alt-research/fuzz-generator
.claude/skills/solidity-guard/skills/fuzz-generator/SKILL.md
Generates Foundry invariant tests and Echidna property-based fuzz tests for Solidity contracts. Creates handler contracts, invariant assertions, and fuzzing configurations.
$ install --global
skillsauthnpx skillsauth add alt-research/solidityguard fuzz-generatorInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 3, 2026, 4:00 PM4.5s1 file scanned
SKILL.md
- name:
- fuzz-generator
- description:
- |
Fuzz Test Generator
1. Purpose
Generate comprehensive fuzz tests using Foundry and Echidna. Fuzz testing finds edge cases and invariant violations that manual review and static analysis miss.
2. Foundry Invariant Tests
Handler Pattern
contract Handler is Test {
MyContract target;
uint256 public ghost_totalDeposited;
constructor(MyContract _target) {
target = _target;
}
function deposit(uint256 amount) public {
amount = bound(amount, 1, 1e24);
deal(address(this), amount);
target.deposit{value: amount}();
ghost_totalDeposited += amount;
}
function withdraw(uint256 amount) public {
uint256 balance = target.balanceOf(address(this));
amount = bound(amount, 0, balance);
if (amount == 0) return;
target.withdraw(amount);
ghost_totalDeposited -= amount;
}
}
contract InvariantTest is Test {
MyContract target;
Handler handler;
function setUp() public {
target = new MyContract();
handler = new Handler(target);
targetContract(address(handler));
}
function invariant_solvency() public {
assertGe(
address(target).balance,
target.totalDeposits(),
"Contract must be solvent"
);
}
function invariant_totalSupply() public {
assertEq(
target.totalSupply(),
handler.ghost_totalDeposited(),
"Supply must match deposits"
);
}
}
3. Echidna Properties
contract EchidnaTest is MyContract {
constructor() MyContract() {}
function echidna_solvency() public view returns (bool) {
return address(this).balance >= totalDeposits;
}
function echidna_no_overflow() public view returns (bool) {
return totalSupply <= type(uint256).max / 2;
}
}
Echidna Config (echidna.yaml)
testMode: "property"
testLimit: 50000
seqLen: 100
shrinkLimit: 5000
deployer: "0x30000"
sender: ["0x10000", "0x20000", "0x30000"]
4. Common Invariants
Financial
- Total assets >= total liabilities
- Sum of balances == total supply
- No individual balance exceeds total supply
- Withdrawal amount <= deposit amount
Access Control
- Owner never changes without proper authorization
- Roles can't be self-assigned
- Admin actions require admin role
State Machine
- Valid state transitions only
- No invalid intermediate states
- Monotonic counters only increase
5. Running
# Foundry invariant tests
forge test --match-test "invariant" -vvv --fuzz-runs 1000
# Echidna
echidna . --contract EchidnaTest --config echidna.yaml
# With corpus
echidna . --contract EchidnaTest --corpus-dir corpus/
Related Skills
alt-research/solidityguard
tools
VerifiedTrustedCommunity
Advanced Solidity/EVM smart contract security auditor with 104 vulnerability patterns, multi-tool integration, and professional report generation.
93SKILL.mdUpdated Apr 3, 2026
alt-research/solidity-vulnerability-scanner
development
VerifiedTrustedCommunity
Comprehensive Solidity contract security scanner detecting 104 vulnerability patterns across reentrancy, access control, arithmetic, DeFi, proxy, and token categories. Integrates Slither, Aderyn, and Mythril with manual analysis.
83SKILL.mdUpdated Apr 3, 2026
alt-research/storage-analyzer
testing
VerifiedTrustedCommunity
Analyzes storage layout, proxy patterns, and state variable security in Solidity contracts. Detects storage collisions, uninitialized pointers, and upgrade risks. Use when auditing proxy/upgradeable contracts.
83SKILL.mdUpdated Apr 3, 2026
alt-research/spec-compliance
development
VerifiedTrustedCommunity
Validates Solidity implementation against specification documents. Extracts behavior from docs (README, specs, NatSpec) and verifies code matches documented intent. Uses Trail of Bits methodology for divergence detection.
83SKILL.mdUpdated Apr 3, 2026