Tags: pashov/skills
Tags
solidity-auditor: v3 — attacker-framing 12-agent rewrite (#28) Reworks the orchestrator into a parallel 12-agent audit (9 single-specialty hacking agents + 3 gap-hunters) coordinated by a senior-auditor SOP with source-on-demand bundles. Adds new specialty agents (asymmetry, boundary, flow-gap, numerical-gap, trust-gap) and strengthens existing ones. Tightens the judging gates for LEAD/FINDING promotion and admin-action handling. Adds optional per-run model selection for the audit agents on Claude Code. Removes the legacy evals/, attack-vectors.md, and assets/ scaffolding, and saves the report to the working directory instead of assets/findings/. Bumps VERSION to 3. Co-authored-by: Georgi Todorov <georgitodorov@Georgis-MacBook-Pro.local> Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
x-ray: v2 — readiness-report evolution with cross-linked invariants (#25 ) * x-ray: v2 — readiness-report evolution with cross-linked invariants Bumps x-ray/VERSION from 1 to 2. The skill now produces a more structured readiness report whose central artefact is a dedicated invariants.md file, cross-linked from x-ray.md attack surfaces. What's new in v2 - **Dedicated invariants.md** (new output file). Four sections: §1 Enforced Guards (reference), §2 Single-Contract Inferred, §3 Cross-Contract, §4 Economic. Heading-block format with H4 slug anchors (#g-1, #i-17, …) that cross-file links from x-ray.md resolve against. - **§1 Enforced Guards compact format.** Each G-N is 2 lines: #### G-N `predicate` · `file:line` · purpose Replaces the earlier 7-line heading + blockquote + Location + Purpose + --- block. Space saving ≈ 56% on guard-heavy protocols; scannable without scroll. - **Guard-lift methodology** (SKILL.md Step 2g Pass B). Every require/assert/if-revert is extracted verbatim to §1, then each is probed for a global-property implication; properties are promoted to §2 only after enumerating every write site of the constrained variable. Unguarded write sites become On-chain=No invariants — those are the high-signal output because each is simultaneously an invariant and a candidate bug. - **Invariant cross-link rule** in x-ray.md Section 2. Attack surfaces whose cited code falls within a G-N / I-N / X-N / E-N derivation window append the matching IDs as bracketed links (lowercase slugs). Typical hit rate ≥ 70%. - **Section 3 of x-ray.md is now a POINTER ONLY** — no guard table, no top-N inferred list. Callout blockquote with counts and a strong link to invariants.md. Prevents duplication; invariants.md is the single catalogue. - **Bullet-brevity and DO-NOT-EXPLOIT rules** for Section 2 writing. Attack-surface bullets describe the concern area ("worth tracing…", "worth checking…"), not the exploit chain. Hard cap of 2 lines per surface; prose may not restate what the file:line already shows. - **Framing rule**: surfaces named after the root threat area (e.g. "SERVICE_ROLE compromise"), not symptoms (e.g. "missing pausability on completeSwap"). - **Centralization integration**: a standalone Centralization Risks section is forbidden — details distribute across Actors, Trust Boundaries, and Attack Surfaces. Actors table Capabilities column must distinguish instant vs timelocked. - **Step 2c Backwards-compat detection** gains mandatory verification gates (caller check + NatSpec check + interface-obligation check) so intentional "returns default" / "by design" code is not misclassified as dead weight. - **Step 2d Centralization + pause coverage** analyses integrated into existing sections (no standalone section). - **Step 2b-flow Protocol Flow Paths** section added to entry-points.md — backwards-traced prerequisite chains for major entry points, 15-30 lines. - **Step 2g State machine vs toggle** distinction. One-shot latches feed §2 as StateMachine invariants; togglable flags (freeze/unFreeze, pause/unpause) are explicitly excluded. - **threats.md**: HOW TO USE block added at top, plus DO-NOT-EXPLOIT hint for surface writing. - **scripts/enumerate.sh** tweaks: multi-signal test category output format (functions:configs), nSLOC exact value, stateless fuzz / invariant / echidna / medusa / certora / halmos / hevm / fork counts. - **Assets**: adds x_ray.gif demo for the README. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Revert gif path + remove local gif copy - README.md references the upstream ../static/x_ray.gif path again - Remove the duplicate gif that was added under x-ray/ Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Restore upstream gif path in README The gif lives at pashov/skills:static/x_ray.gif, not under x-ray/. Reference it with the original ../static/x_ray.gif path. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
V2 (#12) * update(solidity-auditor): optimize agent workflow and report pipeline - Merge triage + tier 1 into single scan pass, silent skip for irrelevant vectors - Add parallel verification read step in Turn 4 before FP gate - Remove model choice from agent spawning - Remove Below Confidence Threshold separator from report template - Remove redundant bundle exclusion instruction - Expand attack vectors and adversarial agent instructions Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * update(solidity-auditor): add FP gate agent and structured scan output Move FP gate reasoning and report formatting from orchestrator to a dedicated validation agent, reducing orchestrator Turn 4 to mechanical pre-filter, dedup, and passthrough. Scan agents now output structured entry/guards fields per finding for faster downstream validation. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * update(solidity-auditor): restructure agents, add FP gate, optimize scan output - Split agents/ into hacking-agents/ and operations-agents/ - Add dedicated fp-gate-agent.md for validation read discipline - Enforce compact skip/drop classification format in vector-scan-agent - Redefine LEADs as concrete code smell trails (not just incomplete paths) - Add code_smells field to LEAD output and report template - Strip redundant headers from attack-vectors files - Revert bundle reorder (instructions-last works better) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * update(solidity-auditor): always run adversarial agent, add mandatory verification - Remove "deep" mode — adversarial reasoning agent (Agent 5) now runs on every scan - Add mandatory verification step requiring exact function signature quoting before promoting findings - Update README to reflect simplified usage (no more /solidity-auditor deep) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * update(solidity-auditor): v2 agent architecture with 8 specialized hacking agents Replace monolithic adversarial agent with 8 parallel specialized agents (vector-scan, math-precision, access-control, economic-security, execution-trace, invariant, periphery, first-principles). Consolidate attack vectors into single file, add shared rules, update judging gates, add eval framework, and remove FP gate agent. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * update(solidity-auditor): refine v2 agent prompts and judging criteria Streamline hacking agent instructions, reduce redundancy in shared rules, tighten judging gates, and remove unused static asset. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * update(solidity-auditor): refine v2 skill prompt, attack vectors, and eval runner Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: pashov <krum@pashov.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>