Does this skill detect vulnerabilities directly?

No, this skill is designed to map the attack surface by identifying entry points and access levels; specialized skills like 'audit-context-building' should be used for specific vulnerability detection.

Which smart contract languages are supported?

It supports a wide range of languages including Solidity (.sol), Vyper (.vy), Solana (Rust), Move (Aptos/Sui), TON (FunC/Tact), and CosmWasm.

Why are view and pure functions excluded from the analysis?

The skill focuses on state-changing functions because they represent the primary attack surface where state corruption or loss of funds can occur. Read-only functions cannot directly cause these issues.

How does it handle Solidity access control?

It checks for common patterns like onlyOwner, roles, and custom require statements. If Slither is installed, it uses Slither's printer for high-accuracy visibility and modifier detection.

Entry Point Analyzer

Name: Entry Point Analyzer
Author: trailofbits

bytrailofbits

•

939

安全与测试

Identifies and categorizes state-changing entry points in smart contract codebases to streamline security audits and map attack surfaces.

关于

This skill automates the discovery of externally callable functions that modify state across various smart contract languages including Solidity, Vyper, and Rust. By filtering out read-only functions and classifying access levels—such as public, role-restricted, or contract-only—it helps security researchers and developers quickly visualize privileged operations and potential entry points for vulnerabilities. It integrates seamlessly with Slither for Solidity analysis while providing a structured markdown report that maps out the entire state-modifying landscape of a project, ensuring auditors focus on the most critical code paths.

主要功能

Seamless integration with Slither to enhance Solidity audit workflows with automated printing
Automatic classification of functions into public, role-restricted, and contract-only access levels
Smart filtering to exclude read-only (view/pure) functions and focus on state-modifying logic
939 GitHub stars
Multi-language support for Solidity, Vyper, Solana, Move, TON, and CosmWasm
Structured markdown report generation with detailed function locations and detected access patterns

使用场景

Mapping the attack surface at the start of a comprehensive smart contract security audit
Identifying privileged operations and emergency pause functions during a protocol review
Verifying access control implementations across complex codebases with multiple administrative roles

关于

主要功能

Seamless integration with Slither to enhance Solidity audit workflows with automated printing
Automatic classification of functions into public, role-restricted, and contract-only access levels
Smart filtering to exclude read-only (view/pure) functions and focus on state-modifying logic
939 GitHub stars
Multi-language support for Solidity, Vyper, Solana, Move, TON, and CosmWasm
Structured markdown report generation with detailed function locations and detected access patterns

使用场景

Mapping the attack surface at the start of a comprehensive smart contract security audit
Identifying privileged operations and emergency pause functions during a protocol review
Verifying access control implementations across complex codebases with multiple administrative roles