token-integration-analyzer
Comprehensive token security analyzer checking ERC20/ERC721 conformity, 24+ weird token patterns, and integration safety.
- Analyzes both token implementations and protocol integrations across 10 assessment categories, including contract composition, owner privileges, and on-chain scarcity
- Detects 24+ known weird token patterns (fee-on-transfer, missing return values, reentrant hooks, pausable tokens, blocklists, and more) with specific code evidence
- Integrates Slither analysis for ERC conformity checks, complexity assessment, and property-based testing when Solidity code is available
- Queries deployed contracts for holder distribution, exchange listings, and configuration risks; includes rationalizations to prevent common analysis shortcuts
- Delivers prioritized recommendations (CRITICAL/HIGH/MEDIUM/LOW) with specific fixes and safe transfer patterns for defensive integration
Token Integration Analyzer
Purpose
Systematically analyzes the codebase for token-related security concerns using Trail of Bits' token integration checklist:
- Token Implementations: Analyze if your token follows ERC20/ERC721 standards or has non-standard behavior
- Token Integrations: Analyze how your protocol handles arbitrary tokens, including weird/non-standard tokens
- On-chain Analysis: Query deployed contracts for scarcity, distribution, and configuration
- Security Assessment: Identify risks from 20+ known weird token patterns
Framework: Building Secure Contracts - Token Integration Checklist + Weird ERC20 Database
How This Works
Phase 1: Context Discovery
Determines analysis context:
More from trailofbits/skills
ask-questions-if-underspecified
Clarify requirements before implementing. Use when serious doubts arise.
4.2Ksemgrep
>-
3.8Kmodern-python
Configures Python projects with modern tooling (uv, ruff, ty). Use when creating projects, writing standalone scripts, or migrating from pip/Poetry/mypy/black.
3.8Kcodeql
>-
3.6Kinsecure-defaults
Detects fail-open insecure defaults (hardcoded secrets, weak auth, permissive security) that allow apps to run insecurely in production. Use when auditing security, reviewing config management, or analyzing environment variable handling.
3.5Ksecure-workflow-guide
Guides through Trail of Bits' 5-step secure development workflow. Runs Slither scans, checks special features (upgradeability/ERC conformance/token integration), generates visual security diagrams, helps document security properties for fuzzing/verification, and reviews manual security areas.
3.4K