solidity-security_skill

This skill helps you write secure smart contracts by applying best practices to prevent reentrancy, overflows, and access control issues.
  • TypeScript

0

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill jpropato/ssg-santalucia --skill solidity-security

  • SKILL.md13.8 KB

Overview

This skill teaches smart contract security best practices for Solidity, focusing on preventing common vulnerabilities and applying secure patterns. It helps developers write, audit, and harden contracts for production-grade blockchain applications. Practical patterns, checklists, and testing guidance are included to prepare contracts for audits and reduce risk.

How this skill works

The skill inspects critical attack surfaces such as reentrancy, integer overflow/underflow, access control, and front-running, and it prescribes secure patterns like Checks-Effects-Interactions, pull-over-push, and role-based access. It also covers gas optimizations that maintain security, testing strategies with Hardhat, and tools for static analysis and fuzzing. Users get concrete code patterns, a vulnerability checklist, and audit preparation tips.

When to use it

  • When writing new smart contracts for production
  • During security audits or code reviews of existing contracts
  • When designing DeFi protocols or payment flows
  • To harden contracts against reentrancy, overflow, or access control flaws
  • When preparing contracts for third-party professional audits
  • When optimizing gas without sacrificing security

Best practices

  • Apply Checks-Effects-Interactions and update state before external calls
  • Use Solidity 0.8+ or SafeMath to prevent integer overflow/underflow
  • Enforce strict access control with Ownable or role-based patterns
  • Prefer pull-over-push for payments and use ReentrancyGuard where needed
  • Pin Solidity pragma, emit events for state changes, and avoid tx.origin for auth
  • Run static analysis (Slither, Mythril) and fuzzing/symbolic tests (Echidna, Manticore)

Example use cases

  • Implementing a secure token transfer contract with built-in overflow checks
  • Designing a DeFi lending pool resistant to reentrancy and front-running
  • Preparing a contract suite for a professional security audit with documentation and tests
  • Converting batch payment logic to pull-based withdrawals to avoid failed distribution rollback
  • Optimizing storage layout and calldata usage to reduce gas while retaining safety

FAQ

Update user state before external calls (Checks-Effects-Interactions) and/or use OpenZeppelin ReentrancyGuard with nonReentrant modifiers.

Is overflow still a concern in modern Solidity?

Solidity 0.8+ includes built-in overflow/underflow checks. For older versions, use SafeMath and audit math-heavy logic.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational