solidity-argus 0.1.8 → 0.3.0

package/AGENTS.md

@@ -13,19 +13,19 @@ CLI: `argus doctor`, `argus init`, `argus install`.
 **Role**: Primary security audit orchestrator
 **Description**: Argus Panoptes, the All-Seeing Guardian. Coordinates full Solidity security audits by dispatching Sentinel (analysis), Pythia (research), and Scribe (reporting). Follows a rigorous 7-step methodology: Reconnaissance, Automated Scanning, Manual Review, Attack Surface Mapping, Vulnerability Research, Testing & Verification, and Reporting.
 **Model**: anthropic/claude-opus-4-6
-**Tools**: All 8 argus_* tools (argus_slither_analyze, argus_analyze_contract, argus_check_patterns, argus_solodit_search, argus_forge_test, argus_forge_fuzz, argus_generate_report, argus_sync_knowledge)
+**Tools**: All 12 argus_* tools (argus_slither_analyze, argus_analyze_contract, argus_check_patterns, argus_proxy_detection, argus_solodit_search, argus_forge_test, argus_gas_analysis, argus_forge_fuzz, argus_forge_coverage, argus_skill_load, argus_generate_report, argus_sync_knowledge)
 
 ## sentinel
 
 **Role**: Static analysis and testing specialist
 **Description**: Finds vulnerabilities through Slither static analysis, Foundry testing, fuzzing, and pattern matching. The tactical executor — runs tools, writes PoC tests, and verifies findings. Dispatched by Argus during Automated Scanning and Testing & Verification phases.
 **Model**: anthropic/claude-sonnet-4-6
-**Tools**: argus_slither_analyze, argus_forge_test, argus_forge_fuzz, argus_analyze_contract, argus_check_patterns, skill
+**Tools**: argus_slither_analyze, argus_forge_test, argus_gas_analysis, argus_forge_fuzz, argus_forge_coverage, argus_analyze_contract, argus_check_patterns, argus_proxy_detection, skill
 
 ## pythia
 
 **Role**: Vulnerability researcher
-**Description**: Consults Solodit, SCVD, and the knowledge base to find historical precedents and known attack vectors. Searches 7,769+ real-world audit findings and 55 curated vulnerability pattern files. Dispatched by Argus during Vulnerability Research phase.
+**Description**: Consults Solodit, SCVD, and the knowledge base to find historical precedents and known attack vectors. Searches 7,769+ real-world audit findings and 44 curated vulnerability pattern files. Dispatched by Argus during Vulnerability Research phase.
 **Model**: anthropic/claude-sonnet-4-6
 **Tools**: argus_solodit_search, argus_check_patterns, skill
 

package/README.md

@@ -15,12 +15,12 @@ Argus Panoptes — the mythological all-seeing giant — orchestrates a team of
 **What it does:**
 - Runs Slither static analysis and Foundry tests automatically
 - Searches 7,769+ real-world audit findings via SCVD and Solodit
-- Matches code against 55 curated vulnerability pattern files
+- Matches code against 82 curated SKILL.md knowledge files
 - Generates professional markdown audit reports with severity classifications
 - Follows a rigorous 7-step audit methodology (Reconnaissance → Report)
 
 **Why it's useful:**
-- Catches reentrancy, oracle manipulation, access control flaws, flash loan vectors, and 35+ other vulnerability classes
+- Catches reentrancy, oracle manipulation, access control flaws, flash loan vectors, and 50+ vulnerability classes across 14 pattern categories
 - Integrates seamlessly into OpenCode's agent system — no separate tooling setup required
 - Knowledge base sourced from Trail of Bits, Cyfrin, DeFiFoFum, and the broader security community
 
@@ -88,10 +88,13 @@ Transforms raw findings into professional, structured markdown audit reports wit
 |------|-------|-------------|
 | `argus_slither_analyze` | Sentinel | Runs Slither static analysis on Solidity contracts; detects reentrancy, uninitialized variables, unchecked returns, and more |
 | `argus_analyze_contract` | Sentinel | Generates a deep structural profile of a contract: functions, state variables, modifiers, inheritance tree |
-| `argus_check_patterns` | Sentinel, Pythia | Scans code against a library of complex vulnerability patterns (regex/AST-based) covering 35+ vulnerability classes |
+| `argus_check_patterns` | Sentinel, Pythia | Scans code against a library of complex vulnerability patterns (regex/AST-based) covering 50+ vulnerability classes across 14 pattern categories |
+| `argus_proxy_detection` | Sentinel | Detects proxy patterns in Solidity contracts (ERC1967, UUPS, transparent, beacon, diamond) with confidence scoring |
 | `argus_solodit_search` | Pythia | Searches Solodit's database of real-world audit reports for similar protocols and historical findings |
 | `argus_forge_test` | Sentinel | Runs existing or newly written Foundry/Forge tests; essential for PoC verification |
+| `argus_gas_analysis` | Sentinel | Runs forge gas report analysis, parses per-function gas metrics, and identifies high-gas hotspots above configurable threshold |
 | `argus_forge_fuzz` | Sentinel | Fuzzes specific functions with random inputs to find edge cases and invariant violations |
+| `argus_forge_coverage` | Sentinel | Runs forge coverage analysis and returns structured per-file coverage metrics (lines, statements, branches, functions) |
 | `argus_generate_report` | Scribe | Generates the final structured audit report in professional markdown format |
 | `argus_sync_knowledge` | Argus | Syncs the local vulnerability database from SCVD (api.scvd.dev) |
 
@@ -99,20 +102,169 @@ Transforms raw findings into professional, structured markdown audit reports wit
 
 ## Knowledge Base
 
-The plugin ships with **55 curated SKILL.md files** organized into 5 categories:
+The plugin ships with **82 curated SKILL.md files** organized into 6 categories:
 
 | Category | Files | Description |
 |----------|-------|-------------|
-| Vulnerability Patterns | 38 | Reentrancy, oracle manipulation, flash loans, access control, overflow/underflow, and 33 more |
+| Vulnerability Patterns | 51 | Reentrancy, oracle manipulation, flash loans, access control, ERC4626, governance, front-running, and 44 more |
 | Methodology | 3 | Audit workflow, report templates, severity classification |
 | Protocol Patterns | 5 | AMM/DEX, bridges, governance, lending, staking security guides |
 | Checklists | 6 | Cyfrin audit checklists (DeFi core, integrations, upgrades, gas, best practices) |
 | References | 2 | DeFi exploit reference index, SmartBugs vulnerable contract examples |
+| Case Studies | 15 | Major DeFi exploit analyses (Euler, Nomad Bridge, Ronin, Cream Finance, etc.) |
 
-**Sources:** Trail of Bits, Cyfrin, DeFiFoFum, kadenzipfel, SunWeb3Sec, smartbugs
+**Sources:** Trail of Bits, Cyfrin, DeFiFoFum, kadenzipfel, SunWeb3Sec, smartbugs, BailSec, Argus
+
+### Detection Rules
+
+Vulnerability detection patterns are defined as `detection_rules` in SKILL.md frontmatter. Each skill with a `pattern_category` field is automatically discovered by the pattern checker — no separate configuration needed.
+
+- **51 vulnerability pattern skills** with detection rules across **14 categories**
+- Categories: `reentrancy`, `oracle-manipulation`, `flash-loan`, `access-control`, `erc4626`, `proxy`, `signature`, `dos`, `front-running`, `governance`, `token-standard`, `gas-optimization`, `logic-error`, `delegatecall`
+
+#### Adding Custom Detection Rules
+
+Add custom detection rules by creating SKILL.md files in your `customSkillsDir`:
+
+```yaml
+---
+name: my-custom-pattern
+description: Detects insecure transfer patterns
+pattern_category: access-control
+detection_rules:
+  - regex: 'transfer\(msg\.sender, .+\)'
+    severity: High
+    description: Potentially insecure transfer to caller
+---
+```
 
 **SCVD Integration:** The plugin connects to [api.scvd.dev](https://api.scvd.dev) for 7,769+ real-world audit findings. Sync with `argus_sync_knowledge` or configure `knowledge.autoSync: true`.
 
+### Audit PDF Extraction Pipeline
+
+A generic pipeline for extracting security findings from public audit report PDFs and converting them into structured data for pattern creation.
+
+**How it works:**
+1. Downloads PDFs from configured GitHub repositories
+2. Parses each PDF page-by-page using `pdf-parse`
+3. Extracts findings using regex-based heading/severity/description detection
+4. Deduplicates and categorizes findings into 11 categories
+5. Outputs structured JSON to `scripts/audit-pdf-output/`
+
+**Running the pipeline:**
+
+```bash
+bun scripts/audit-pdf-extract.ts
+```
+
+> **Note:** The extraction pipeline scripts are available in the [source repository](https://github.com/Apegurus/solidity-argus) only. They are not included in the npm package. If you installed `solidity-argus` via npm/bun, you'll need to clone the repository to run the extraction pipeline.
+
+**Output files:**
+- `scripts/audit-pdf-output/findings.json` — All extracted findings
+- `scripts/audit-pdf-output/metadata.json` — Extraction stats, errors, source info
+- `scripts/audit-pdf-output/by-category/*.json` — Findings grouped by category (reentrancy, access-control, oracle, etc.)
+
+**Adding new audit sources:**
+
+The pipeline uses a generic `AuditSource[]` interface. To add a new audit firm's reports, edit `scripts/audit-pdf-extract.ts` and add an entry to `DEFAULT_SOURCES`:
+
+```typescript
+{
+  name: "AuditFirmName",
+  repoRawBase: "https://raw.githubusercontent.com/org/repo/main",
+  repoUrl: "https://github.com/org/repo",
+  pdfFiles: [
+    "Audit Report - Protocol Name.pdf",
+    // ... more PDFs
+  ],
+}
+```
+
+**How agents leverage extracted findings:**
+
+The extracted findings are used to create new SKILL.md vulnerability pattern files (e.g., `erc4626-exchange-rate-manipulation`, `missing-parameter-bounds`). These patterns are loaded on-demand by agents via `argus_skill_load` during audits. The extraction pipeline is a developer tool — agents don't run it directly.
+
+### Case Studies
+
+15 detailed case studies of major DeFi exploits are included in `skills/case-studies/`. Each provides deep narrative context: root cause analysis, attack flow, impact assessment, key transactions, and lessons learned.
+
+**Sources:** Public exploit research from [rekt.news](https://rekt.news) and [SunWeb3Sec/DeFiHackLabs](https://github.com/SunWeb3Sec/DeFiHackLabs).
+
+**How they complement SCVD:** SCVD provides breadth (7,769+ searchable findings by keyword). Case studies provide depth (detailed narratives of 15 major exploits). The `@pythia` agent uses both — SCVD for "has this pattern been seen before?" and case studies for "how did this type of exploit actually unfold?"
+
+**Adding new case studies:**
+
+1. Create a new directory under `skills/case-studies/<exploit-name>/`
+2. Add a `SKILL.md` file with frontmatter (`name`, `description`, `category: reference`, `source_url`, `source_license`, `detection_rules`)
+3. Include sections: Overview, Root Cause, Attack Flow, Impact, Key Transactions, Lessons
+4. Add the entry to `skills/INVENTORY.md`
+
+---
+
+## Knowledge Ingestion Contract
+
+All ingested knowledge sources must conform to a standardized metadata contract to ensure traceability, freshness, and compliance:
+
+### Required Metadata Fields
+
+Every knowledge source ingested into Argus must include:
+
+- **`source`** — Human-readable source name (e.g., "Cyfrin", "Trail of Bits", "SCVD")
+- **`url`** — Canonical URL to the source repository or API endpoint
+- **`license`** — SPDX license identifier (e.g., "MIT", "Apache-2.0", "CC0")
+- **`retrievedAt`** — ISO 8601 timestamp of when the knowledge was last fetched
+- **`hash`** — SHA-256 hash of the ingested content for integrity verification
+- **`version`** — Semantic version of the knowledge source (e.g., "1.2.3")
+- **`provenance`** — Trust tier and source verification metadata
+
+### Trust Tiers
+
+Argus classifies knowledge sources into three trust tiers:
+
+- **`bundled`** — Built-in skills and patterns. Highest trust, always available.
+- **`companion`** — Installed separately (e.g., Trail of Bits). Medium trust.
+- **`custom`** — User-provided skills in `customSkillsDir`. Lower trust, validated on load.
+
+### Freshness Policy
+
+Knowledge freshness is monitored automatically:
+
+- **SCVD local index** — Stale if not synced within 7 days. `argus doctor` will warn if stale and suggest running `argus_sync_knowledge`.
+- **Detection rules** — Versioned via `DETECTION_RULE_VERSION` and updated on package release.
+- **Baked-in curated skills** — Updated only on package release; no automatic refresh.
+- **On-demand live sources** — Retrieved per-request; never cached locally.
+
+`argus doctor` reports the staleness of all indexed sources.
+
+### Three Operating Modes
+
+Argus supports three distinct knowledge ingestion patterns:
+
+#### 1. Baked-in Curated
+**Sources:** Cyfrin audit checklists, kadenzipfel vulnerability patterns, DeFiFoFum protocol guides
+
+- Bundled directly with the plugin package
+- Updated only on package release (via npm/bun)
+- No network calls required; instant availability
+- Example: `skills/checklists/cyfrin-defi-core.md`
+
+#### 2. On-Demand Live
+**Sources:** Solodit audit reports, SCVD real-time queries
+
+- Retrieved per-request from external APIs
+- Never cached locally; always fresh
+- Network-dependent; graceful fallback if unavailable
+- Example: `argus_solodit_search` queries Solodit's database on each call
+
+#### 3. Hybrid Indexed
+**Sources:** SCVD local index, Trail of Bits companion skills
+
+- Local index synced periodically via `argus_sync_knowledge`
+- Cached locally in `~/.cache/solidity-argus/scvd-index.json`
+- Refreshed on-demand when `knowledge.autoSync: true`
+- Trail of Bits skills git-cloned on install and updated via companion plugin
+- Example: SCVD findings indexed locally, queried without network latency
+
 ---
 
 ## Configuration
@@ -136,7 +288,8 @@ Create `.opencode/solidity-argus.jsonc` in your project root:
   "knowledge": {
     "scvd": { "enabled": true, "apiUrl": "https://api.scvd.dev" },
     "autoSync": true,
-    "customSkillsDir": "./my-custom-skills"
+    "customSkillsDir": "./my-custom-skills",
+    "skillPrecedence": "bundled-first"
   },
 
   "reporting": {
@@ -160,7 +313,68 @@ Create `.opencode/solidity-argus.jsonc` in your project root:
 
 ---
 
-## New in v2: Modular Architecture
+## Context Delivery Architecture
+
+Argus uses a **three-channel context delivery system** to inject dynamic audit state, methodology, and knowledge into agents at runtime. Each channel serves a distinct purpose:
+
+### Decision Matrix: When to Use Each Channel
+
+| Channel | Mechanism | Use Case | Scope | Mutability |
+|---------|-----------|----------|-------|-----------|
+| **Prompt** | Static agent identity files (`src/agents/*-prompt.ts`) | Methodology, personality, tool instructions, audit framework | Agent-specific | Never changes at runtime |
+| **Hook** | `experimental.chat.system.transform` (agent-gated injection) | Audit progress, findings count, current phase, session state | Per-session | Changes every turn |
+| **Skill-load** | `argus_skill_load` tool (on-demand) | Vulnerability patterns, protocol-specific knowledge, historical exploits | On-demand | Loaded when agent requests |
+
+### Prompt Channel (Static Identity)
+
+Each of the 4 Argus agents has a static prompt file defining its role, methodology, and tool instructions:
+
+- `src/agents/argus-prompt.ts` — Orchestrator methodology (7-step audit framework)
+- `src/agents/sentinel-prompt.ts` — Static analysis & testing instructions
+- `src/agents/pythia-prompt.ts` — Vulnerability research methodology
+- `src/agents/scribe-prompt.ts` — Report generation format and structure
+
+These prompts **never change at runtime** and establish the agent's core identity and decision-making framework.
+
+### Hook Channel (Dynamic State Injection)
+
+The `experimental.chat.system.transform` hook injects dynamic audit state into the system context on every turn. This includes:
+
+- Current audit phase (Reconnaissance, Automated Scanning, etc.)
+- Findings discovered so far (count, severity distribution)
+- Tools executed and their results
+- Session-specific audit state (contract under review, scope, etc.)
+
+**Critical Rule:** This hook is **Argus-family gated**. Only agents in `{argus, sentinel, pythia, scribe}` receive injected context. All other agents receive `undefined` (no injection).
+
+**Session→Agent Mapping Pattern:**
+1. `chat.params` hook captures `(sessionID, agentName)` pairs during each turn
+2. `system.transform` hook looks up the agent by sessionID
+3. If agent is in the Argus family, inject audit state; otherwise, return `undefined`
+
+This prevents context pollution and ensures non-audit agents operate independently.
+
+### Skill-Load Channel (On-Demand Knowledge)
+
+Agents load specialized knowledge on-demand via the `argus_skill_load` tool:
+
+- **Vulnerability Patterns** — 51 SKILL.md files covering reentrancy, oracle manipulation, flash loans, etc.
+- **Protocol Patterns** — 5 files for AMM/DEX, bridges, governance, lending, staking
+- **Methodology** — 3 files for audit workflow, report templates, severity classification
+- **Checklists** — 6 Cyfrin audit checklists
+- **References** — 2 files for exploit index and vulnerable contract examples
+
+This channel is **lazy-loaded** — agents request skills only when needed, reducing context overhead.
+
+### Implementation Notes
+
+- **Dynamic injection:** `system.transform` uses agent-gated dynamic audit state injection via `createSystemPromptHook` (see `src/create-hooks.ts`).
+- **Global transforms forbidden:** No global system context injection unless agent-gated and minimal. Prevents context window overflow.
+- **Audit state persistence:** State is saved to `.opencode/argus-state.json` and restored on session restart (see `Persistent Audit State` section).
+
+---
+
+## Modular Architecture
 
 This release restructures solidity-argus into a modular factory-based architecture with several new infrastructure features:
 
@@ -175,7 +389,10 @@ argus doctor
 # Generate a starter .opencode/solidity-argus.jsonc config
 argus init
 
-# Install optional dependencies (Slither, Foundry)
+# Validate SKILL.md files against schema
+argus lint-skills
+
+# Register solidity-argus in opencode.json (tools installed separately; see Requirements)
 argus install
 ```
 
@@ -194,18 +411,17 @@ Selectively disable any hook via config:
 Config is resolved by merging three layers (last wins):
 
 1. **Defaults** — Built-in sensible defaults
-2. **User-level** — `~/.config/solidity-argus/config.jsonc`
+2. **User-level** — `~/.config/opencode/solidity-argus.jsonc`
 3. **Project-level** — `.opencode/solidity-argus.jsonc`
 
 ### Background Agent Management
 
-Background tasks (knowledge sync, long-running analysis) are tracked with configurable concurrency limits and lifecycle callbacks:
+Background tasks (knowledge sync, long-running analysis) are tracked with configurable concurrency limits:
 
 ```jsonc
 {
   "background": {
-    "max_concurrent": 3,
-    "cleanup_interval_ms": 60000
+    "max_concurrent": 3
   }
 }
 ```

package/package.json

@@ -1,8 +1,19 @@
 {
   "name": "solidity-argus",
-  "version": "0.1.8",
-  "description": "Solidity smart contract security auditing plugin for OpenCode — 4 specialized agents, 8 tools, and a curated vulnerability knowledge base",
-  "keywords": ["solidity", "security", "audit", "opencode", "plugin", "smart-contract", "ethereum", "defi", "slither", "foundry"],
+  "version": "0.3.0",
+  "description": "Solidity smart contract security auditing plugin for OpenCode — 4 specialized agents, 12 tools (11 core + optional Solodit), and a curated vulnerability knowledge base",
+  "keywords": [
+    "solidity",
+    "security",
+    "audit",
+    "opencode",
+    "plugin",
+    "smart-contract",
+    "ethereum",
+    "defi",
+    "slither",
+    "foundry"
+  ],
   "author": "Apegurus",
   "license": "MIT",
   "type": "module",
@@ -17,28 +28,46 @@
     "solidity-argus": "./src/cli/index.ts",
     "argus": "./src/cli/index.ts"
   },
-  "files": ["src/", "!src/**/*.test.ts", "skills/", "README.md", "AGENTS.md", "LICENSE"],
+  "files": [
+    "src/",
+    "!src/**/*.test.ts",
+    "skills/",
+    "README.md",
+    "AGENTS.md",
+    "LICENSE"
+  ],
   "scripts": {
     "test": "bun test",
     "typecheck": "tsc --noEmit",
+    "lint": "biome lint .",
+    "format": "biome format --write .",
+    "format:check": "biome format .",
+    "check": "biome check .",
+    "check:fix": "biome check --write .",
+    "ci": "biome ci .",
     "cli": "bun src/cli/index.ts",
     "doctor": "bun src/cli/index.ts doctor",
     "init": "bun src/cli/index.ts init"
   },
   "dependencies": {
-    "zod": "^4.3.6"
+    "@opencode-ai/plugin": "^1.2.10",
+    "yaml": "^2.8.2",
+    "zod": "^4.1.8"
   },
   "peerDependencies": {
-    "@opencode-ai/plugin": "^1.2.6"
+    "@opencode-ai/sdk": "^1.0.0"
   },
   "devDependencies": {
-    "@opencode-ai/plugin": "^1.2.6",
+    "@biomejs/biome": "^2.4.4",
     "@types/bun": "^1.2.0",
+    "pdf-parse": "^2.4.5",
     "typescript": "^5"
   },
   "repository": {
     "type": "git",
     "url": "https://github.com/Apegurus/solidity-argus"
   },
-  "engines": { "bun": ">=1.0.0" }
+  "engines": {
+    "bun": ">=1.0.0"
+  }
 }

package/skills/INVENTORY.md

@@ -1,79 +1,110 @@
 # Argus Knowledge Base Inventory
 
-Generated: 2026-02-18
-Total SKILL.md files: 55
+Generated: 2026-02-20
+Total SKILL.md files: 82
 
 ## Vulnerability Patterns
 | File | Source(s) | Topic | Word Count |
 |------|-----------|-------|------------|
-| vulnerability-patterns/access-control/SKILL.md | DeFiFoFum, kadenzipfel | Access Control Exploits | 1018 |
-| vulnerability-patterns/arbitrary-storage-location/SKILL.md | kadenzipfel | Write to Arbitrary Storage Location | 309 |
-| vulnerability-patterns/assert-violation/SKILL.md | kadenzipfel | Assert Violation | 356 |
-| vulnerability-patterns/asserting-contract-from-code-size/SKILL.md | kadenzipfel | Asserting Contract from Code Size | 336 |
-| vulnerability-patterns/authorization-txorigin/SKILL.md | kadenzipfel | Authorization Through tx.origin | 266 |
-| vulnerability-patterns/default-visibility/SKILL.md | kadenzipfel | Default Visibility | 298 |
-| vulnerability-patterns/delegatecall-untrusted-callee/SKILL.md | kadenzipfel | Delegatecall to Untrusted Callee | 309 |
-| vulnerability-patterns/dos-gas-limit/SKILL.md | kadenzipfel | DoS with Block Gas Limit | 333 |
-| vulnerability-patterns/dos-revert/SKILL.md | kadenzipfel | DoS with (Unexpected) Revert | 408 |
-| vulnerability-patterns/flash-loan-attacks/SKILL.md | DeFiFoFum, kadenzipfel | Flash Loan Attack Exploits | 1000 |
-| vulnerability-patterns/floating-pragma/SKILL.md | kadenzipfel | Floating Pragma | 279 |
-| vulnerability-patterns/hash-collision/SKILL.md | kadenzipfel | Hash Collision with abi.encodePacked() | 318 |
-| vulnerability-patterns/inadherence-to-standards/SKILL.md | kadenzipfel | Inadherence to Standards | 361 |
-| vulnerability-patterns/incorrect-constructor/SKILL.md | kadenzipfel | Incorrect Constructor Name | 285 |
-| vulnerability-patterns/incorrect-inheritance-order/SKILL.md | kadenzipfel | Incorrect Inheritance Order | 289 |
-| vulnerability-patterns/insufficient-gas-griefing/SKILL.md | kadenzipfel | Insufficient Gas Griefing | 368 |
-| vulnerability-patterns/lack-of-precision/SKILL.md | kadenzipfel | Lack of Precision | 334 |
-| vulnerability-patterns/logic-errors/SKILL.md | DeFiFoFum, kadenzipfel | Logic Bug Exploits | 1192 |
-| vulnerability-patterns/missing-protection-signature-replay/SKILL.md | kadenzipfel | Missing Protection Against Signature Replay | 350 |
-| vulnerability-patterns/msgvalue-loop/SKILL.md | kadenzipfel | msg.value Reuse in Loops | 378 |
-| vulnerability-patterns/off-by-one/SKILL.md | kadenzipfel | Off-By-One Errors | 336 |
-| vulnerability-patterns/oracle-manipulation/SKILL.md | DeFiFoFum, kadenzipfel | Oracle Manipulation Exploits | 985 |
-| vulnerability-patterns/outdated-compiler-version/SKILL.md | kadenzipfel | Outdated Compiler Version | 327 |
-| vulnerability-patterns/overflow-underflow/SKILL.md | kadenzipfel | Integer Overflow and Underflow | 332 |
-| vulnerability-patterns/reentrancy/SKILL.md | DeFiFoFum, kadenzipfel | Reentrancy Exploits | 1034 |
-| vulnerability-patterns/shadowing-state-variables/SKILL.md | kadenzipfel | Shadowing State Variables | 363 |
-| vulnerability-patterns/signature-malleability/SKILL.md | kadenzipfel | Signature Malleability | 320 |
-| vulnerability-patterns/unbounded-return-data/SKILL.md | kadenzipfel | Unbounded Return Data | 359 |
-| vulnerability-patterns/unchecked-return-values/SKILL.md | kadenzipfel | Unchecked Return Values | 281 |
-| vulnerability-patterns/unencrypted-private-data-on-chain/SKILL.md | kadenzipfel | Unencrypted Private Data On-Chain | 330 |
-| vulnerability-patterns/unexpected-ecrecover-null-address/SKILL.md | kadenzipfel | Unexpected ecrecover Null Address | 324 |
-| vulnerability-patterns/uninitialized-storage-pointer/SKILL.md | kadenzipfel | Uninitialized Storage Pointer | 315 |
-| vulnerability-patterns/unsafe-low-level-call/SKILL.md | kadenzipfel | Unsafe Low-Level Call | 328 |
-| vulnerability-patterns/unsecure-signatures/SKILL.md | kadenzipfel | Unsecure Signatures | 441 |
-| vulnerability-patterns/unsupported-opcodes/SKILL.md | kadenzipfel | Unsupported Opcodes on EVM-Compatible Chains | 391 |
-| vulnerability-patterns/unused-variables/SKILL.md | kadenzipfel | Presence of Unused Variables | 333 |
-| vulnerability-patterns/use-of-deprecated-functions/SKILL.md | kadenzipfel | Use of Deprecated Functions | 323 |
-| vulnerability-patterns/weak-sources-randomness/SKILL.md | kadenzipfel | Weak Sources of Randomness from Chain Attributes | 377 |
-| vulnerability-patterns/weird-tokens/SKILL.md | DeFiFoFum | Weird ERC20 Tokens Reference | 852 |
+| vulnerability-patterns/access-control/SKILL.md | DeFiFoFum, kadenzipfel | Access Control Exploits | 1164 |
+| vulnerability-patterns/arbitrary-storage-location/SKILL.md | kadenzipfel | Write to Arbitrary Storage Location | 334 |
+| vulnerability-patterns/assert-violation/SKILL.md | kadenzipfel | Assert Violation | 369 |
+| vulnerability-patterns/asserting-contract-from-code-size/SKILL.md | kadenzipfel | Asserting Contract from Code Size | 367 |
+| vulnerability-patterns/authorization-txorigin/SKILL.md | kadenzipfel | Authorization Through tx.origin | 295 |
+| vulnerability-patterns/cross-chain-bridge-vulnerabilities/SKILL.md | Argus | Cross-Chain Bridge Vulnerabilities | 1195 |
+| vulnerability-patterns/default-visibility/SKILL.md | kadenzipfel | Default Visibility | 331 |
+| vulnerability-patterns/delegatecall-untrusted-callee/SKILL.md | kadenzipfel | Delegatecall to Untrusted Callee | 356 |
+| vulnerability-patterns/dos-gas-limit/SKILL.md | kadenzipfel | DoS with Block Gas Limit | 355 |
+| vulnerability-patterns/dos-revert/SKILL.md | kadenzipfel | DoS with (Unexpected) Revert | 481 |
+| vulnerability-patterns/erc4626-exchange-rate-manipulation/SKILL.md | BailSec | ERC4626 Exchange Rate Manipulation | 381 |
+| vulnerability-patterns/fee-on-transfer-tokens/SKILL.md | BailSec | Fee-on-Transfer Token Incompatibility | 540 |
+| vulnerability-patterns/flash-loan-attacks/SKILL.md | DeFiFoFum, kadenzipfel | Flash Loan Attack Exploits | 1116 |
+| vulnerability-patterns/floating-pragma/SKILL.md | kadenzipfel | Floating Pragma | 301 |
+| vulnerability-patterns/front-running-attacks/SKILL.md | Argus | Front-Running and MEV Vulnerabilities | 1147 |
+| vulnerability-patterns/gas-optimization-patterns/SKILL.md | Argus | Gas Optimization Vulnerability Patterns | 1219 |
+| vulnerability-patterns/governance-attacks/SKILL.md | Argus | Governance Attack Vulnerabilities | 1321 |
+| vulnerability-patterns/hash-collision/SKILL.md | kadenzipfel | Hash Collision with abi.encodePacked() | 326 |
+| vulnerability-patterns/inadherence-to-standards/SKILL.md | kadenzipfel | Inadherence to Standards | 369 |
+| vulnerability-patterns/incorrect-constructor/SKILL.md | kadenzipfel | Incorrect Constructor Name | 320 |
+| vulnerability-patterns/incorrect-inheritance-order/SKILL.md | kadenzipfel | Incorrect Inheritance Order | 325 |
+| vulnerability-patterns/insufficient-gas-griefing/SKILL.md | kadenzipfel | Insufficient Gas Griefing | 392 |
+| vulnerability-patterns/lack-of-precision/SKILL.md | kadenzipfel | Lack of Precision | 395 |
+| vulnerability-patterns/logic-errors/SKILL.md | DeFiFoFum, kadenzipfel | Logic Bug Exploits | 1336 |
+| vulnerability-patterns/missing-parameter-bounds/SKILL.md | BailSec | Missing Parameter Bounds | 407 |
+| vulnerability-patterns/missing-protection-signature-replay/SKILL.md | kadenzipfel | Missing Protection Against Signature Replay | 362 |
+| vulnerability-patterns/msgvalue-loop/SKILL.md | kadenzipfel | msg.value Reuse in Loops | 413 |
+| vulnerability-patterns/off-by-one/SKILL.md | kadenzipfel | Off-By-One Errors | 398 |
+| vulnerability-patterns/oracle-manipulation/SKILL.md | DeFiFoFum, kadenzipfel | Oracle Manipulation Exploits | 1126 |
+| vulnerability-patterns/outdated-compiler-version/SKILL.md | kadenzipfel | Outdated Compiler Version | 342 |
+| vulnerability-patterns/overflow-underflow/SKILL.md | kadenzipfel | Integer Overflow and Underflow | 385 |
+| vulnerability-patterns/proxy-vulnerabilities/SKILL.md | Argus | Proxy Pattern Vulnerabilities | 1063 |
+| vulnerability-patterns/reentrancy/SKILL.md | DeFiFoFum, kadenzipfel | Reentrancy Exploits | 1160 |
+| vulnerability-patterns/shadowing-state-variables/SKILL.md | kadenzipfel | Shadowing State Variables | 404 |
+| vulnerability-patterns/share-accounting-desynchronization/SKILL.md | BailSec | Share Accounting Desynchronization | 390 |
+| vulnerability-patterns/signature-malleability/SKILL.md | kadenzipfel | Signature Malleability | 370 |
+| vulnerability-patterns/stateful-parameter-update-drift/SKILL.md | BailSec | Stateful Parameter Update Drift | 388 |
+| vulnerability-patterns/unbounded-return-data/SKILL.md | kadenzipfel | Unbounded Return Data | 389 |
+| vulnerability-patterns/unchecked-return-values/SKILL.md | kadenzipfel | Unchecked Return Values | 331 |
+| vulnerability-patterns/unencrypted-private-data-on-chain/SKILL.md | kadenzipfel | Unencrypted Private Data On-Chain | 360 |
+| vulnerability-patterns/unexpected-ecrecover-null-address/SKILL.md | kadenzipfel | Unexpected ecrecover Null Address | 339 |
+| vulnerability-patterns/uninitialized-storage-pointer/SKILL.md | kadenzipfel | Uninitialized Storage Pointer | 337 |
+| vulnerability-patterns/unsafe-erc20-transfers/SKILL.md | BailSec | Unsafe ERC20 Transfer and Approve Calls | 620 |
+| vulnerability-patterns/unsafe-low-level-call/SKILL.md | kadenzipfel | Unsafe Low-Level Call | 347 |
+| vulnerability-patterns/unsecure-signatures/SKILL.md | kadenzipfel | Unsecure Signatures | 459 |
+| vulnerability-patterns/unsupported-opcodes/SKILL.md | kadenzipfel | Unsupported Opcodes on EVM-Compatible Chains | 432 |
+| vulnerability-patterns/unused-variables/SKILL.md | kadenzipfel | Presence of Unused Variables | 388 |
+| vulnerability-patterns/use-of-deprecated-functions/SKILL.md | kadenzipfel | Use of Deprecated Functions | 385 |
+| vulnerability-patterns/weak-sources-randomness/SKILL.md | kadenzipfel | Weak Sources of Randomness from Chain Attributes | 398 |
+| vulnerability-patterns/weird-tokens/SKILL.md | DeFiFoFum | Weird ERC20 Tokens Reference | 1013 |
+| vulnerability-patterns/zero-address-misconfiguration/SKILL.md | BailSec | Zero Address Misconfiguration | 426 |
 
 ## Methodology
 | File | Source(s) | Topic | Word Count |
 |------|-----------|-------|------------|
-| methodology/audit-workflow/SKILL.md | DeFiFoFum | audit-workflow | 382 |
-| methodology/report-template/SKILL.md | DeFiFoFum | Audit Report Template | 481 |
-| methodology/severity-classification/SKILL.md | DeFiFoFum | Severity Classification Guide | 465 |
+| methodology/audit-workflow/SKILL.md | DeFiFoFum | Audit Workflow | 523 |
+| methodology/report-template/SKILL.md | DeFiFoFum | Audit Report Template | 585 |
+| methodology/severity-classification/SKILL.md | DeFiFoFum | Severity Classification Guide | 603 |
 
 ## Protocol Patterns
 | File | Source(s) | Topic | Word Count |
 |------|-----------|-------|------------|
-| protocol-patterns/amm-dex/SKILL.md | DeFiFoFum | AMM (Automated Market Maker) Security Guide | 597 |
-| protocol-patterns/bridges-cross-chain/SKILL.md | DeFiFoFum | Cross-Chain Bridge Security Guide | 851 |
-| protocol-patterns/dao-governance/SKILL.md | DeFiFoFum | Governance Protocol Security Guide | 827 |
-| protocol-patterns/lending-borrowing/SKILL.md | DeFiFoFum | Lending Protocol Security Guide | 663 |
-| protocol-patterns/staking-vesting/SKILL.md | DeFiFoFum | Staking Protocol Security Guide | 698 |
+| protocol-patterns/amm-dex/SKILL.md | DeFiFoFum | AMM (Automated Market Maker) Security Guide | 852 |
+| protocol-patterns/bridges-cross-chain/SKILL.md | DeFiFoFum | Cross-Chain Bridge Security Guide | 1083 |
+| protocol-patterns/dao-governance/SKILL.md | DeFiFoFum | Governance Protocol Security Guide | 1024 |
+| protocol-patterns/lending-borrowing/SKILL.md | DeFiFoFum | Lending Protocol Security Guide | 871 |
+| protocol-patterns/staking-vesting/SKILL.md | DeFiFoFum | Staking Protocol Security Guide | 895 |
 
 ## Checklists
 | File | Source(s) | Topic | Word Count |
 |------|-----------|-------|------------|
-| checklists/cyfrin-best-practices-runtime/SKILL.md | Cyfrin | Cyfrin Audit Checklist — Best Practices (Runtime & Cross-chain) | 4766 |
-| checklists/cyfrin-best-practices-upgrades/SKILL.md | Cyfrin | Cyfrin Audit Checklist — Best Practices (Upgrades & Versioning) | 2269 |
-| checklists/cyfrin-defi-core/SKILL.md | Cyfrin | Cyfrin Audit Checklist — DeFi Security (Core) | 4555 |
-| checklists/cyfrin-defi-integrations/SKILL.md | Cyfrin | Cyfrin Audit Checklist — DeFi Security (Integrations & Tokens) | 4632 |
-| checklists/cyfrin-gas/SKILL.md | Cyfrin | Cyfrin Audit Checklist — Gas Optimization | 443 |
-| checklists/general-audit/SKILL.md | DeFiFoFum, Cyfrin | Solidity Audit Checklist | 2341 |
+| checklists/cyfrin-best-practices-runtime/SKILL.md | Cyfrin | Cyfrin Audit Checklist — Best Practices (Runtime & Cross-chain) | 4303 |
+| checklists/cyfrin-best-practices-upgrades/SKILL.md | Cyfrin | Cyfrin Audit Checklist — Best Practices (Upgrades & Versioning) | 2053 |
+| checklists/cyfrin-defi-core/SKILL.md | Cyfrin | Cyfrin Audit Checklist — DeFi Security (Core) | 4222 |
+| checklists/cyfrin-defi-integrations/SKILL.md | Cyfrin | Cyfrin Audit Checklist — DeFi Security (Integrations & Tokens) | 4290 |
+| checklists/cyfrin-gas/SKILL.md | Cyfrin | Cyfrin Audit Checklist — Gas Optimization | 342 |
+| checklists/general-audit/SKILL.md | DeFiFoFum, Cyfrin | Solidity Audit Checklist | 2878 |
 
 ## References
 | File | Source(s) | Topic | Word Count |
 |------|-----------|-------|------------|
-| references/exploit-reference/SKILL.md | SunWeb3Sec | DeFi Exploit Reference Index | 1133 |
-| references/smartbugs-examples/SKILL.md | smartbugs | SmartBugs Curated Dataset — Vulnerable Contract Examples | 3386 |
+| references/exploit-reference/SKILL.md | SunWeb3Sec | DeFi Exploit Reference Index | 1125 |
+| references/smartbugs-examples/SKILL.md | smartbugs | SmartBugs Curated Dataset — Vulnerable Contract Examples | 1677 |
+
+## Case Studies
+| File | Source(s) | Topic | Word Count |
+|------|-----------|-------|------------|
+| case-studies/beanstalk-governance/SKILL.md | DeFiFoFum | Beanstalk Governance Attack Case Study | 420 |
+| case-studies/bzx-flash-loan/SKILL.md | DeFiFoFum | bZx Flash Loan Attack Case Study | 370 |
+| case-studies/cream-finance/SKILL.md | DeFiFoFum | Cream Finance Attack Case Study | 420 |
+| case-studies/curve-reentrancy/SKILL.md | DeFiFoFum | Curve Reentrancy Attack Case Study | 395 |
+| case-studies/dao-hack/SKILL.md | DeFiFoFum | The DAO Hack Case Study | 350 |
+| case-studies/euler-finance/SKILL.md | DeFiFoFum | Euler Finance Attack Case Study | 419 |
+| case-studies/harvest-finance/SKILL.md | DeFiFoFum | Harvest Finance Attack Case Study | 405 |
+| case-studies/level-finance/SKILL.md | DeFiFoFum | Level Finance Attack Case Study | 371 |
+| case-studies/mango-markets/SKILL.md | DeFiFoFum | Mango Markets Attack Case Study | 422 |
+| case-studies/nomad-bridge/SKILL.md | DeFiFoFum | Nomad Bridge Attack Case Study | 429 |
+| case-studies/parity-multisig/SKILL.md | DeFiFoFum | Parity Multisig Wallet Attack Case Study | 395 |
+| case-studies/poly-network/SKILL.md | DeFiFoFum | Poly Network Attack Case Study | 395 |
+| case-studies/rari-fuse/SKILL.md | DeFiFoFum | Rari Fuse Attack Case Study | 391 |
+| case-studies/ronin-bridge/SKILL.md | DeFiFoFum | Ronin Bridge Attack Case Study | 384 |
+| case-studies/wormhole-bridge/SKILL.md | DeFiFoFum | Wormhole Bridge Attack Case Study | 337 |