How does Weasel avoid reporting intentional design choices as bugs?

The skill explicitly checks README.md, known-issues.md, and internal documentation to identify trust assumptions and documented limitations before providing a verdict.

What kind of verdict does the validation provide?

Each validation concludes with a verdict of CONFIRMED, PARTIAL, NOT EXPLOITABLE, KNOWN ISSUE, or BY DESIGN, accompanied by a detailed reasoning and code evidence.

Does this skill only work for Solidity smart contracts?

Yes, Weasel is specifically designed as a static analyzer and validator for Solidity codebases.

What types of vulnerabilities can it validate?

It is optimized to validate common and complex vectors including reentrancy, access control flaws, flash loan price manipulation, and front-running risks.

Can this skill generate a Proof of Concept (PoC) for a bug?

Once an attack is confirmed via weasel-validate, it can trigger the weasel-poc skill to help you draft a functional proof of exploit.

Weasel Smart Contract Attack Validator

Name: Weasel Smart Contract Attack Validator
Author: slvDev

byslvDev

•

보안 및 테스팅

Validates user-proposed security vulnerabilities and attack vectors in Solidity smart contracts through rigorous trace analysis.

소개

This specialized skill empowers security researchers and smart contract developers to rigorously test their vulnerability hypotheses. By integrating with the Weasel static analyzer, it moves beyond simple code scanning to perform deep logical validation of potential exploits like reentrancy, access control bypasses, and flash loan attacks. The skill intelligently cross-references project documentation, READMEs, and known issue logs to ensure findings are actionable and non-redundant, providing a clear verdict on exploitability supported by step-by-step logic traces.

주요 기능

Analyzes complex patterns including reentrancy, access control, and MEV risks
Verifies environmental preconditions and state requirements for exploitability
10 GitHub stars
Step-by-step attack path tracing and logical verification
Provides standardized verdicts with evidence-backed code references
Cross-references READMEs and known-issue logs to eliminate false positives

사용 사례

Confirming if a suspected reentrancy point is actually exploitable given existing guards
Performing deep-dive analysis on access control bypasses during a protocol security audit
Validating whether a potential vulnerability is an intentional design choice or a known issue

소개

주요 기능

Analyzes complex patterns including reentrancy, access control, and MEV risks
Verifies environmental preconditions and state requirements for exploitability
10 GitHub stars
Step-by-step attack path tracing and logical verification
Provides standardized verdicts with evidence-backed code references
Cross-references READMEs and known-issue logs to eliminate false positives

사용 사례

Confirming if a suspected reentrancy point is actually exploitable given existing guards
Performing deep-dive analysis on access control bypasses during a protocol security audit
Validating whether a potential vulnerability is an intentional design choice or a known issue