Web3, smart contracts, and specialized crypto tools.
Auto-loaded by flashloan-auditor and defi-auditor agents during Phase 2. Provides detection patterns for: spot price manipulation, oracle staleness, short TWAP, donation attacks, slippage, flash loan governance. Core artifact: Price Flow Map.
Auto-loaded by oracle-auditor agent during Phase 2 when Chainlink is detected. Provides patterns for: Price Feeds (stale check, decimals), VRF (front-running), CCIP (message validation), Automation/Keepers. Critical: missing staleness check, wrong decimals, sequencer down handling.
Auto-loaded by flashloan-auditor agent during Phase 2. Provides detection patterns for: price manipulation, governance manipulation, collateral manipulation, reward manipulation, oracle manipulation via flash loans. Core artifact: Flash Loan Attack Flow diagram.
Borrow USDC against savings collateral. Use when asked to borrow, take a loan, get credit, leverage savings, or access funds without withdrawing from savings. A 0.05% protocol fee applies. Only accepts USDC.
Deposit into savings to earn yield on Sui via NAVI Protocol. Use when asked to save money, earn interest, deposit to savings, or put funds to work. Not for sending to other addresses — use t2000-send for that.
Auto-loaded by defi-auditor agent during Phase 2 when analyzing lending protocols. Provides patterns for: liquidation logic, interest rate models, collateral management, health factor calculations, bad debt handling. Core vulnerabilities: self-liquidation, precision loss, oracle manipulation, collateral factor attacks.
Auto-loaded by cross-chain-auditor agent during Phase 2. Provides detection patterns for: missing source chain/address validation, replay attacks, message ordering, chain-specific code, finality assumptions. Core artifact: Cross-Chain Message Flow diagram.
Auto-loaded by defi-auditor agent during Phase 2 when analyzing ERC4626 vaults. Provides patterns for: share/asset conversion, inflation attack mitigations, rounding direction rules, donation attacks. Critical: first depositor attack, virtual shares offset, dead shares burning.
Auto-loaded by logic-auditor agent during Phase 2. Provides detection patterns for: missing zero checks, address validation, array bounds, parameter constraints, calldata validation, encoding issues. Core artifact: Input Validation Matrix.
Auto-loaded by reentrancy-auditor agent during Phase 2 for state sync analysis. Framework: "When can state become inconsistent? How can that gap be exploited?" Identifies state inconsistency windows during external calls, CEI violations, read-only reentrancy, cross-contract state manipulation.
Auto-loaded by cross-chain-auditor agent during Phase 2 when LayerZero is detected. Provides patterns for: OApp security (peer validation), OFT tokens (slippage), compose message validation, gas options. Critical: missing peer check, wrong peer encoding, no compose validation, insufficient executor gas.
A specialized RAG agent for auditing Smart Contracts and Web3 documentation with line-level citation precision.
Auto-loaded by reentrancy-auditor agent during Phase 2. Provides detection patterns for: CEI violations, cross-function/cross-contract reentrancy, read-only reentrancy, token callback exploits (ERC721/777/1155). Core artifact: State Timeline map.
Auto-loaded by cross-chain-auditor agent during Phase 2. Provides detection patterns for: missing source chain/address validation, replay attacks, message ordering, chain-specific code, finality assumptions. Core artifact: Cross-Chain Message Flow diagram.
Comprehensive platform health verification for nemotron-v3 home security system. USE WHEN checking platform health, after infrastructure changes, debugging service issues, or verifying deployment state.
EVM blockchain operations including balance queries, block, transactions, token transfers, smart contract interactions, and ENS lookups, and chain health check. Use when working with Ethereum, Polygon, Arbitrum, Optimism, Base, BSC, Avalanche, or other EVM-compatible chains.
Use after parallel bounded-context implementation to verify contracts still hold. Checks compliance, runs cross-boundary tests, detects conflicts, and proposes merge order. Keywords: integrate, contracts, merge, cross-boundary, validation, multi-human, event storming.
Deep semantic security review of code changes with data flow tracing, taint analysis, and trust boundary validation. Composable building block invoked by /audit when deployed.
Hedera Schedule Service (HSS) smart contract development. Use when creating or interacting with scheduled transactions from Solidity via the Schedule Service system contract at 0x16b (e.g. scheduleNative for token creation, scheduleCall for generalized contract calls, authorizeSchedule, signSchedule, deleteSchedule, or querying scheduled token info).
Hedera Token Service (HTS) smart contract development. Use when creating, managing, or interacting with Hedera-native tokens via Solidity contracts. Triggers include HTS tokens, Hedera token creation, HTS precompile, token minting/burning on Hedera, KYC/freeze/pause token controls, custom fee schedules, NFT collections on Hedera, or any token operations using the 0x167 precompile.
The official detailed guide for developing, testing, deploying, and auditing TRON smart contracts using the Sunhat toolkit.
Compile and deploy Solidity smart contracts to EVM chains.
