ReddRadar
Agent skill
external-precondition-audit
Trigger Pattern Any external contract interaction detected in attack_surface.md - Inject Into Breadth agents (merged via M7 hierarchy)
Install this agent skill to your Project
npx add-skill https://github.com/PlamenTSV/plamen/tree/main/agents/skills/evm/external-precondition-audit
SKILL.md
EXTERNAL_PRECONDITION_AUDIT Skill
Trigger Pattern: Any external contract interaction detected in attack_surface.md Inject Into: Breadth agents (merged via M7 hierarchy) Constraint: Interface-level inference only -- no production fetch required
For every external contract the protocol interacts with:
1. Interface-Level Requirement Inference
From the interface/import used by the protocol, infer what the external contract requires:
| External Function Called | Parameters Passed | Likely Preconditions (from interface) | Our Protocol Validates? |
|---|
Inference method: Read the function signature, parameter names, NatSpec comments (if any),
and common patterns for that function type. Example: IVault.swap(FundManagement memory funds)
-> infer that funds.sender must be authorized, funds.recipient determines where output goes.
2. Return Value Consumption
| External Call | Return Type | How Protocol Uses Return | Failure Mode if Return Unexpected |
|---|
For each return value: what happens if it returns 0? What happens if it returns MAX? What happens if the external call reverts?
- For each external data structure received (Vec, array, Map, list): (a) What ordering/uniqueness does the consuming code assume? (b) Does the external contract's spec guarantee that ordering? (c) What happens if the assumption is violated (unsorted, duplicates, gaps)?
3. State Dependency Mapping
| Protocol State | Depends on External State | External State Can Change Without Our Knowledge? |
|---|
For each dependency: model what happens when the external state changes between our protocol's read and use.
Step Execution Checklist
| Section | Required | Completed? |
|---|---|---|
| 1. Interface-Level Requirement Inference | YES | Y/N/? |
| 2. Return Value Consumption | YES | Y/N/? |
| 3. State Dependency Mapping | YES | Y/N/? |
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
PlamenTSV/plamen
integration-hazard-research
Protocol Type Trigger NAMED_EXTERNAL_PROTOCOL (detected when recon finds import/interface for an identifiable external protocol — not standard libraries). Researches known integration hazards of the target protocol.
PlamenTSV/plamen
outcome-determinism
Protocol Type Trigger outcome_determinism - detected when EITHER of these code patterns are present - - Selection from finite depletable pool with fallback behavior (while(full)...
PlamenTSV/plamen
governance-attack-vectors
Protocol Type Trigger governance (detected when Governor, Timelock, voting, proposal, quorum, delegate patterns found) - Inject Into Breadth agents, depth-external, depth-edge-case
PlamenTSV/plamen
vault-accounting
Protocol Type Trigger vault (detected in recon TASK 0 Step 1) - Inject Into Core state agent OR economic design agent (merge via M4 hierarchy)
PlamenTSV/plamen
lending-protocol-security
Protocol Type Trigger lending (detected when recon finds liquidate|borrow|repay|collateral|lend|loan|LTV|healthFactor|interestRate|debtToken) - Inject Into Breadth agents, depth...
PlamenTSV/plamen
dex-integration-security
Protocol Type Trigger dex_integration (detected when recon finds swap|addLiquidity|removeLiquidity|IUniswapV2Router|ISwapRouter|amountOutMin|amountOutMinimum|slippage - AND the...
Didn't find tool you were looking for?