multiversx-security-audit
MultiversX Security Audit Methodology
A sequential workflow for auditing MultiversX smart contracts, from initial reconnaissance through automated scanning.
When to Use
- Starting a new security audit engagement
- Performing security code reviews
- Setting up automated vulnerability scanning
- Mapping attack surface for penetration testing
- Training new security reviewers
Phase 1: Context Building
Rapidly build a comprehensive mental model of the codebase before diving into vulnerability hunting.
1.1 Reconnaissance Checklist
More from multiversx/mx-ai-skills
multiversx-clarification-expert
Identify ambiguous requirements and ask targeted clarifying questions for MultiversX development. Use when user requests are vague, missing technical constraints, or have conflicting requirements.
20multiversx-protocol-experts
Deep protocol knowledge for MultiversX architecture including sharding, consensus, ESDT standards, and cross-shard transactions. Use when reviewing protocol-level code, designing complex dApp architectures, or troubleshooting cross-shard issues.
20multiversx-spec-compliance
Verify smart contract implementations match their specifications, whitepapers, and MIP standards. Use when auditing for specification adherence, validating tokenomics implementations, or checking MIP compliance.
20multiversx-smart-contracts
Build MultiversX smart contracts with Rust. Use when app needs blockchain logic, token creation, NFT minting, staking, crowdfunding, or any on-chain functionality requiring custom smart contracts.
19multiversx-constant-time
Verify cryptographic operations execute in constant time to prevent timing attacks. Use when auditing custom crypto implementations, secret comparisons, or security-sensitive algorithms in smart contracts.
19multiversx-wasm-debug
Analyze compiled WASM binaries for size optimization, panic analysis, and debugging with DWARF symbols. Use when troubleshooting contract deployment issues, optimizing binary size, or debugging runtime errors.
19