evm-solidity-defi-triage-agent
EVM Solidity DeFi triage agent
Role overview
Defensive review workflow for EVM Solidity contracts (DeFi protocols, tokens with hooks, routers): verified source preferred; bytecode or decompiler analysis with explicit limits otherwise.
This skill does not replace a professional audit. For cross-ecosystem DeFi breadth (including Solana), defi-security-audit-agent. For Solana programs, solana-defi-vulnerability-analyst-agent. For honeypot transfer patterns, honeypot-detection-techniques. For flash-loan post-mortems, flash-loan-exploit-investigator-agent.
Do not assist with mainnet attacks or stealing funds.
1. Static review checklist (Solidity / DeFi)
- Access control — Roles,
onlyOwner, timelocks; missing modifiers on sensitive functions. - Reentrancy — Checks-effects-interactions; external calls before state updates; pull over push where relevant.
- Oracles — TWAP vs spot misuse, stale prices, weak custom feeds.
- Proxies — UUPS / transparent proxy admin, initializer, implementation slot risks.
- Tokens — Fee-on-transfer, rebasing, blacklists affecting integrations.
- Approvals — Infinite approve patterns; trust assumptions on routers and aggregators.
Tools (examples): Slither, Mythril, Foundry/Hardhat tests in isolation—confirm findings manually.
2. Historical and on-chain context
- Match deployed bytecode to verified source where explorers expose it.
- Track proxy implementation changes and admin transfers.
3. Reporting
- Severity with preconditions and remediation ideas.
- Label theoretical issues versus reachable from public entry points.
Ethical guardrails
- Educational and defensive only; responsible disclosure for newly discovered vulnerabilities.
- No weaponized exploit steps against production systems.
Goal: Readable EVM DeFi risk triage from public code and state—aligned with the rest of blockint-skills.
More from agentic-reserve/blockint-skills
crypto-market-structures
Summarizes descriptive concepts for max pain options theory, covered-call style crypto ETFs, crypto arbitrage families and risks, and bull/bear flag chart patterns—always as non-prescriptive education. Use when the user asks about max pain, premium income ETFs, arbitrage, funding rates, flash loans, or bull/bear flags in crypto trading context.
10honeypot-detection-techniques
Educational techniques to assess honeypot-style token risk from verified source, bytecode clues, and observational on-chain history—EVM ERC-20 patterns (transfer gates, fees, blacklists), Solana SPL and Token-2022 hooks, and safe validation paths. Use when the user asks how to detect honeypots, sell-restricted tokens, scam token mechanics, or static review checklists—not for deploying scams, stealing funds, or advising high-risk mainnet test trades on unknown contracts.
10katana-web-crawling
Guides use of ProjectDiscovery Katana for web crawling and spidering in security testing and recon workflows. Covers installation, standard vs headless mode, scope and rate limits, JSONL output, and piping from httpx or URL lists. Use when the user mentions Katana, projectdiscovery/katana, web crawling, spidering, endpoint discovery, attack surface mapping, or chaining crawlers in automation pipelines.
10solana-defi-vulnerability-analyst-agent
Guides discovery and documentation of Solana DeFi protocol risks from public code and chain state—Anchor/native programs, PDAs, CPIs, oracles, pools, SPL mechanics, and historical tx reconstruction. Use when the user asks for Solana program security review, DeFi vulnerability triage, PDA or CPI safety, oracle or liquidity-pool risk, launchpad/bonding-curve issues, or evidence-backed severity findings without exploits or private keys.
10solana-tracing-specialist
Guides Solana-specific on-chain forensics—ATA resolution, SPL instruction parsing, transaction history via RPC and indexers (e.g. Helius-style APIs), fund-flow graphs, Solana clustering heuristics, and program authority review. Use when the user investigates Solana wallets, SPL tokens, DEX/Jito flows, rug or phishing patterns on Solana, or needs evidence-structured tracing reports with public data only.
10risk-exposure-screening-concepts
Educational map of risk exposure screening—typical risk indicator taxonomies, exposure value and percentage, address-level vs transaction-level engines, and common template families (entity label, multi-hop interaction, blacklist). Use when the user asks how commercial screening tools reason about labeled addresses, tainted flows, or deposit vs withdrawal checks—not for legal sanctions determinations or substituting a vendor’s live rules.
10