Analyze smart contracts, token mechanics, permissions, fee flows, upgradeability, market risks, and likely attack surfaces for onchain projects. Use when reviewing ERC-20s, launchpads, vaults, staking systems, LP fee routing, ownership controls, proxy setups, or suspicious token behavior.
Use this skill when the task is to assess a token, protocol, launch module, vault, staking system, router, or related onchain project from a security, permissions, tokenomics, or behavior perspective.
Produce a practical analysis that answers:
First determine which of these the request actually targets:
If the scope is unclear, infer it from the files, addresses, ABI names, deployment scripts, or docs.
Before judging risk, build a compact model of the system:
Prefer a short system map over long prose.
Always verify:
owner, admin, governor, operator, manager, signerCall out who can do what, and whether those powers are bounded or dangerous.
For ERC-20 and tokenized systems, verify:
If the token claims to be standard, confirm whether behavior actually matches that claim.
Trace where user funds or protocol fees go:
Do not just name recipients. Explain whether they are:
If proxies or modules exist, verify:
If not upgradeable, still check whether behavior can change through configurable modules.
Look for:
When risk depends on business assumptions, state that explicitly.
When the target is a token or launch flow, explicitly assess:
Do not overclaim. Distinguish:
Default to this structure:
One short paragraph stating what the system is and the top conclusion.
List issues in severity order:
State:
Explain:
List anything blocked by missing source, missing ABI, missing deployment info, or offchain dependencies.
Be precise:
Always distinguish:
If the task depends on live state, verify with current chain or explorer data instead of assuming from source alone.