a5c-ai/evm-analysis
library/specializations/cryptography-blockchain/skills/evm-analysis/SKILL.md
Deep EVM bytecode analysis and decompilation capabilities for smart contract security, gas optimization, and reverse engineering. Provides tools for analyzing opcodes, storage layouts, proxy patterns, and bytecode verification.
$ install --global
skillsauthnpx skillsauth add a5c-ai/babysitter evm-analysisInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 28, 2026, 4:46 PM334.4s2 files scanned
SKILL.md
- name:
- evm-analysis
- description:
- Deep EVM bytecode analysis and decompilation capabilities for smart contract security, gas optimization, and reverse engineering. Provides tools for analyzing opcodes, storage layouts, proxy patterns, and bytecode verification.
- allowed-tools:
- Read, Grep, Write, Bash, Edit, Glob, WebFetch
EVM/Bytecode Analysis Skill
Expert-level EVM bytecode analysis and decompilation for smart contract security audits, gas optimization, and reverse engineering.
Capabilities
- Bytecode Analysis: Analyze EVM bytecode and opcodes
- Gas Cost Calculation: Calculate gas costs per operation
- Storage Layout Identification: Identify storage slot layouts and packing
- Decompilation: Decompile bytecode to pseudo-Solidity
- Proxy Analysis: Analyze proxy implementation slots (EIP-1967)
- Pattern Detection: Detect bytecode patterns (CREATE2, selfdestruct)
- Bytecode Verification: Verify contract bytecode against source
MCP Server Integration
This skill can leverage the following MCP servers:
| Server | Purpose | Install | |--------|---------|---------| | EVM MCP Tools | Smart contract auditing, security analysis | 0xGval/evm-mcp-tools | | Solidity Contract Analyzer | Contract code analysis with metadata | Skywork |
Opcode Reference
Common EVM opcodes and gas costs:
| Category | Opcodes | Base Gas | |----------|---------|----------| | Arithmetic | ADD, SUB, MUL, DIV | 3-5 | | Comparison | LT, GT, EQ, ISZERO | 3 | | Bitwise | AND, OR, XOR, NOT, SHL, SHR | 3 | | Memory | MLOAD, MSTORE | 3 + memory expansion | | Storage | SLOAD | 100 (warm) / 2100 (cold) | | Storage | SSTORE | 100-20000 (varies) | | Control | JUMP, JUMPI | 8-10 | | Call | CALL, DELEGATECALL, STATICCALL | 100 + memory + value |
Storage Layout Analysis
Standard Slot Patterns
// Basic types (slot 0, 1, 2...)
uint256 public a; // slot 0
uint256 public b; // slot 1
// Packed storage
uint128 public c; // slot 2, bytes 0-15
uint128 public d; // slot 2, bytes 16-31
// Mappings: keccak256(key . slot)
mapping(address => uint256) public balances; // slot 3
// balances[addr] at keccak256(addr . 3)
// Dynamic arrays: length at slot, data at keccak256(slot)
uint256[] public arr; // length at slot 4, arr[i] at keccak256(4) + i
EIP-1967 Proxy Slots
Implementation: 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc
Admin: 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103
Beacon: 0xa3f0ad74e5423aebfd80d3ef4346578335a9a72aeaee59ff6cb3582b35133d50
Bytecode Patterns
Contract Creation
PUSH1 0x80 // Free memory pointer
PUSH1 0x40
MSTORE
...
CODECOPY // Copy runtime code
RETURN // Return runtime code
Selector Dispatch
PUSH4 <selector> // 4-byte function selector
EQ // Compare with calldata[0:4]
PUSH2 <offset> // Jump destination
JUMPI // Jump if match
Common Vulnerability Patterns
// Reentrancy indicator: CALL before SSTORE
CALL
...
SSTORE
// Unchecked return: CALL without ISZERO check
CALL
// Missing: ISZERO, JUMPI for error handling
// Self-destruct (deprecated but detectable)
SELFDESTRUCT
Workflow
1. Fetch Contract Bytecode
# Using cast (Foundry)
cast code <address> --rpc-url <rpc>
# Using curl
curl -X POST <rpc> \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","method":"eth_getCode","params":["<address>","latest"],"id":1}'
2. Analyze Opcodes
# Disassemble with cast
cast disassemble <bytecode>
# Or use online tools
# - evm.codes/playground
# - ethervm.io/decompile
3. Storage Slot Analysis
# Read specific storage slot
cast storage <address> <slot> --rpc-url <rpc>
# Read EIP-1967 implementation slot
cast storage <address> 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc --rpc-url <rpc>
4. Bytecode Comparison
# Get deployed bytecode
cast code <address> --rpc-url <rpc> > deployed.bin
# Compile source and compare
forge build
diff deployed.bin out/Contract.sol/Contract.bin
Process Integration
This skill integrates with the following processes:
gas-optimization.js- Identify gas-heavy opcodessmart-contract-security-audit.js- Bytecode-level vulnerability detectionsmart-contract-upgrade.js- Proxy slot verificationformal-verification.js- Bytecode correctness verification
Tools Reference
| Tool | Purpose | URL | |------|---------|-----| | Foundry Cast | CLI bytecode interaction | foundry-rs/foundry | | evm.codes | Opcode reference | evm.codes | | Dedaub | Decompiler | dedaub.com | | Heimdall | Advanced decompiler | heimdall-rs | | panoramix | Python decompiler | eveem.org |
Example Analysis
// Analyze proxy contract
const analysis = {
type: 'proxy',
pattern: 'EIP-1967 Transparent',
implementation: '0x...',
admin: '0x...',
// Storage layout
storageSlots: {
0: { name: '_initialized', type: 'uint8' },
1: { name: '_initializing', type: 'bool' },
// ...
},
// Function selectors
selectors: {
'0xa9059cbb': 'transfer(address,uint256)',
'0x23b872dd': 'transferFrom(address,address,uint256)',
// ...
},
// Gas hotspots
gasHotspots: [
{ offset: 0x1a4, opcode: 'SSTORE', context: 'balance update' },
{ offset: 0x2f0, opcode: 'CALL', context: 'external call' }
]
};
See Also
skills/gas-optimization/SKILL.md- Gas optimization techniquesagents/solidity-auditor/AGENT.md- Security audit agentreferences.md- External resources
Related Skills
a5c-ai/model-card-generator
development
VerifiedTrustedCommunity
Model documentation skill for generating model cards following Google's model card framework.
680SKILL.mdUpdated Apr 28, 2026
a5c-ai/mlflow-experiment-tracker
development
VerifiedTrustedCommunity
MLflow integration skill for experiment tracking, model registry, and artifact management. Enables LLMs to log experiments, compare runs, manage model lifecycle, and retrieve artifacts through the MLflow API.
680SKILL.mdUpdated Apr 28, 2026
a5c-ai/lime-explainer
data-ai
VerifiedTrustedCommunity
LIME-based local explanation skill for individual predictions across tabular, text, and image data.
680SKILL.mdUpdated Apr 28, 2026
a5c-ai/kubeflow-pipeline-executor
devops
VerifiedTrustedCommunity
Kubeflow Pipelines skill for ML workflow orchestration, component management, and Kubernetes-native ML.
680SKILL.mdUpdated Apr 28, 2026