0x-shashi/skills/methodology

Methodology Skill

Purpose

Comprehensive audit methodology guides covering the full security auditor workflow — from preparation and AI-assisted analysis through formal verification, economic modeling, and report writing.

Core Methodologies

Audit Workflow

• LLM Audit Workflow - Structured AI playbook with phases, modes, and context transfer
• AI-Assisted Auditing - Prompt engineering, automation scripts, and tool comparison
• Prompt Evolution - Beam search optimization system for audit prompts

Testing & Verification

• Invariant Testing - Foundry stateful fuzzing with handler patterns and ghost variables
• Symbolic Execution - Halmos, HEVM, and Certora formal verification
• PoC Writing Guide - Proof of concept templates for all major vulnerability types

Attack Analysis

• Economic Attack Modeling - Flash loan profitability, game theory, tokenomics analysis
• Composability Attacks - Cross-protocol attack patterns (oracle, liquidity, donation)
• Exploit Case Studies - Forensic analysis of $100M+ historical hacks
• Learning Path & Attack Vectors - Structured learning path with top 10 attack patterns

Security Patterns

• Secure Pattern Reference - Quick-reference for correct implementations (CEI, oracles, vaults)
• Gas Optimization Security - When gas optimization introduces vulnerabilities
• Fix Verification Patterns - Ensuring fixes don't introduce new bugs

Protocol-Specific

• Fork Audit - Diff-based methodology for auditing protocol forks
• Upgrade & Migration Patterns - Proxy, initialization, and storage layout security

Reporting

• Audit Report Templates - Finding format, severity matrix, PoC templates, executive summary

Skill Quality & Authoring

• Quality Scoring - 10-point Anthropic best practices scoring framework for evaluating skill quality
• Skill TDD Methodology - Test-Driven Documentation: pressure test → baseline → write → verify → close loopholes
• Skill Authoring Guide - Three creation paths, progressive disclosure, quality guarantee loop, version tracking

Usage

1. Start with LLM Audit Workflow for structured phase-by-phase approach
2. Apply protocol-specific methodology (fork-audit, economic-modeling, etc.)
3. Use testing tools (invariant testing, symbolic execution) for verification
4. Write PoCs following poc-writing-guide
5. Generate report using audit-report-templates

Related Skills

• Checklists - Protocol-specific audit checklists
• Patterns - Vulnerability pattern library
• Exploit Forensics - Historical exploit deep dives
• Severity - Finding severity classification

Prerequisites

Methodology skills require familiarity with at least one blockchain platform. Formal verification methods (Halmos, Certora) require their respective tool installations.

Validation

To verify methodology completeness, validate all referenced files exist:

# Verify all methodology files are present
for f in llm-audit-workflow.md invariant-testing.md symbolic-execution.md poc-writing-guide.md; do
  test -f "$f" && echo "OK: $f" || echo "MISSING: $f"
done

# Test methodology coverage
def validate_methodology_files():
    required = ['llm-audit-workflow.md', 'invariant-testing.md', 'poc-writing-guide.md']
    for f in required:
        assert os.path.exists(f), f"Missing methodology file: {f}"
    print("All methodology files verified")

# Methodology selection guide
audit_type: full
required_methods:
  - llm-audit-workflow  # ALWAYS required
  - invariant-testing    # Required for DeFi
optional_methods:
  - symbolic-execution   # For formal verification
  - economic-modeling    # For tokenomics review

Behavior Guidelines

• LLM Audit Workflow MUST be the starting point for all AI-assisted audits
• Invariant testing is required for DeFi protocol audits
• Symbolic execution may optionally be applied when formal guarantees are needed
• PoC writing is ALWAYS expected for HIGH and CRITICAL severity findings

References

• Methodology References - Workflow comparison charts and tool integration guides