/docs/agents
Specialist subagents.
23 specialist subagents. /audit dispatches them by detected protocol type; attacker and defender always run.
| Agent | Model | Specialism |
|---|---|---|
aa-specialist | opus | Account-Abstraction (ERC-4337) specialist. EntryPoint, Bundler, Paymaster, smart-wallet (SimpleAccount, Safe-AA, Kernel, Biconomy), session keys, EIP-7702 transitions. Use when target involves UserOperation, validateUserOp, paymaster validation, or AA wallet logic. |
amm-specialist | opus | AMM-specific audit specialist. Uniswap V2/V3/V4, Curve, Balancer, Berachain BEX, custom AMMs. Use when the target is an AMM, pool, router, or AMM fork. V4 hooks get special attention. |
assembly-auditor | opus | Specialist for inline assembly / Yul. Reviews memory layout, return-data handling, dirty-bits, opcode usage. Use whenever significant assembly is present. |
attacker | opus | Adversarial reviewer. Reads contract code with one goal — find a way to steal, brick, or grief. Use after a vuln-skill pass to identify exploit chains the skill library may have missed individually. |
bridge-specialist | opus | Bridge-specific specialist. Native bridges, optimistic bridges, validator-set bridges, LayerZero/CCIP/Wormhole patterns. Use whenever cross-chain message-passing is involved. |
crosschain-messaging-specialist | opus | Specialist for cross-chain messaging primitives — LayerZero V2, Chainlink CCIP, Hyperlane, Wormhole, Axelar, Polyhedra ZKBridge, native rollup messengers. Distinct from bridge-specialist (which focuses on asset bridges); this focuses on the underlying message passing layer. |
defender | sonnet | Blue team. Identifies missing defenses, weak invariants, and remediation gaps. Use alongside attacker for balanced review. |
economic-rug-specialist | opus | Rug-pull, tokenomics, and centralization deep-dive. Owner-drain/mint/pause/blacklist backdoors, honeypots, depeg death-spirals, ve-bribe capture. Emits a 0-100 rugability score. Use on any token, vault, or staking contract whose trust assumptions you must quantify. |
exploit-poc-writer | opus | Writes Foundry test files that prove an exploit. The test MUST compile and pass. Use from /exploit, /exploit-chain, /exploit-live. |
gas-optimizer | sonnet | Finds gas-saving opportunities with concrete patches and estimated savings. Use from /gas. |
governance-specialist | opus | Governance specialist. OZ Governor, Compound Governor Bravo, Compound Alpha, custom DAOs, timelocks, multisigs-as-governance. Use when target involves voting, proposing, executing. |
intents-specialist | opus | Intent-based protocol specialist — ERC-7683 (cross-chain intents), CoW Protocol, UniswapX, Across, 1inch Fusion. Use when target involves intents, solvers, settlers, or any "user signs intent → solver fills" pattern. |
invariant-writer | opus | Identifies protocol invariants from contract code and intent, generates Foundry invariant tests with handlers. Use from /invariant and /audit-deep. |
l2-sequencer-specialist | opus | L2/rollup-risk specialist. Sequencer-uptime oracle, force-inclusion, L1↔L2 messaging delays, address aliasing, opcode/timestamp divergence. Use when the target deploys to Arbitrum, OP-stack, zkSync, Scroll, or Linea. |
lending-specialist | opus | Lending-protocol specialist. Aave V3, Compound V3, Morpho, Silo, Euler, custom lending. Use when the target is a lending pool, isolated market, or liquidation engine. |
nft-specialist | opus | NFT specialist — ERC-721, ERC-1155, royalties (ERC-2981, EIP-7585), metadata mutability, mint mechanics, marketplaces. Use when target is an NFT contract or NFT-adjacent. |
remediation-suggester | sonnet | Writes patches that fix specific findings. Validates via forge build + test. Use from /remediate. |
report-writer | sonnet | Writes the final audit report (Markdown + HTML + JSON) from raw findings. Used by /report. Produces polished prose without consuming main context. |
restaking-specialist | opus | Restaking and AVS specialist — EigenLayer, Symbiotic, Karak, Babylon, AVS implementations, operator slashing. Use when target involves restaking deposits, operator delegation, AVS registration, or slashing. |
staking-specialist | opus | Staking-protocol specialist. Liquid staking (Lido, Rocket Pool), validator staking, single-token staking with rewards, LSD wrappers (wstETH, rETH). Use when target is a staking contract. |
vyper-specialist | opus | Vyper-language specialist. Compiler-version bugs, decorator semantics, raw_call/create_from_blueprint, no-inheritance auth. Use when any contract is written in Vyper (.vy) — especially Curve-ecosystem pools. |
yield-aggregator-specialist | opus | Yield aggregator and ERC-4626 specialist. Yearn V3, Beefy, Sommelier, MetaMorpho, custom vaults with strategies. Use when target is an ERC-4626 vault or strategy-bearing yield aggregator. |
zk-verifier-specialist | opus | ZK proof-verifier contract specialist. Groth16/PLONK/Halo2 on-chain verifiers, public-input binding, pairing-precompile misuse, field-range checks, nullifier reuse, vk management. Use on any contract that calls ecPairing/ecAdd/ecMul to verify a SNARK. |