secure-workflow-guide
Smart contract security review through Trail of Bits' 5-step workflow with automated scanning, visual analysis, and property documentation.
- Runs Slither with 70+ detectors to identify known vulnerabilities, then checks for special features like upgradeability risks, ERC conformance, and token integration patterns
- Generates three security diagrams (inheritance graph, function visibility, state variable authorization) to reveal architectural vulnerabilities that text descriptions miss
- Guides documentation of critical security properties (state machines, access control, arithmetic constraints) and sets up property-based fuzzing with Echidna or formal verification with Manticore
- Analyzes manual review areas automated tools miss: privacy leaks, front-running risks, cryptography weaknesses, and DeFi interaction hazards with codebase pattern matching
Secure Workflow Guide
Purpose
Guides through Trail of Bits' secure development workflow - a 5-step process to enhance smart contract security throughout development.
Use this: On every check-in, before deployment, or when you want a security review
The 5-Step Workflow
Covers a security workflow including:
Step 1: Check for Known Security Issues
Run Slither with 70+ built-in detectors to find common vulnerabilities:
- Parse findings by severity
- Explain each issue with file references
- Recommend fixes
More from trailofbits/skills
ask-questions-if-underspecified
Clarify requirements before implementing. Use when serious doubts arise.
4.2Ksemgrep
>-
3.8Kmodern-python
Configures Python projects with modern tooling (uv, ruff, ty). Use when creating projects, writing standalone scripts, or migrating from pip/Poetry/mypy/black.
3.8Kcodeql
>-
3.6Kinsecure-defaults
Detects fail-open insecure defaults (hardcoded secrets, weak auth, permissive security) that allow apps to run insecurely in production. Use when auditing security, reviewing config management, or analyzing environment variable handling.
3.5Kcode-maturity-assessor
Systematic code maturity assessment using Trail of Bits' 9-category framework. Analyzes codebase for arithmetic safety, auditing practices, access controls, complexity, decentralization, documentation, MEV risks, low-level code, and testing. Produces professional scorecard with evidence-based ratings and actionable recommendations.
3.3K