Purpose
When auditing smart contracts, examining each file or function individually is inefficient. Security auditors need to start from entry points—the externally callable functions that represent the attack surface. This skill automates the identification and classification of state-changing entry points, excluding view/pure/read-only functions that cannot directly cause loss of funds or state corruption.Installation
Supported Languages
Solidity
.sol files with OpenZeppelin and custom modifiersVyper
.vy files with native patternsSolana
.rs files with Anchor and Native frameworksMove
.move files for Aptos and SuiTON
.fc, .func, .tact files (FunC and Tact)CosmWasm
.rs files with cw-ownable and cw-controllersAccess Classifications
The skill categorizes entry points into four security-relevant levels:1. Public (Unrestricted)
Callable by anyone without restrictions. These represent the highest audit priority as they are accessible to potential attackers. Examples:- Token transfers and approvals
- DEX swaps and liquidity operations
- Public minting functions
- Deposit/withdrawal functions
2. Role-Restricted
Limited to specific roles like admin, governance, guardian, operator, or custom roles. Common Role Patterns:onlyOwner,onlyAdmin,onlyGovernanceonlyGuardian,onlyPauseronlyKeeper,onlyRelayeronlyStrategy,strategist- Custom role checks via access control systems
3. Review Required
Ambiguous access patterns that need manual verification by an auditor. Examples:- Dynamic trust lists:
require(trusted[msg.sender]) - Complex conditional access:
require(condition1 && condition2) - State-dependent access control
- Multi-signature requirements
4. Contract-Only
Internal integration points callable only by other contracts, not by externally owned accounts (EOAs). Examples:- Callbacks:
onERC721Received,uniswapV3SwapCallback,flashLoanCallback - Hook implementations
- Cross-contract integration functions
- Functions that revert if
tx.origin == msg.sender
Scope: State-Changing Functions Only
This skill focuses exclusively on functions that can modify state. Excluded patterns:| Language | Excluded Patterns |
|---|---|
| Solidity | view, pure functions |
| Vyper | @view, @pure functions |
| Solana | Functions without mut account references |
| Move | Non-entry public fun (module-callable only) |
| TON | get methods (FunC), read-only receivers (Tact) |
| CosmWasm | query entry point and its handlers |
Why exclude read-only functions? They cannot directly cause loss of funds or state corruption. While they may leak information, the primary audit focus is on functions that can change state.
Usage
Trigger the skill with requests like:Directory Filtering
Specify a subdirectory to limit scope:Slither Integration
For Solidity codebases, the skill automatically uses Slither when available for more accurate analysis.Automatic Detection
The skill will:- Check if Slither is installed
- Run
slither . --print entry-pointsif available - Parse the output table to identify entry points
- Supplement with manual analysis for access control classification
- Fall back to manual analysis if Slither fails
Benefits of Slither Integration
- Faster analysis - Automated extraction of entry points
- More accurate - Compiler-level understanding of code
- Comprehensive - Captures inherited and complex patterns
Output Format
The skill generates a structured markdown report with:Summary Table
Detailed Tables by Category
Each category includes:- Function signatures
- File paths with line numbers (e.g.,
Vault.sol:L145) - Access control patterns
- Role assignments
- Notes for manual review
Example Entry
Role Detection
The skill infers roles from common patterns:| Pattern | Detected Role |
|---|---|
onlyOwner, msg.sender == owner | Owner |
onlyAdmin, ADMIN_ROLE | Admin |
onlyGovernance, governance | Governance |
onlyGuardian, onlyPauser | Guardian |
onlyKeeper, onlyRelayer | Keeper/Relayer |
onlyStrategy, strategist | Strategist |
Dynamic checks (authorized[msg.sender]) | Review Required |
Common Role Patterns by Protocol Type
Different protocol types have characteristic role patterns:| Protocol Type | Common Roles |
|---|---|
| DEX | owner, feeManager, pairCreator |
| Lending | admin, guardian, liquidator, oracle |
| Governance | proposer, executor, canceller, timelock |
| NFT | minter, admin, royaltyReceiver |
| Bridge | relayer, guardian, validator, operator |
| Vault/Yield | strategist, keeper, harvester, manager |
Workflow
Example Use Cases
Starting a Security Audit
Reviewing Access Control
Protocol-Specific Analysis
Pre-Deployment Checklist
Analysis Guidelines
The skill follows rigorous analysis principles:- Be thorough - Every state-changing externally callable function is analyzed
- Be conservative - When uncertain about access level, flag for manual review
- Skip read-only - Exclude
view,pure, and equivalent read-only functions - Note inheritance - Track if access control comes from parent contracts
- Track modifiers - List all access-related modifiers/decorators
- Identify patterns - Recognize common patterns:
- Initializer functions (often unrestricted on first call)
- Upgrade functions (high-privilege)
- Emergency/pause functions (guardian-level)
- Fee/parameter setters (admin-level)
- Token transfers and approvals (often public)
Best Practices
Start Broad
Begin with full codebase analysis to understand the complete attack surface
Verify Assumptions
Don’t assume “obvious” admin functions—trace the actual restriction implementation
Include Callbacks
Callbacks define trust boundaries and must be analyzed
Flag Ambiguity
When access control is unclear, mark for manual review rather than guess
Related Skills
Complement entry point analysis with:- audit-context-building - Build deep architectural understanding before auditing
- building-secure-contracts - Platform-specific vulnerability scanning
- solidity-poc-builder - Create proof-of-concept exploits for discovered vulnerabilities
- issue-writer - Transform findings into professional audit reports