multiversx-audit-context
Audit Context Building
Rapidly build a comprehensive mental model of a MultiversX codebase before diving into vulnerability hunting. This skill ensures you understand the system holistically before searching for specific issues.
When to Use
- Starting a new security audit engagement
- Onboarding to an unfamiliar MultiversX project
- Mapping attack surface for penetration testing
- Preparing for code review sessions
1. Reconnaissance
Identify the Core
Locate where critical logic and value flows reside:
- Smart Contracts: Look for
#[multiversx_sc::contract],#[payable("*")], andimplblocks - Value Handlers: Functions that move EGLD/ESDT tokens
- Access Control: Owner-only functions, whitelists, role systems
More from multiversx/mx-ai-skills
multiversx-clarification-expert
Identify ambiguous requirements and ask targeted clarifying questions for MultiversX development. Use when user requests are vague, missing technical constraints, or have conflicting requirements.
20multiversx-protocol-experts
Deep protocol knowledge for MultiversX architecture including sharding, consensus, ESDT standards, and cross-shard transactions. Use when reviewing protocol-level code, designing complex dApp architectures, or troubleshooting cross-shard issues.
20multiversx-spec-compliance
Verify smart contract implementations match their specifications, whitepapers, and MIP standards. Use when auditing for specification adherence, validating tokenomics implementations, or checking MIP compliance.
20multiversx-smart-contracts
Build MultiversX smart contracts with Rust. Use when app needs blockchain logic, token creation, NFT minting, staking, crowdfunding, or any on-chain functionality requiring custom smart contracts.
19multiversx-constant-time
Verify cryptographic operations execute in constant time to prevent timing attacks. Use when auditing custom crypto implementations, secret comparisons, or security-sensitive algorithms in smart contracts.
19multiversx-wasm-debug
Analyze compiled WASM binaries for size optimization, panic analysis, and debugging with DWARF symbols. Use when troubleshooting contract deployment issues, optimizing binary size, or debugging runtime errors.
19