Zum Hauptinhalt springen
Dieser Inhalt ist noch nicht in Ihrer Sprache verfügbar und wird auf Englisch angezeigt.

Token Integration Analyzer

Skill Aktiv
Teil von:Building Secure Contracts

Token integration and implementation analyzer based on Trail of Bits' token integration checklist. Analyzes token implementations for ERC20/ERC721 conformity, checks for 20+ weird token patterns, assesses contract composition and owner privileges, performs on-chain scarcity analysis, and evaluates how protocols handle non-standard tokens. Context-aware for both token implementations and token integrations.

Zweck

To provide a systematic and expert-driven analysis of smart contract token security, identifying vulnerabilities in both token implementations and how protocols handle external tokens.

Funktionen

  • Analyzes ERC20/ERC721 token implementations for conformity
  • Checks for 20+ known 'weird token' patterns
  • Assesses contract composition and owner privileges
  • Performs on-chain scarcity and distribution analysis
  • Evaluates protocol handling of non-standard tokens

Anwendungsfälle

  • Analyze custom ERC20 or ERC721 token contracts for security flaws.
  • Audit how a DeFi protocol integrates and handles various ERC20 tokens.
  • Identify risks associated with fee-on-transfer, rebasable, or upgradable tokens.
  • Assess on-chain token scarcity and holder concentration for potential manipulation risks.

Nicht-Ziele

  • General-purpose smart contract auditing beyond token-specific concerns.
  • Analyzing non-EVM compatible token standards.
  • Providing legal or financial advice regarding token investments.
  • Automated vulnerability exploitation or remediation.

Workflow

  1. Determine analysis context (token implementation, integration, platform, types)
  2. Perform Slither analysis for Solidity projects (if applicable)
  3. Analyze code for contract composition, owner privileges, ERC conformity, and weird patterns
  4. Query on-chain data for scarcity, supply, and holder concentration (if applicable)
  5. Provide a risk assessment with vulnerabilities, non-standard behaviors, and prioritized recommendations

Praktiken

  • Token Security Analysis
  • Smart Contract Auditing
  • On-Chain Data Analysis

Voraussetzungen

  • Access to the codebase to be analyzed
  • Contract address and RPC endpoint (for on-chain analysis)
  • Context on whether analyzing token implementation or integration

Trust

  • warning:Issues AttentionIn the last 90 days, 13 issues were opened and 4 were closed, indicating a closure rate below 50% and a significant backlog, suggesting slow maintainer response.

Installation

Zuerst Marketplace hinzufügen

/plugin marketplace add trailofbits/skills
/plugin install building-secure-contracts@trailofbits

Qualitätspunktzahl

78 /100
Analysiert about 15 hours ago

Vertrauenssignale

Letzter Commit3 days ago
GitHub-Inhaber trailofbits (opens in new tab)
Sterne5.2k
LizenzCC-BY-SA-4.0
Status
Quellcode ansehen

Ähnliche Erweiterungen

Ship Gate

100

Pre-production audit that scans a codebase for security, database, deployment, code quality, AI/LLM, dependency, frontend, and observability issues. Intercepts deploy commands and blocks until critical items pass. Stack-agnostic. Use for "run ship gate", "am I ready to ship", "pre-launch audit", "can I deploy", "push to production", "go live checklist", "preflight check". Not for CI/CD setup or infra provisioning.

Skill
alirezarezvani

Web3 Testing

99

Test smart contracts comprehensively using Hardhat and Foundry with unit tests, integration tests, and mainnet forking. Use when testing Solidity contracts, setting up blockchain test suites, or validating DeFi protocols.

Skill
wshobson

Aptos Gas & Performance Optimization Expert

99

Expert on Aptos gas optimization, performance tuning, storage costs, execution efficiency, inline functions, aggregator usage, parallel execution, table vs vector tradeoffs, and gas profiling tools. Triggers on keywords gas optimization, performance, gas cost, storage fee, inline, aggregator, parallel execution, gas profiling, optimization

Skill
raintree-technology

Solidity Security

98

Master smart contract security best practices to prevent common vulnerabilities and implement secure Solidity patterns. Use when writing smart contracts, auditing existing contracts, or implementing security measures for blockchain applications.

Skill
wshobson

Aptos Move Testing

98

Expert on testing Move smart contracts on Aptos, including unit tests, integration tests, Move Prover formal verification, debugging strategies, and test coverage. Triggers on keywords move test, unit test, integration test, move prover, formal verification, debug, coverage, assert, expect

Skill
raintree-technology

Aptos Framework Expert

98

Expert on Aptos Framework (0x1 standard library) - account, coin, fungible_asset, object, timestamp, table, event, vector, string, option, error, and other core modules. Triggers on keywords aptos framework, 0x1, account module, table, smarttable, event, timestamp, randomness, aggregator, resource account

Skill
raintree-technology