security-audit

This code is an explicit set of DeFi exploit/PoC templates targeting price/oracle and share-accounting weaknesses (AMM spot price, Curve virtual price, ERC4626 conversion/totalAssets donation inflation, sandwich/JIT). It contains no traditional malware/exfiltration/backdoor behavior, but it is clearly intended to manipulate markets and trigger unfavorable or exploitable accounting in lending/vault protocols. If packaged and distributed via a public dependency, it could increase risk by providing ready-made attack logic.

This code is a set of explicit reentrancy PoC/exploit templates (including callback-based, cross-function, and read-only reentrancy patterns) with crafted interactions against vulnerable interfaces. It contains no obfuscation or covert exfiltration/backdoor behavior, but it is offensively oriented and could directly facilitate exploitation if included in a production dependency. Treat as high misuse risk (security education/CTF content) rather than as benign library functionality.

The skill is coherent with its stated smart-contract audit purpose, and the named credentials/endpoints are broadly proportionate. The main concern is that it equips an AI agent with explicit offensive security capability through exploit/PoC generation and automated audit tooling, which makes it high risk as an agent skill even without clear signs of credential theft or malicious exfiltration.

This module is a weaponized DeFi exploitation template: it initiates flash loans, executes an external attacker-selected exploit during the flash loan callback, repays within the same transaction, and includes a direct mechanism to withdraw remaining funds to the owner. While some cross-protocol sections omit the exploit payload, the execution hooks, repayment plumbing, and profit extraction primitives are present, making it highly risky if used or distributed as part of a software supply chain. No obfuscation is observed; the harmful intent is explicit.