Cairo Security

Security patterns and common vulnerabilities for Cairo smart contracts on Starknet. Sourced from 50+ public audit reports including Nethermind, ConsenSys Diligence, Code4rena, ChainSecurity, Cairo Security Clan, Zellic, and Nethermind AuditAgent, plus the Cairo Book security chapter, Crytic's Not So Smart Contracts, Oxor.io Cairo Security Flaws, and FuzzingLabs Top 4 Vulnerabilities.

Versions: This skill targets Cairo 2.12.4 (latest stable tagged on GitHub; v2.15.0 exists but 2.12.4 carries the "Latest" tag), Scarb 2.15.1, Starknet Foundry 0.56.0, OpenZeppelin Contracts for Cairo 3.0.0 (v4.0.0-alpha.0 is pre-release, uses Scarb 2.15.1 / snforge 0.55.0), and Starknet v0.14.1 (mainnet Dec 2025). All code examples and import paths are verified against these versions.

Cairo Editions: Cairo v2.15.0 introduced edition 2025_12, which changes snapshot/member access syntax (e.g., (@a).b returns desnapped value). If your Scarb.toml specifies this edition, test code that accesses struct members through snapshots — the number of @ levels needed may differ from pre-2025_12 behavior.

Workflow: Use this skill as a review pass after your contract compiles and tests pass. Not a replacement for a professional audit.

When to Use

• Reviewing a contract before audit or deployment
• Checking for common Cairo/Starknet vulnerabilities
• Hardening a contract for production
• Implementing access control, upgrade safety, input validation
• Writing session key or delegated execution contracts
• Reviewing L1/L2 bridge handlers