near-contract-audit

Comprehensive security audit skill for NEAR Protocol smart contracts written in Rust. Use when auditing NEAR contracts, reviewing security vulnerabilities, or analyzing contract code for issues like reentrancy, unhandled promises, unsafe math, access control flaws, and callback security.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "near-contract-audit" with this command: npx skills add near/agent-skills/near-agent-skills-near-contract-audit

NEAR Contract Audit

Security audit skill for NEAR smart contracts in Rust.

Audit Workflow

Phase 1: Automated Analysis

Run your preferred Rust static analysis and NEAR-focused security tools on the contract to:

  • Scan for common vulnerability patterns (reentrancy, unsafe math, unhandled promises, access control issues, etc.)
  • Highlight potentially risky patterns for deeper manual review

Phase 2: Manual Review

After automated analysis, perform manual review for:

  • Business logic vulnerabilities
  • Access control patterns
  • Economic attack vectors
  • Cross-contract interaction safety

Phase 3: Code-Specific Analysis

For each finding, verify:

  1. Is it a true positive?
  2. What is the exploitability?
  3. What is the recommended fix?

Phase 4: Report Generation

Document findings with severity, location, description, and remediation.

Vulnerability Quick Reference

SeverityDetector IDDescription
Highnon-private-callbackCallback missing #[private] macro
HighreentrancyState change after cross-contract call
Highincorrect-argument-or-return-typesUsing native integer types in JSON interfaces
Highunsaved-changesCollection modifications not persisted
Highowner-checkMissing caller/owner verification
Highyocto-attachMissing assert_one_yocto on sensitive functions
Highstorage-collisionSame storage prefix for different collections
Highrequired-initialization-macroMissing #[init] on initialization method
Mediumgas-griefingUnbounded loops causing DoS
Mediuminsecure-randomPredictable randomness from block data
Mediumprepaid-gasInsufficient gas reserved for callbacks
Lowcover-storage-costMissing storage deposit verification
Lowunsafe-mathArithmetic without overflow checks
Lowfloat-mathUsing floating point types for financial math

Reference Files

For detailed vulnerability documentation with code examples:

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Automation

near-api-js

No summary provided by upstream source.

Repository SourceNeeds Review
-35
near
Automation

near-intents

No summary provided by upstream source.

Repository SourceNeeds Review
-33
near
Automation

near-smart-contracts

No summary provided by upstream source.

Repository SourceNeeds Review
-26
near