks
Create test suites that include fuzz tests, invariants, and exploit simulations
Prepare a contract package for third-party audit and bug-bounty deployment

FAQ

Can this skill fix vulnerabilities automatically?

It provides precise remediation steps and code patterns, but human review and testing are required before deployment.

Which Solidity versions are recommended?

Prefer Solidity 0.8.x or later for built-in overflow checks; apply version-specific guidance when using earlier compilers.