developer security skill risk: medium

Ethereum Smart Contract Vulnerability Analyzer

Instructs on running Slither static analysis and Mythril symbolic execution against Solidity contracts, then triaging findings and generating a JSON audit report with SWC identifie…

Policy sensitive
Human review
External action: low

SKILL 4 files · 2 folders

SKILL.md

Download

---
name: analyzing-ethereum-smart-contract-vulnerabilities
description: "Perform static and symbolic analysis of Solidity smart contracts using Slither and Mythril to detect reentrancy,"
---
# Analyzing Ethereum Smart Contract Vulnerabilities

## Overview

Smart contract vulnerabilities have led to billions of dollars in losses across DeFi protocols. Unlike traditional software, deployed smart contracts are immutable and handle real financial assets, making pre-deployment security analysis critical. Slither performs fast static analysis using an intermediate representation to detect over 90 vulnerability patterns in seconds, while Mythril uses symbolic execution and SMT solving to discover complex execution path vulnerabilities like reentrancy and integer overflows. This skill covers running both tools against Solidity contracts, interpreting results, triaging findings by severity, and generating audit reports.


## When to Use

- When investigating security incidents that require analyzing ethereum smart contract vulnerabilities
- When building detection rules or threat hunting queries for this domain
- When SOC analysts need structured procedures for this analysis type
- When validating security monitoring coverage for related attack techniques

## Prerequisites

- Python 3.10+ with pip
- Slither (pip install slither-analyzer) and solc compiler
- Mythril (pip install mythril) with solc-select for compiler version management
- Solidity source code or compiled contract bytecode
- Foundry or Hardhat development framework (optional, for project-level analysis)

## Steps

### Step 1: Run Slither Static Analysis

Execute Slither against the contract codebase to identify vulnerability patterns, optimization opportunities, and code quality issues using its 90+ built-in detectors.

### Step 2: Run Mythril Symbolic Execution

Run Mythril deep analysis to explore execution paths and discover reentrancy, unchecked external calls, and arithmetic vulnerabilities that require path-sensitive analysis.

### Step 3: Triage and Correlate Findings

Combine results from both tools, deduplicate findings, assess severity based on exploitability and financial impact, and filter false positives.

### Step 4: Generate Audit Report

Produce a structured audit report with vulnerability descriptions, affected code locations, exploit scenarios, and remediation recommendations.

## Expected Output

JSON report listing vulnerabilities with SWC (Smart Contract Weakness Classification) identifiers, severity ratings, affected functions, and suggested fixes.

REQUIRED CONTEXT

Solidity source code or compiled contract bytecode

OPTIONAL CONTEXT

Foundry or Hardhat development framework

TOOLS REQUIRED

slither
mythril

EXPECTED OUTPUT

Format

json

Schema

json_schema · vulnerabilities, SWC identifiers, severity ratings, affected functions, suggested fixes

Constraints

list vulnerabilities with SWC identifiers, severity ratings, affected functions, and suggested fixes

SUCCESS CRITERIA

Run Slither Static Analysis
Run Mythril Symbolic Execution
Triage and Correlate Findings
Generate Audit Report

CAVEATS

Dependencies

Python 3.10+ with pip
Slither (pip install slither-analyzer) and solc compiler
Mythril (pip install mythril) with solc-select
Solidity source code or compiled contract bytecode
Foundry or Hardhat development framework (optional)

Missing context

Target contract location or source code
Exact command-line examples or parameters for each tool
Output file path or report template

Ambiguities

Step descriptions are high-level without concrete commands, flags, or example invocations for Slither or Mythril.
Does not specify input format (file path, directory, bytecode, or contract name).
Expected output mentions JSON but provides no schema or required fields beyond a brief list.

QUALITY

OVERALL: 0.55
CLARITY: 0.75
SPECIFICITY: 0.45
REUSABILITY: 0.65
COMPLETENESS: 0.40

IMPROVEMENT SUGGESTIONS

Add concrete CLI examples under each step (e.g., 'slither . --json results.json').
Define a minimal JSON schema for the expected report output.
Include an explicit input placeholder such as {{contract_path}} at the top of the prompt.

USAGE

Copy the prompt above and paste it into your AI of choice — Claude, ChatGPT, Gemini, or anywhere else you're working. Replace any placeholder sections with your own context, then ask for the output.