Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

apegurus/msgvalue-loop

Name: msgvalue-loop
Author: apegurus

skills/vulnerability-patterns/msgvalue-loop/SKILL.md

- `msg.value` is referenced inside a loop (`for`, `while`) or in a function called multiple times within a single external call

tools

Updated May 13, 2026

$ install --global

skillsauth

npx skillsauth add apegurus/solidity-argus msgvalue-loop

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: May 13, 2026, 3:29 AM151.0s1 file scanned

SKILL.md

name:: msgvalue-loop
description:: Loop context signal for msg.value reuse review
pattern_category:: logic-error
- regex:: (for|while)\s*\(
severity:: Informational
confidence:: Low
swc:: SWC-134

msg.value Reuse in Loops

Preconditions

msg.value is referenced inside a loop (for, while) or in a function called multiple times within a single external call
The contract has an existing ETH balance or the logic assumes msg.value is "spent" per iteration

Vulnerable Pattern

function batchBuy(uint256[] calldata ids) external payable {
    for (uint256 i = 0; i < ids.length; i++) {
        // msg.value is the SAME on every iteration — it never decreases
        // If price == 1 ETH and user sends 1 ETH, they can buy N items
        require(msg.value >= price, "insufficient payment");
        _mint(msg.sender, ids[i]);
    }
    // User paid 1 ETH but bought N items
}

// Payable multicall — same issue
function multicall(bytes[] calldata calls) external payable {
    for (uint256 i = 0; i < calls.length; i++) {
        // msg.value forwarded to each sub-call — reused each time
        (bool s,) = address(this).delegatecall(calls[i]);
        require(s);
    }
}

Detection Heuristics

Search for msg.value usage inside for, while, or do-while loops
Search for msg.value in functions that are called via delegatecall in a loop (multicall patterns)
Check if msg.value is used in a require check inside a loop — passes on every iteration after a single payment
Search for internal functions that reference msg.value and are called multiple times from a payable external function
Check if the contract subtracts from a local tracking variable instead of relying on msg.value directly

False Positives

The function tracks remaining value in a local variable and decrements it per iteration (e.g., remaining -= price)
msg.value is only referenced once outside any loop
The loop is guaranteed to execute exactly once
The function validates total cost against msg.value before the loop (e.g., require(msg.value == price * ids.length))

Remediation

Track remaining ETH in a local variable and decrement per operation
Validate total cost upfront: require(msg.value == price * count)
In multicall patterns, ensure msg.value is consumed only once, or use a tracking variable

function batchBuy(uint256[] calldata ids) external payable {
    uint256 totalCost = price * ids.length;
    require(msg.value >= totalCost, "insufficient payment");

    for (uint256 i = 0; i < ids.length; i++) {
        _mint(msg.sender, ids[i]);
    }

    // Refund excess
    if (msg.value > totalCost) {
        payable(msg.sender).transfer(msg.value - totalCost);
    }
}

Related Skills

apegurus/vector-scan

testing

VerifiedTrustedCommunity

Specialist profile for mechanically applying the attack-vector deck and classifying vectors as skip, drop, or investigate.

SKILL.mdUpdated May 30, 2026

apegurus/periphery

tools

VerifiedTrustedCommunity

Specialist profile for libraries, helpers, base contracts, adapters, encoders, wrappers, and integration glue.

SKILL.mdUpdated May 30, 2026

apegurus/math-precision

testing

VerifiedTrustedCommunity

Specialist profile for rounding, scale, decimal, downcast, and arithmetic accounting edge cases.

SKILL.mdUpdated May 30, 2026

apegurus/math-precision

apegurus/invariant

testing

VerifiedTrustedCommunity

Specialist profile for extracting conservation laws and state couplings, then searching for violating paths.

SKILL.mdUpdated May 30, 2026

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/apegurus/solidity-argus.git

# Copy into Claude Code skills folder (global)
cp -r solidity-argus/skills/vulnerability-patterns/msgvalue-loop ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

apegurus/solidity-argus

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT

apegurus/msgvalue-loop

skills/vulnerability-patterns/msgvalue-loop/SKILL.md

- `msg.value` is referenced inside a loop (`for`, `while`) or in a function called multiple times within a single external call

tools

Updated May 13, 2026

$ install --global

skillsauth

npx skillsauth add apegurus/solidity-argus msgvalue-loop

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: May 13, 2026, 3:29 AM151.0s1 file scanned

SKILL.md

name:: msgvalue-loop
description:: Loop context signal for msg.value reuse review
pattern_category:: logic-error
- regex:: (for|while)\s*\(
severity:: Informational
confidence:: Low
swc:: SWC-134

msg.value Reuse in Loops

Preconditions

msg.value is referenced inside a loop (for, while) or in a function called multiple times within a single external call
The contract has an existing ETH balance or the logic assumes msg.value is "spent" per iteration

Vulnerable Pattern

function batchBuy(uint256[] calldata ids) external payable {
    for (uint256 i = 0; i < ids.length; i++) {
        // msg.value is the SAME on every iteration — it never decreases
        // If price == 1 ETH and user sends 1 ETH, they can buy N items
        require(msg.value >= price, "insufficient payment");
        _mint(msg.sender, ids[i]);
    }
    // User paid 1 ETH but bought N items
}

// Payable multicall — same issue
function multicall(bytes[] calldata calls) external payable {
    for (uint256 i = 0; i < calls.length; i++) {
        // msg.value forwarded to each sub-call — reused each time
        (bool s,) = address(this).delegatecall(calls[i]);
        require(s);
    }
}

Detection Heuristics

Search for msg.value usage inside for, while, or do-while loops
Search for msg.value in functions that are called via delegatecall in a loop (multicall patterns)
Check if msg.value is used in a require check inside a loop — passes on every iteration after a single payment
Search for internal functions that reference msg.value and are called multiple times from a payable external function
Check if the contract subtracts from a local tracking variable instead of relying on msg.value directly

False Positives

The function tracks remaining value in a local variable and decrements it per iteration (e.g., remaining -= price)
msg.value is only referenced once outside any loop
The loop is guaranteed to execute exactly once
The function validates total cost against msg.value before the loop (e.g., require(msg.value == price * ids.length))

Remediation

Track remaining ETH in a local variable and decrement per operation
Validate total cost upfront: require(msg.value == price * count)
In multicall patterns, ensure msg.value is consumed only once, or use a tracking variable

function batchBuy(uint256[] calldata ids) external payable {
    uint256 totalCost = price * ids.length;
    require(msg.value >= totalCost, "insufficient payment");

    for (uint256 i = 0; i < ids.length; i++) {
        _mint(msg.sender, ids[i]);
    }

    // Refund excess
    if (msg.value > totalCost) {
        payable(msg.sender).transfer(msg.value - totalCost);
    }
}

Related Skills

apegurus/vector-scan

testing

VerifiedTrustedCommunity

Specialist profile for mechanically applying the attack-vector deck and classifying vectors as skip, drop, or investigate.

SKILL.mdUpdated May 30, 2026

apegurus/periphery

tools

VerifiedTrustedCommunity

Specialist profile for libraries, helpers, base contracts, adapters, encoders, wrappers, and integration glue.

SKILL.mdUpdated May 30, 2026

apegurus/math-precision

testing

VerifiedTrustedCommunity

Specialist profile for rounding, scale, decimal, downcast, and arithmetic accounting edge cases.

SKILL.mdUpdated May 30, 2026

apegurus/math-precision

apegurus/invariant

testing

VerifiedTrustedCommunity

Specialist profile for extracting conservation laws and state couplings, then searching for violating paths.

SKILL.mdUpdated May 30, 2026

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/apegurus/solidity-argus.git

# Copy into Claude Code skills folder (global)
cp -r solidity-argus/skills/vulnerability-patterns/msgvalue-loop ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

apegurus/solidity-argus

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT