Deep EVM bytecode analysis and decompilation capabilities for smart contract security, gas optimization, and reverse engineering. Provides tools for analyzing opcodes, storage layouts, proxy patterns, and bytecode verification.
Analyzes and decompiles EVM bytecode for smart contract security, gas optimization, and reverse engineering.
npx claudepluginhub a5c-ai/babysitterThis skill is limited to using the following tools:
README.mdExpert-level EVM bytecode analysis and decompilation for smart contract security audits, gas optimization, and reverse engineering.
This skill can leverage the following MCP servers:
| Server | Purpose | Install |
|---|---|---|
| EVM MCP Tools | Smart contract auditing, security analysis | 0xGval/evm-mcp-tools |
| Solidity Contract Analyzer | Contract code analysis with metadata | Skywork |
Common EVM opcodes and gas costs:
| Category | Opcodes | Base Gas |
|---|---|---|
| Arithmetic | ADD, SUB, MUL, DIV | 3-5 |
| Comparison | LT, GT, EQ, ISZERO | 3 |
| Bitwise | AND, OR, XOR, NOT, SHL, SHR | 3 |
| Memory | MLOAD, MSTORE | 3 + memory expansion |
| Storage | SLOAD | 100 (warm) / 2100 (cold) |
| Storage | SSTORE | 100-20000 (varies) |
| Control | JUMP, JUMPI | 8-10 |
| Call | CALL, DELEGATECALL, STATICCALL | 100 + memory + value |
// Basic types (slot 0, 1, 2...)
uint256 public a; // slot 0
uint256 public b; // slot 1
// Packed storage
uint128 public c; // slot 2, bytes 0-15
uint128 public d; // slot 2, bytes 16-31
// Mappings: keccak256(key . slot)
mapping(address => uint256) public balances; // slot 3
// balances[addr] at keccak256(addr . 3)
// Dynamic arrays: length at slot, data at keccak256(slot)
uint256[] public arr; // length at slot 4, arr[i] at keccak256(4) + i
Implementation: 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc
Admin: 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103
Beacon: 0xa3f0ad74e5423aebfd80d3ef4346578335a9a72aeaee59ff6cb3582b35133d50
PUSH1 0x80 // Free memory pointer
PUSH1 0x40
MSTORE
...
CODECOPY // Copy runtime code
RETURN // Return runtime code
PUSH4 <selector> // 4-byte function selector
EQ // Compare with calldata[0:4]
PUSH2 <offset> // Jump destination
JUMPI // Jump if match
// Reentrancy indicator: CALL before SSTORE
CALL
...
SSTORE
// Unchecked return: CALL without ISZERO check
CALL
// Missing: ISZERO, JUMPI for error handling
// Self-destruct (deprecated but detectable)
SELFDESTRUCT
# Using cast (Foundry)
cast code <address> --rpc-url <rpc>
# Using curl
curl -X POST <rpc> \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","method":"eth_getCode","params":["<address>","latest"],"id":1}'
# Disassemble with cast
cast disassemble <bytecode>
# Or use online tools
# - evm.codes/playground
# - ethervm.io/decompile
# Read specific storage slot
cast storage <address> <slot> --rpc-url <rpc>
# Read EIP-1967 implementation slot
cast storage <address> 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc --rpc-url <rpc>
# Get deployed bytecode
cast code <address> --rpc-url <rpc> > deployed.bin
# Compile source and compare
forge build
diff deployed.bin out/Contract.sol/Contract.bin
This skill integrates with the following processes:
gas-optimization.js - Identify gas-heavy opcodessmart-contract-security-audit.js - Bytecode-level vulnerability detectionsmart-contract-upgrade.js - Proxy slot verificationformal-verification.js - Bytecode correctness verification| Tool | Purpose | URL |
|---|---|---|
| Foundry Cast | CLI bytecode interaction | foundry-rs/foundry |
| evm.codes | Opcode reference | evm.codes |
| Dedaub | Decompiler | dedaub.com |
| Heimdall | Advanced decompiler | heimdall-rs |
| panoramix | Python decompiler | eveem.org |
// Analyze proxy contract
const analysis = {
type: 'proxy',
pattern: 'EIP-1967 Transparent',
implementation: '0x...',
admin: '0x...',
// Storage layout
storageSlots: {
0: { name: '_initialized', type: 'uint8' },
1: { name: '_initializing', type: 'bool' },
// ...
},
// Function selectors
selectors: {
'0xa9059cbb': 'transfer(address,uint256)',
'0x23b872dd': 'transferFrom(address,address,uint256)',
// ...
},
// Gas hotspots
gasHotspots: [
{ offset: 0x1a4, opcode: 'SSTORE', context: 'balance update' },
{ offset: 0x2f0, opcode: 'CALL', context: 'external call' }
]
};
skills/gas-optimization/SKILL.md - Gas optimization techniquesagents/solidity-auditor/AGENT.md - Security audit agentreferences.md - External resourcesActivates when the user asks about AI prompts, needs prompt templates, wants to search for prompts, or mentions prompts.chat. Use for discovering, retrieving, and improving prompts.
Search, retrieve, and install Agent Skills from the prompts.chat registry using MCP tools. Use when the user asks to find skills, browse skill catalogs, install a skill for Claude, or extend Claude's capabilities with reusable AI agent components.
This skill should be used when the user asks to "create an agent", "add an agent", "write a subagent", "agent frontmatter", "when to use description", "agent examples", "agent tools", "agent colors", "autonomous agent", or needs guidance on agent structure, system prompts, triggering conditions, or agent development best practices for Claude Code plugins.