analyzing-ethereum-smart-contract-vulnerabilities
$
npx mdskill add mukul975/Anthropic-Cybersecurity-Skills/analyzing-ethereum-smart-contract-vulnerabilitiesAudit Solidity code by running static and symbolic analysis to find critical contract flaws.
- Detect common flaws like reentrancy, overflows, and access control issues.
- Integrates Slither and Mythril for comprehensive code inspection.
- Analyzes findings, triages results by severity, and generates reports.
- Delivers structured audit reports detailing detected security weaknesses.
SKILL.md
.github/skills/analyzing-ethereum-smart-contract-vulnerabilitiesView on GitHub ↗
--- name: analyzing-ethereum-smart-contract-vulnerabilities description: Perform static and symbolic analysis of Solidity smart contracts using Slither and Mythril to detect reentrancy, integer overflow, access control, and other vulnerability classes before deployment to Ethereum mainnet. domain: cybersecurity subdomain: blockchain-security tags: [ethereum, solidity, smart-contract, slither, mythril, blockchain, defi, audit] version: "1.0" author: mahipal license: Apache-2.0 --- # Analyzing Ethereum Smart Contract Vulnerabilities ## Overview Smart contract vulnerabilities have led to billions of dollars in losses across DeFi protocols. Unlike traditional software, deployed smart contracts are immutable and handle real financial assets, making pre-deployment security analysis critical. Slither performs fast static analysis using an intermediate representation to detect over 90 vulnerability patterns in seconds, while Mythril uses symbolic execution and SMT solving to discover complex execution path vulnerabilities like reentrancy and integer overflows. This skill covers running both tools against Solidity contracts, interpreting results, triaging findings by severity, and generating audit reports. ## When to Use - When investigating security incidents that require analyzing ethereum smart contract vulnerabilities - When building detection rules or threat hunting queries for this domain - When SOC analysts need structured procedures for this analysis type - When validating security monitoring coverage for related attack techniques ## Prerequisites - Python 3.10+ with pip - Slither (pip install slither-analyzer) and solc compiler - Mythril (pip install mythril) with solc-select for compiler version management - Solidity source code or compiled contract bytecode - Foundry or Hardhat development framework (optional, for project-level analysis) ## Steps ### Step 1: Run Slither Static Analysis Execute Slither against the contract codebase to identify vulnerability patterns, optimization opportunities, and code quality issues using its 90+ built-in detectors. ### Step 2: Run Mythril Symbolic Execution Run Mythril deep analysis to explore execution paths and discover reentrancy, unchecked external calls, and arithmetic vulnerabilities that require path-sensitive analysis. ### Step 3: Triage and Correlate Findings Combine results from both tools, deduplicate findings, assess severity based on exploitability and financial impact, and filter false positives. ### Step 4: Generate Audit Report Produce a structured audit report with vulnerability descriptions, affected code locations, exploit scenarios, and remediation recommendations. ## Expected Output JSON report listing vulnerabilities with SWC (Smart Contract Weakness Classification) identifiers, severity ratings, affected functions, and suggested fixes.
More from mukul975/Anthropic-Cybersecurity-Skills
- acquiring-disk-image-with-dd-and-dcflddCreate forensically sound bit-for-bit disk images using dd and dcfldd while preserving evidence integrity through hash verification.
- analyzing-active-directory-acl-abuseDetect dangerous ACL misconfigurations in Active Directory using ldap3 to identify GenericAll, WriteDACL, and WriteOwner abuse paths
- analyzing-android-malware-with-apktoolPerform static analysis of Android APK malware samples using apktool for decompilation, jadx for Java source recovery, and androguard for permission analysis, manifest inspection, and suspicious API call detection.
- analyzing-api-gateway-access-logs>
- analyzing-apt-group-with-mitre-navigatorAnalyze advanced persistent threat (APT) group techniques using MITRE ATT&CK Navigator to create layered heatmaps of adversary TTPs for detection gap analysis and threat-informed defense.
- analyzing-azure-activity-logs-for-threats>
- analyzing-bootkit-and-rootkit-samples>
- analyzing-browser-forensics-with-hindsightAnalyze Chromium-based browser artifacts using Hindsight to extract browsing history, downloads, cookies, cached content, autofill data, saved passwords, and browser extensions from Chrome, Edge, Brave, and Opera for forensic investigation.
- analyzing-campaign-attribution-evidenceCampaign attribution analysis involves systematically evaluating evidence to determine which threat actor or group is responsible for a cyber operation. This skill covers collecting and weighting attr
- analyzing-certificate-transparency-for-phishingMonitor Certificate Transparency logs using crt.sh and Certstream to detect phishing domains, lookalike certificates, and unauthorized certificate issuance targeting your organization.