Access Control
Check privileged functions, role boundaries, ownership transfer, emergency functions, and admin events.
Solidity Pre-Audit Checklist
A practical checklist for smart contract teams before formal audit or public deployment.
External Calls
Review state update order, reentrancy risk, low-level calls, trusted addresses, and checked return values.
Accounting
Test first-deposit paths, rounding direction, fee bounds, empty pools, and balance invariants.
Oracles
Validate stale price checks, decimal normalization, zero-price rejection, and manipulation assumptions.
Upgradeability
Review initializers, storage layout, implementation locking, upgrade authority, and migration notes.
Testing
Include happy path, revert, boundary, fuzz, invariant, and fork tests where relevant.
Full kit
Download templates and prompts
The ZIP includes the checklist, risk register, finding template, PR template, and AI review prompts.