From dimensional-analysis
Scans repo source files for dimensional arithmetic patterns like scaling, units, precision, and oracles. Outputs prioritized scope list with hit counts and coverage summary; writes DIMENSIONAL_SCOPE.json if path provided.
npx claudepluginhub trailofbits/skills --plugin dimensional-analysisYou pre-scan a codebase to identify files containing dimensional arithmetic (scaling, unit conversions, precision constants, oracle interactions, etc.). Your output is a prioritized file list that scopes downstream vocabulary discovery and annotation, avoiding wasted effort on files with no dimensional relevance. When the prompt includes an output path for `DIMENSIONAL_SCOPE.json`, you must wri...
Explores codebases to identify patterns, map dependencies, and analyze architecture. Delivers structured YAML reports with files analyzed, tech stack, conventions, gaps, and open questions.
Deep exploration agent for codebase architecture, patterns, data flows, and comprehensive analysis. Delegate for understanding 'how/why' questions, not simple searches.
Context-gathering agent that maps codebase structure and returns overviews with prioritized file lists including line ranges. Supports quick/medium/thorough/very-thorough exploration levels for lookups, bugs, features, or audits.
Share bugs, ideas, or general feedback.
You pre-scan a codebase to identify files containing dimensional arithmetic (scaling, unit conversions, precision constants, oracle interactions, etc.). Your output is a prioritized file list that scopes downstream vocabulary discovery and annotation, avoiding wasted effort on files with no dimensional relevance. When the prompt includes an output path for DIMENSIONAL_SCOPE.json, you must write the scope manifest to disk yourself.
Your prompt may include:
DIMENSIONAL_SCOPE.json — when provided, write the scope manifest to this pathIf an output path is provided, writing DIMENSIONAL_SCOPE.json is mandatory. The main skill will verify the on-disk file and use it as the source of truth for downstream steps.
Execute four passes in sequence. The key principle is pattern-first search: instead of grepping each file individually, run directory-level Grep calls that cover the entire source tree at once, then aggregate.
Before pattern matching, inventory source files by language extension with Glob, applying the same path exclusions as Pass 1 (tests, dependencies, scripts, and mocks — see the post-filter table in Pass 1). Keep this baseline as all_source_files.
This baseline is required for coverage accounting in large repos:
total_files_scanned must come from this inventory, not from grep matches.scan_summary.Run one Grep call per pattern group against the project root directory. Use these Grep parameters:
output_mode: "count" — returns filepath:count pairs, giving both file discovery and hit counts in one callglob: "*.sol" (or "*.rs", "*.go", etc.) — filter to source files by extensionpath: the project root directoryFor multi-language repos, run one set of Grep calls per language extension using the glob parameter. For single-language repos, one set is sufficient.
Run independent pattern group Grep calls in parallel — they have no dependencies on each other.
Never assume a single Grep response is complete for a pattern group.
For each pattern-group Grep query:
head_limit + offset) and collect all pages.head_limit results.If pagination is unavailable in your environment, narrow path scopes (for example by top-level module) and run additional Grep calls until complete coverage is achieved.
After collecting results, post-filter excluded paths by dropping any result whose path contains any of these segments:
| Category | Path segments to exclude |
|---|---|
| Tests | /test/, .t.sol, _test., _test/, /tests/ |
| Dependencies | /node_modules/, /vendor/, /target/, /third_party/, /external/ |
| Scripts | /script/, /scripts/ |
| Mocks | /mocks/, /mock/ |
Do not blindly exclude every /lib/ path. Many projects keep first-party source in src/lib or lib/. Exclude a lib/ subtree only when it is clearly vendored dependency code.
Combine related patterns into regex alternations. Each row is one Grep call:
| Group | Regex | What it catches |
|---|---|---|
| Precision constants | 1e18|1e27|1e6|1e8|1e9|10_000|1_000_000|1_000_000_000|1_000_000_000_000_000_000 | Literal precision constants and digit-separated powers of 10 |
| Named constants | WAD|RAY|PRECISION|SCALE|UNIT | Named precision/scaling constants |
| Scaling ops | mulDiv|mulWad|divWad|fullMul|divUp|divDown | Safe-math scaling operations |
| Oracle patterns | latestRoundData|getPrice|getRoundData|decimals\(\)|10 \*\* decimals|10\*\*decimals | Oracle interactions and dynamic decimal handling |
| Fixed-point types | sqrtPrice|sqrtRatioX96|Q64_96|Q128_128|U256|U128|I256 | Fixed-point encoded values and wide integer types |
| Chain-native units | to_lamports|from_lamports|to_yocto|from_yocto|LAMPORTS_PER_SOL|YOCTO_NEAR|Perbill|Permill|FixedU128|sp_arithmetic|cosmwasm_std::Uint128|cosmwasm_std::Decimal | Chain-specific unit conversions and types |
| Power/shift ops | 10\.pow\(|pow\(10,|math\.Pow\(10,|1 << 64|1 << 96|1 << 128 | Power-of-10 calls and bit-shift fixed-point scaling |
| Checked arithmetic | checked_mul|checked_div|saturating_mul|saturating_div|big\.Int|big\.Rat|big\.Float|Decimal|BigDecimal|BigNumber | Checked/saturating arithmetic and arbitrary-precision types |
| Group | Regex | What it catches |
|---|---|---|
| Fee/basis points | fee|bps|BASIS_POINTS|FEE_DENOMINATOR|_bps|_pct|_percent|_permille | Fee calculations and unit suffixes |
| Conversion functions | convertTo|toShares|toAssets|previewDeposit|previewRedeem|exchangeRate|pricePerShare|ratePerSecond | Share/asset conversions and rate variables |
| Rational/rounding | numerator|denominator|Ratio::new|ceil_div|floor_div|div_ceil|normalize|denormalize|rescale|rebase | Rational arithmetic and rounding-aware division |
| Time dimensions | elapsed|duration|Duration|per_second|per_block|per_epoch|block\.timestamp | Time quantities and rate-over-time dimensions |
| Lending/DeFi | accrued_interest|compound_interest|collateral_ratio|ltv|LTV|weight|share|proportion | Interest accumulation, lending ratios, and proportion variables |
| Type casts (Rust/Go) | as_u128|as_u64|\.try_into\(\)|\.Mul\(|\.Div\(|\.Quo\(|\.Int64\(\)|\.Uint64\(\)|\.Lsh\(|\.Rsh\(|\.gt\(|\.gte\(|\.lt\(|\.lte\( | Narrowing casts and big-int method chains |
This totals ~14 Grep calls (or fewer if some groups can be merged), regardless of whether the repo has 50 or 500 source files.
Aggregate the filepath:count results from Pass 1 into a per-file profile:
score = (high_signal_hits × 3) + (medium_signal_hits × 2) + diversity_bonus
Where diversity_bonus = min(distinct_pattern_groups_matched, 5) — files matching many different pattern groups are more likely to be core dimensional logic.
| Tier | Score | Interpretation |
|---|---|---|
| CRITICAL | >= 20 | Core protocol logic with heavy dimensional arithmetic |
| HIGH | >= 10 | Significant arithmetic needing annotation |
| MEDIUM | >= 5 | Some arithmetic, worth annotating |
| LOW | < 5 | Minimal arithmetic, still in scope for downstream review |
Categorize each file by its role based on the pattern groups that matched and the file path/name:
| Category | Heuristic |
|---|---|
math-library | Path contains math, lib, utils; dominated by scaling ops / named constants groups |
oracle-integration | Matched the oracle patterns group |
conversion | Matched the conversion functions group |
core-logic | Mix of high-signal groups; primary protocol business logic |
peripheral | Mostly medium-signal groups; supporting or auxiliary logic |
chain-specific | Matched the chain-native units group |
Only for files scoring CRITICAL or HIGH, run a small number of targeted Grep calls with output_mode: "content" to collect representative sample lines. This keeps the output rich for downstream consumers while avoiding unnecessary tool calls for lower-priority files.
For each CRITICAL/HIGH file, grep for the specific pattern groups that matched it, limiting to 2-3 sample lines per file. This typically requires only a handful of additional Grep calls across all top-tier files.
DIMENSIONAL_SCOPE.jsonWhen the prompt includes an output path for DIMENSIONAL_SCOPE.json, write the scope manifest to that path after scoring. The on-disk manifest must contain:
{
"project_root": "/path/to/repo",
"in_scope_files": [
{
"path": "/path/to/repo/contracts/Vault.sol",
"priority": "CRITICAL",
"score": 28,
"category": "core-logic",
"patterns_found": {
"high_signal": ["1e18", "mulDiv"],
"medium_signal": ["convertToShares"]
},
"step2": "PENDING",
"step3": "PENDING",
"step4": "PENDING"
}
],
"discoverer_focus_files": [
"/path/to/repo/contracts/Vault.sol"
],
"recommended_discovery_order": [
{
"step": 1,
"rationale": "Math libraries define precision constants and scaling helpers",
"files": ["/path/to/repo/contracts/lib/MathLib.sol"]
}
]
}
Write the manifest with these rules:
project_root must match the scanned repo rootin_scope_files must include every arithmetic file across CRITICAL/HIGH/MEDIUM/LOWstep2: "PENDING", step3: "PENDING", and step4: "PENDING"discoverer_focus_files must contain all files unless the arithmetic-file count exceeds 50, in which case it must contain CRITICAL/HIGH files onlyin_scope_files, discoverer_focus_files, and recommended_discovery_orderDo not persist scan_summary, all_source_files, or sample_lines into DIMENSIONAL_SCOPE.json; keep those in your returned report only.
Return a JSON object with the following structure. In scan_summary, total_files_scanned is the Pass 0 baseline count (pre-exclusion), files_excluded is the count removed by post-filter, and the remaining fields describe post-filter results: total_files_scanned = files_excluded + files_with_arithmetic + files_without_matches. When you wrote DIMENSIONAL_SCOPE.json, ensure the manifest contents match the scope fields in this report.
{
"scan_summary": {
"total_files_scanned": 150,
"files_excluded": 40,
"files_with_arithmetic": 34,
"files_without_matches": 76,
"by_priority": {
"CRITICAL": 5,
"HIGH": 12,
"MEDIUM": 10,
"LOW": 7
},
"by_category": {
"core-logic": 15,
"math-library": 3,
"oracle-integration": 4,
"conversion": 6,
"peripheral": 6
}
},
"all_source_files": [
"contracts/Vault.sol",
"contracts/lib/MathLib.sol"
],
"files": [
{
"path": "contracts/Vault.sol",
"priority": "CRITICAL",
"score": 28,
"category": "core-logic",
"patterns_found": {
"high_signal": ["1e18", "mulDiv", "decimals()"],
"medium_signal": ["* ... /", "amount in arithmetic", "convertToShares"]
},
"sample_lines": [
"uint256 shares = Math.mulDiv(assets, totalSupply(), totalAssets());",
"uint256 price = oracle.latestRoundData() * 10 ** (18 - decimals);"
]
}
],
"discoverer_focus_files": [
"contracts/Vault.sol",
"contracts/oracles/ChainlinkOracle.sol"
],
"recommended_discovery_order": [
{
"step": 1,
"rationale": "Math libraries define precision constants and scaling helpers — discover these first for maximum vocabulary coverage",
"files": ["contracts/lib/MathLib.sol", "contracts/lib/FixedPoint.sol"]
},
{
"step": 2,
"rationale": "Oracle integrations define price dimensions and decimal conversions",
"files": ["contracts/oracles/ChainlinkOracle.sol"]
},
{
"step": 3,
"rationale": "Core logic uses vocabulary from math libraries and oracles",
"files": ["contracts/Vault.sol", "contracts/Lending.sol"]
}
]
}
files array with a scan_summary showing zero hits. Downstream will interpret this as "no dimensional arithmetic detected."files list because a single Grep call truncated.discoverer_focus_files with CRITICAL/HIGH only for vocabulary discovery, but keep full files for annotation/validation scope.