Solidity

evm-token-decimals helps prevent silent decimal mismatch bugs across EVM chains. Use it for runtime decimals lookup, chain-aware caching, bridged-token precision drift, and safe normalization for backend development, bots, dashboards, and DeFi tools.

defi-amm-security is a focused security checklist for Solidity AMMs, liquidity pools, LP vaults, and swap flows. It helps auditors and engineers review reentrancy, CEI ordering, donation or inflation attacks, oracle assumptions, slippage, admin controls, and integer math with less guesswork than a generic prompt.

defi-protocol-templates is a GitHub skill that helps scaffold DeFi contract patterns for staking, AMMs, governance, lending, and flash loans. Best used as a starting point for Solidity design and prompting, not as an audited production framework.

Use the nft-standards skill to design NFT contracts around ERC-721 and ERC-1155, with guidance on metadata, minting, royalties, soulbound patterns, dynamic NFTs, and marketplace-aware behavior for Web3 projects.

solidity-security is a focused Solidity audit and secure-coding skill for reviewing reentrancy, access control, unsafe external calls, and remediation patterns. Use it to prepare contracts for Security Audit, improve prompts, and get more structured review output than a generic audit request.

The web3-testing skill helps you design and scaffold smart contract test workflows with Hardhat and Foundry, including unit tests, integration coverage, mainnet forking, fuzzing, gas checks, and setup guidance for Solidity and DeFi teams.

property-based-testing skill guide for writing, reviewing, and improving PBT across languages and smart contracts. Use this property-based-testing guide to spot roundtrip, idempotence, invariant, parser, validator, and normalization cases, choose generators, and decide when property-based-testing is stronger than example-based tests.

entry-point-analyzer helps map state-changing entry points in smart contract codebases for security audit work. It identifies externally callable functions that modify state, groups them by access level, and excludes view, pure, and other read-only paths. Use this entry-point-analyzer guide when you need a focused call-surface inventory for Solidity, Vyper, Solana, Move, TON, or CosmWasm projects.

token-integration-analyzer is a security-review skill for token implementations and token integrations. It checks ERC20/ERC721 conformity, weird token patterns, owner privileges, scarcity, and non-standard token handling for Security Audit workflows. Use the token-integration-analyzer guide to reduce guesswork and assess compatibility risk.

secure-workflow-guide guides a 5-step Solidity security workflow: Slither triage, feature-specific checks, visual inspection, security-property notes, and manual review. It is built for smart contract teams, auditors, and builders who want a repeatable secure-workflow-guide guide before deployment or release.

guidelines-advisor is a smart contract development advisor based on Trail of Bits best practices. It analyzes a codebase to generate documentation, review architecture, check upgradeability patterns, assess implementation quality, identify pitfalls, review dependencies, and evaluate testing. Use the guidelines-advisor guide for clear, evidence-based recommendations.

code-maturity-assessor provides an evidence-based maturity review using Trail of Bits’ 9-category framework. It assesses arithmetic safety, auditing, access control, complexity, decentralization, documentation, MEV risk, low-level code, and testing, with actionable recommendations for security audit readiness.

audit-prep-assistant prepares codebases for Security Audit using Trail of Bits' checklist. It helps set review goals, run static analysis, increase test coverage, remove dead code, document risks, and generate supporting artifacts for a cleaner audit handoff.