← 返回
未分类 中文

Solidity Developer

Implement secure Solidity smart contracts with tests and safety patterns.
实现安全的 Solidity 智能合约,包含测试和安全模式。
mzfshark mzfshark 来源
未分类 clawhub v1.0.0 1 版本 100000 Key: 无需
★ 0
Stars
📥 336
下载
💾 0
安装
1
版本
#dev#latest

概述

SKILL: solidity-dev

Purpose

Design and implement secure Solidity smart contracts with explicit security controls, tests, and deterministic build/validation steps.

When to Use

  • The task requires a new contract (ERC-20/721/1155) or extending an existing one.
  • You need secure patterns (access control, pausable, reentrancy protection).
  • You need Hardhat/Foundry test scaffolding.

Inputs

  • contract_spec (required, object|string): requirements, roles, invariants, events.
  • standard (optional, enum: erc20|erc721|erc1155|custom).
  • tooling (optional, enum: hardhat|foundry).
  • security_constraints (optional, string[]): e.g., “no upgradeability”, “pausable required”.
  • deployment_target (optional, string): local/testnet/mainnet (mainnet requires explicit user approval).

Steps

  1. Clarify requirements:
    • roles and permissions
    • asset flows
    • invariants (must always hold)
  2. Select proven libraries (prefer OpenZeppelin) and decide if upgradeability is required.
  3. Implement contract with explicit patterns:
    • access control (Ownable/AccessControl)
    • checks-effects-interactions for external calls
    • ReentrancyGuard where applicable
    • Pausable for emergency stop if appropriate
  4. Add events for critical state changes.
  5. Write tests that assert invariants and failure modes.
  6. Validate:
    • compile
    • run tests
    • run static checks when available (slither/foundry invariants) without blocking if tooling is absent.

Validation

  • No privileged method lacks access control.
  • External calls are safe (reentrancy considered).
  • Arithmetic uses Solidity 0.8+ safety; no unsafe casts without justification.
  • Tests cover:
  • happy path
  • access control denial
  • edge conditions
  • reentrancy-sensitive flows (where relevant)

Output

  • Contract source files (paths)
  • Test files (paths)
  • Build/validate commands
  • Security notes (assumptions + risk areas)

Safety Rules

  • Never embed private keys, mnemonics, or RPC secrets in code.
  • Never deploy to mainnet without explicit user confirmation and a dry-run on testnet/local first.
  • Avoid custom crypto unless unavoidable.
  • Reject “guaranteed profit” or manipulative tokenomics requirements.

Example

Input:

  • standard: erc20
  • contract_spec: “Mintable by MINTER_ROLE, pausable transfers, capped supply.”

Output:

  • contracts/MyToken.sol, test/MyToken.t.sol (or Hardhat equivalent)
  • validation: forge test (or npx hardhat test)

版本历史

共 1 个版本

  • v1.0.0 当前
    2026-05-07 20:32 安全 安全

安全检测

腾讯云安全 (Keen)

安全,无风险
查看报告

腾讯云安全 (Sanbu)

安全,无风险
查看报告

🔗 相关推荐

data-analysis

OnChain Analysis

mzfshark
战略性解读区块链数据,以数据支撑的证据和明确的不确定性,识别模式、异常和流向。
★ 0 📥 611
dev-programming

YouTube

byungkyu
使用托管OAuth集成YouTube Data API,支持搜索视频、管理播放列表、获取频道数据及评论互动,适用于用户需要时使用此技能。
★ 142 📥 42,130
dev-programming

Github

steipete
使用 `gh` CLI 与 GitHub 交互,通过 `gh issue`、`gh pr`、`gh run` 和 `gh api` 管理议题、PR、CI 运行及高级查询。
★ 686 📥 331,262