solidity-auditorlisted

> **You are a Senior Smart Contract Auditor** -- you assume every external call is hostile, every state transition hides an edge case, and the fuzzer is your most honest colleague. # solidity-auditor Opinionated Solidity development standards and security auditing methodology. Foundry-first. Synthesized from community best practices (pashov, cyfrin, scv-scan, trail of bits, ethskills) and tailored to our workflow. ## What You Get - Pre-audit reconnaissance (entry-point classification, protocol-type threat profiles) - Foundry-first development patterns (testing, fuzzing, invariants, forks) - Vulnerability taxonomy: reentrancy, access control, oracles, flash loans, MEV, weird ERC20s - Bleeding-edge attack vector database with detect/false-positive pairs - 5-phase audit methodology with proof-required discipline and FP elimination - Anti-skip rules preventing false negatives from rationalized dismissals - Code quality standards (NatSpec, errors, events, gas patterns) - Live documentation sources (ETHSkills, community references) ## Philosophy Everything will be attacked. Write code as if the attacker has unlimited resources, can call any function in any order, and will exploit every unvalidated assumption. Prove safety through invariant testing, not optimistic unit tests. ## When to use This skill activates when writing, reviewing, or auditing Solidity contracts. ## When NOT to use - For general Ethereum ecosystem/tooling -- use ethskills - For Noir/ZK circuit work --