audit
EVM Smart Contract Audit
A full audit system for any EVM contract. Runs parallel specialist agents against domain-specific checklists, synthesizes findings, and files GitHub issues.
The Checklists
20 specialized skills covering every major vulnerability domain. Fetch the master index first:
https://raw.githubusercontent.com/austintgriffith/evm-audit-skills/main/evm-audit-master/SKILL.md
The master index contains:
- Full routing table (which skills to load for which contract types)
- The complete audit methodology (recon → parallel agents → synthesis → issues)
- Standard finding format with severity definitions
All 20 skill checklists are at:
https://raw.githubusercontent.com/austintgriffith/evm-audit-skills/main/<skill-name>/references/checklist.md
Skills Available
| Skill | When to Load |
|---|---|
evm-audit-general |
Always |
evm-audit-precision-math |
Always |
evm-audit-erc20 |
Contract interacts with ERC20 tokens |
evm-audit-defi-amm |
AMM, DEX, Uniswap V3/V4, liquidity pools |
evm-audit-defi-lending |
Lending, borrowing, CDP, liquidations |
evm-audit-defi-staking |
Staking, liquid staking, restaking, EigenLayer |
evm-audit-erc4626 |
Vaults, share/asset conversion |
evm-audit-erc4337 |
Account abstraction, paymasters, session keys |
evm-audit-bridges |
Cross-chain, LayerZero, CCIP, Wormhole |
evm-audit-proxies |
Upgradeable contracts, UUPS, Transparent, Diamond |
evm-audit-signatures |
Off-chain signatures, EIP-712, permits |
evm-audit-governance |
DAO voting, timelocks, multi-sig |
evm-audit-oracles |
Chainlink, TWAP, Pyth, price feeds |
evm-audit-assembly |
Inline assembly, Yul, CREATE2 |
evm-audit-chain-specific |
Non-mainnet: Arbitrum, OP, zkSync, Blast, BSC |
evm-audit-flashloans |
Flash loan attack vectors |
evm-audit-erc721 |
NFTs, ERC721, ERC1155 |
evm-audit-dos |
DoS, unbounded loops, gas griefing |
evm-audit-access-control |
Ownership, roles, centralization risks |
How To Run An Audit
- Fetch the master skill (link above) — it has the full pipeline
- Read the contract(s)
- Select 5-8 skills using the routing table
- Spawn one opus sub-agent per skill (parallel)
- Each agent walks its checklist and writes
findings-<skill>.md - Synthesize all findings into
AUDIT-REPORT.md - File GitHub issues for Medium severity and above
Invocation
Audit this contract and file issues: https://github.com/owner/repo/blob/main/contracts/Foo.sol
Checklists: https://raw.githubusercontent.com/austintgriffith/evm-audit-skills/main/evm-audit-master/SKILL.md
Sources
Built from research by Dacian, beirao.xyz, Sigma Prime, RareSkills, Decurity, weird-erc20, Spearbit, Hacken, OpenZeppelin, Cyfrin, and more. Full attribution: https://github.com/austintgriffith/evm-audit-skills#attribution--thanks
More from austintgriffith/ethskills
ethskills
Use when a request involves Ethereum, the EVM, or blockchain systems. Applies to building, auditing, deploying, or interacting with smart contracts, dApps, wallets, or DeFi protocols. Covers Solidity development, contract addresses, token standards (ERC-20, ERC-721, ERC-4626, etc.), Layer 2 networks (Base, Arbitrum, Optimism, zkSync, Polygon), and integrations with DeFi protocols such as Uniswap, Aave, and Curve. Includes topics such as gas costs, contract decimals, oracle safety, reentrancy, MEV, bridging, wallets, querying data from onchain, production deployment, and protocol evolution (EIP lifecycle, fork tracking, upcoming changes).
1.1Kindexing
How to read and query onchain data — events, The Graph, indexing patterns. Why you cannot just loop through blocks, and what to use instead.
38building-blocks
DeFi legos and protocol composability on Ethereum and L2s. Major protocols per chain — Aerodrome on Base, GMX/Pendle on Arbitrum, Velodrome on Optimism — plus mainnet primitives (Uniswap, Aave, Compound, Curve). How they work, how to build on them, and how to combine them. Use when building DeFi integrations, choosing protocols on a specific L2, designing yield strategies, or composing existing protocols into something new.
38standards
Ethereum token and protocol standards — ERC-20, ERC-721, ERC-1155, ERC-4337, ERC-8004, and newer standards. When to use each, how they work, key interfaces. Use when building tokens, NFTs, or choosing the right standard for a project.
37gas
Current Ethereum gas prices, transaction costs, and the real economics of building on Ethereum today. Use when estimating costs, choosing between mainnet and L2s, or when a user asks about Ethereum being expensive. Counters the #1 misconception that Ethereum is expensive to use.
36l2s
Ethereum Layer 2 landscape — Arbitrum, Optimism, Base, zkSync, Scroll, Unichain, Celo, and more. How they work, how to deploy on them, how to bridge, when to use which. Includes per-chain DeFi ecosystems and critical corrections. Use when choosing an L2, deploying cross-chain, or when a user asks about Ethereum scaling.
36