cairo-vulnerability-scanner

# Cairo/StarkNet Vulnerability Scanner ## 1. Purpose Systematically scan Cairo smart contracts on StarkNet for platform-specific security vulnerabilities related to arithmetic, cross-layer messaging, and cryptographic operations. This skill encodes 6 critical vulnerability patterns unique to Cairo/StarkNet ecosystem. ## 2. When to Use This Skill - Auditing StarkNet smart contracts (Cairo) - Reviewing L1-L2 bridge implementations - Pre-launch security assessment of StarkNet applications - Validating cross-layer message handling - Reviewing signature verification logic - Assessing L1 handler functions ## 3. Platform Detection ### File Extensions & Indicators - **Cairo files**: `.cairo` ### Language/Framework Markers ```rust // Cairo contract indicators #[contract] mod MyContract { use starknet::ContractAddress; #[storage] struct Storage { balance: LegacyMap<ContractAddress, felt252>, } #[external(v0)] fn transfer(ref self: ContractState, to: ContractAddress, amount: felt252) { // Contract logic } #[l1_handler] fn handle_deposit(ref self: ContractState, from_address: felt252, amount: u256) { // L1 message handler } } // Common patterns felt252, u128, u256 ContractAddress, EthAddress #[external(v0)], #[l1_handler], #[constructor] get_caller_address(), get_contract_address() send_message_to_l1_syscall ``` ### Project Structure - `src/contract.cairo` - Main contract implementation - `src/lib.cairo` - Librar...