From blockchain-web3
Master smart contract security best practices including reentrancy prevention, overflow checks, access control, and audit preparation.
How this skill is triggered — by the user, by Claude, or both
Slash command
/blockchain-web3:solidity-securityThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Master smart contract security best practices, vulnerability prevention, and secure Solidity development patterns.
Master smart contract security best practices, vulnerability prevention, and secure Solidity development patterns.
Detailed pattern documentation lives in references/details.md. Read that file when the navigation tier above is insufficient.
// Hardhat test example
const { expect } = require("chai");
const { ethers } = require("hardhat");
describe("Security Tests", function () {
it("Should prevent reentrancy attack", async function () {
const [attacker] = await ethers.getSigners();
const VictimBank = await ethers.getContractFactory("SecureBank");
const bank = await VictimBank.deploy();
const Attacker = await ethers.getContractFactory("ReentrancyAttacker");
const attackerContract = await Attacker.deploy(bank.address);
// Deposit funds
await bank.deposit({ value: ethers.utils.parseEther("10") });
// Attempt reentrancy attack
await expect(
attackerContract.attack({ value: ethers.utils.parseEther("1") }),
).to.be.revertedWith("ReentrancyGuard: reentrant call");
});
it("Should prevent integer overflow", async function () {
const Token = await ethers.getContractFactory("SecureToken");
const token = await Token.deploy();
// Attempt overflow
await expect(token.transfer(attacker.address, ethers.constants.MaxUint256))
.to.be.reverted;
});
it("Should enforce access control", async function () {
const [owner, attacker] = await ethers.getSigners();
const Contract = await ethers.getContractFactory("SecureContract");
const contract = await Contract.deploy();
// Attempt unauthorized withdrawal
await expect(contract.connect(attacker).withdraw(100)).to.be.revertedWith(
"Ownable: caller is not the owner",
);
});
});
contract WellDocumentedContract {
/**
* @title Well Documented Contract
* @dev Example of proper documentation for audits
* @notice This contract handles user deposits and withdrawals
*/
/// @notice Mapping of user balances
mapping(address => uint256) public balances;
/**
* @dev Deposits ETH into the contract
* @notice Anyone can deposit funds
*/
function deposit() public payable {
require(msg.value > 0, "Must send ETH");
balances[msg.sender] += msg.value;
}
/**
* @dev Withdraws user's balance
* @notice Follows CEI pattern to prevent reentrancy
* @param amount Amount to withdraw in wei
*/
function withdraw(uint256 amount) public {
// CHECKS
require(amount <= balances[msg.sender], "Insufficient balance");
// EFFECTS
balances[msg.sender] -= amount;
// INTERACTIONS
(bool success, ) = msg.sender.call{value: amount}("");
require(success, "Transfer failed");
}
}
npx claudepluginhub wshobson/agents --plugin blockchain-web3Prevents Solidity smart contract vulnerabilities like reentrancy, overflows, and access control using secure patterns, Checks-Effects-Interactions, and ReentrancyGuard. For writing and auditing contracts.
Guides secure Solidity development with best practices for vulnerability prevention, reentrancy, overflow, access control, and audit readiness.
Applies the Checks-Effects-Interactions pattern and OpenZeppelin's ReentrancyGuard to prevent reentrancy attacks in Solidity smart contracts that transfer ETH or call external contracts.