Skills
skills/clawdioioioioio/skills/evm-architect

evm-architect

SKILL.md

EVM Architect

Expert-level EVM development with security-first methodology.

Core Principle: Standards First

NEVER implement custom logic for something an EIP/ERC already covers.

Before designing ANY contract functionality:

  1. Search references/eip-index.md for existing standards
  2. Check https://eips.ethereum.org/all for latest
  3. Check https://ethereum-magicians.org for in-progress discussions

Implementing standards = interoperability + battle-tested + auditor familiarity.

Architecture Workflow

┌─────────────┐     ┌─────────────┐     ┌─────────────┐     ┌─────────────┐
│   DESIGN    │ ──▶ │    BUILD    │ ──▶ │   DEPLOY    │ ──▶ │   OPERATE   │
└─────────────┘     └─────────────┘     └─────────────┘     └─────────────┘

1. Design Phase

  • Check EIP/ERC index for existing standards
  • Threat model the system (see references/security/threat-models.md)
  • Consider economic attack vectors
  • Plan upgrade path if needed

2. Build Phase

  • Write Solidity with NatSpec documentation
  • Use Foundry for testing (fuzz + invariant + fork tests)
  • Run static analysis (Slither, Aderyn)
  • Achieve >95% branch coverage

3. Deploy Phase

  • Run pre-flight checklist (see references/checklists/pre-deploy.md)
  • Simulate on forked mainnet
  • Deploy via multi-sig
  • Verify on block explorers

4. Operate Phase

  • Set up monitoring (Forta, OZ Defender)
  • Have incident response plan ready
  • Monitor health factor / key metrics

Quick Reference

Foundry Commands

forge build                    # Compile
forge test -vvv                # Test with verbosity
forge test --match-test testX  # Run specific test
forge test --fork-url $RPC     # Fork testing
forge coverage                 # Coverage report
forge snapshot                 # Gas snapshot
forge script script/Deploy.s.sol --broadcast --verify  # Deploy

Security Scanning

slither .                      # Static analysis
aderyn .                       # Cyfrin's analyzer

Cast (CLI wallet)

cast call $ADDR "balanceOf(address)" $USER     # Read
cast send $ADDR "transfer(address,uint256)" $TO $AMT --private-key $PK  # Write
cast --to-wei 1 ether          # Unit conversion

References

Load these as needed:

Reference When to Use
references/eip-index.md Before implementing ANY functionality
references/evm-fundamentals.md Understanding gas, opcodes, storage
references/security/threat-models.md Design phase, auditing
references/security/audit-checklist.md Pre-audit, code review
references/testing-strategies.md Writing comprehensive tests
references/checklists/pre-deploy.md Before mainnet deployment
references/l2-differences.md Deploying to Arbitrum/OP/Base/zkSync
references/agentic/erc-8004.md Building agent-native protocols
references/agentic/x402.md Pay-per-request patterns

Key Security Patterns

Checks-Effects-Interactions

function withdraw(uint256 amount) external {
    // CHECKS
    require(balances[msg.sender] >= amount, "Insufficient");
    
    // EFFECTS
    balances[msg.sender] -= amount;
    
    // INTERACTIONS
    (bool success,) = msg.sender.call{value: amount}("");
    require(success, "Transfer failed");
}

Reentrancy Guard

uint256 private locked = 1;
modifier nonReentrant() {
    require(locked == 1, "Reentrant");
    locked = 2;
    _;
    locked = 1;
}

Access Control

// Prefer OpenZeppelin's AccessControl over simple onlyOwner
import {AccessControl} from "@openzeppelin/contracts/access/AccessControl.sol";

Common Vulnerabilities

  1. Reentrancy — Use CEI pattern, nonReentrant modifier
  2. Access Control — Never use tx.origin, implement proper roles
  3. Integer Overflow — Solidity 0.8+ has built-in checks
  4. Oracle Manipulation — Use TWAPs, multiple sources
  5. Flash Loan Attacks — Be aware of single-block manipulation
  6. Front-running — Commit-reveal, private mempools
  7. Signature Replay — Include nonces and chain ID (EIP-712)

Emerging Standards (Agentic)

ERC-8004: Trustless Agents

On-chain agent identity, reputation, and validation. The primitive for agent economies. See references/agentic/erc-8004.md

x402: HTTP Payments

Pay-per-request APIs using stablecoins. Enables agent-to-agent commerce. See references/agentic/x402.md

ERC-4337: Account Abstraction

Smart contract wallets with paymasters and bundlers. See references/eips/account-abstraction.md

Gas Optimization Tips

  1. Pack storage variables (multiple uint128 in one slot)
  2. Use calldata instead of memory for read-only arrays
  3. Cache storage reads in local variables
  4. Use unchecked for safe math operations
  5. Prefer != 0 over > 0 for unsigned integers
  6. Use custom errors instead of require strings

More Information

Weekly Installs
2
Repository
clawdioioioioio/skills
First Seen
Feb 9, 2026
Security Audits
Gen Agent Trust HubFail
SocketPass
SnykWarn
Installed on
openclaw2
mcpjam1
claude-code1
junie1
windsurf1
zencoder1