Agent-Skills.md

Agent Skills: EVM/Bytecode Analysis Skill

Deep EVM bytecode analysis and decompilation capabilities for smart contract security, gas optimization, and reverse engineering. Provides tools for analyzing opcodes, storage layouts, proxy patterns, and bytecode verification.

UncategorizedID: a5c-ai/babysitter/evm-analysis

Repository

a5c-ai/babysitter
a5c-aiLicense: MIT
244

Install this agent skill to your local

pnpm dlx add-skill https://github.com/a5c-ai/babysitter/tree/HEAD/plugins/babysitter/skills/babysit/process/specializations/cryptography-blockchain/skills/evm-analysis

Skill Files

Browse the full folder contents for evm-analysis.

Download Skill

Loading file tree…

plugins/babysitter/skills/babysit/process/specializations/cryptography-blockchain/skills/evm-analysis/SKILL.md

Skill Metadata

Name
evm-analysis
Description
Deep EVM bytecode analysis and decompilation capabilities for smart contract security, gas optimization, and reverse engineering. Provides tools for analyzing opcodes, storage layouts, proxy patterns, and bytecode verification.

EVM/Bytecode Analysis Skill

Expert-level EVM bytecode analysis and decompilation for smart contract security audits, gas optimization, and reverse engineering.

Capabilities

  • Bytecode Analysis: Analyze EVM bytecode and opcodes
  • Gas Cost Calculation: Calculate gas costs per operation
  • Storage Layout Identification: Identify storage slot layouts and packing
  • Decompilation: Decompile bytecode to pseudo-Solidity
  • Proxy Analysis: Analyze proxy implementation slots (EIP-1967)
  • Pattern Detection: Detect bytecode patterns (CREATE2, selfdestruct)
  • Bytecode Verification: Verify contract bytecode against source

MCP Server Integration

This skill can leverage the following MCP servers:

| Server | Purpose | Install | |--------|---------|---------| | EVM MCP Tools | Smart contract auditing, security analysis | 0xGval/evm-mcp-tools | | Solidity Contract Analyzer | Contract code analysis with metadata | Skywork |

Opcode Reference

Common EVM opcodes and gas costs:

| Category | Opcodes | Base Gas | |----------|---------|----------| | Arithmetic | ADD, SUB, MUL, DIV | 3-5 | | Comparison | LT, GT, EQ, ISZERO | 3 | | Bitwise | AND, OR, XOR, NOT, SHL, SHR | 3 | | Memory | MLOAD, MSTORE | 3 + memory expansion | | Storage | SLOAD | 100 (warm) / 2100 (cold) | | Storage | SSTORE | 100-20000 (varies) | | Control | JUMP, JUMPI | 8-10 | | Call | CALL, DELEGATECALL, STATICCALL | 100 + memory + value |

Storage Layout Analysis

Standard Slot Patterns

// Basic types (slot 0, 1, 2...)
uint256 public a;     // slot 0
uint256 public b;     // slot 1

// Packed storage
uint128 public c;     // slot 2, bytes 0-15
uint128 public d;     // slot 2, bytes 16-31

// Mappings: keccak256(key . slot)
mapping(address => uint256) public balances;  // slot 3
// balances[addr] at keccak256(addr . 3)

// Dynamic arrays: length at slot, data at keccak256(slot)
uint256[] public arr; // length at slot 4, arr[i] at keccak256(4) + i

EIP-1967 Proxy Slots

Implementation: 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc
Admin:          0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103
Beacon:         0xa3f0ad74e5423aebfd80d3ef4346578335a9a72aeaee59ff6cb3582b35133d50

Bytecode Patterns

Contract Creation

PUSH1 0x80          // Free memory pointer
PUSH1 0x40
MSTORE
...
CODECOPY            // Copy runtime code
RETURN              // Return runtime code

Selector Dispatch

PUSH4 <selector>    // 4-byte function selector
EQ                  // Compare with calldata[0:4]
PUSH2 <offset>      // Jump destination
JUMPI               // Jump if match

Common Vulnerability Patterns

// Reentrancy indicator: CALL before SSTORE
CALL
...
SSTORE

// Unchecked return: CALL without ISZERO check
CALL
// Missing: ISZERO, JUMPI for error handling

// Self-destruct (deprecated but detectable)
SELFDESTRUCT

Workflow

1. Fetch Contract Bytecode

# Using cast (Foundry)
cast code <address> --rpc-url <rpc>

# Using curl
curl -X POST <rpc> \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","method":"eth_getCode","params":["<address>","latest"],"id":1}'

2. Analyze Opcodes

# Disassemble with cast
cast disassemble <bytecode>

# Or use online tools
# - evm.codes/playground
# - ethervm.io/decompile

3. Storage Slot Analysis

# Read specific storage slot
cast storage <address> <slot> --rpc-url <rpc>

# Read EIP-1967 implementation slot
cast storage <address> 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc --rpc-url <rpc>

4. Bytecode Comparison

# Get deployed bytecode
cast code <address> --rpc-url <rpc> > deployed.bin

# Compile source and compare
forge build
diff deployed.bin out/Contract.sol/Contract.bin

Process Integration

This skill integrates with the following processes:

  • gas-optimization.js - Identify gas-heavy opcodes
  • smart-contract-security-audit.js - Bytecode-level vulnerability detection
  • smart-contract-upgrade.js - Proxy slot verification
  • formal-verification.js - Bytecode correctness verification

Tools Reference

| Tool | Purpose | URL | |------|---------|-----| | Foundry Cast | CLI bytecode interaction | foundry-rs/foundry | | evm.codes | Opcode reference | evm.codes | | Dedaub | Decompiler | dedaub.com | | Heimdall | Advanced decompiler | heimdall-rs | | panoramix | Python decompiler | eveem.org |

Example Analysis

// Analyze proxy contract
const analysis = {
  type: 'proxy',
  pattern: 'EIP-1967 Transparent',
  implementation: '0x...',
  admin: '0x...',

  // Storage layout
  storageSlots: {
    0: { name: '_initialized', type: 'uint8' },
    1: { name: '_initializing', type: 'bool' },
    // ...
  },

  // Function selectors
  selectors: {
    '0xa9059cbb': 'transfer(address,uint256)',
    '0x23b872dd': 'transferFrom(address,address,uint256)',
    // ...
  },

  // Gas hotspots
  gasHotspots: [
    { offset: 0x1a4, opcode: 'SSTORE', context: 'balance update' },
    { offset: 0x2f0, opcode: 'CALL', context: 'external call' }
  ]
};

See Also

  • skills/gas-optimization/SKILL.md - Gas optimization techniques
  • agents/solidity-auditor/AGENT.md - Security audit agent
  • references.md - External resources