ERC4626 Vault Patterns

What it does

This skill codifies practical patterns and mitigations for auditing ERC4626-compliant tokenized vaults. It explains core share/asset conversion formulas, common vulnerabilities (first-depositor inflation, donation attacks, rounding mistakes), and offers concrete Solidity snippets for mitigations such as virtual shares/assets, burning dead shares on first deposit, and minimum deposit guards. The skill also includes an audit checklist to validate vault correctness and edge-case handling.

When to use it

Use during security reviews, audits, or automated analysis phases focused on ERC4626 vault implementations. It's intended for security auditors, smart-contract engineers, and AI auditor agents (defi-auditor) that need deterministic rules and code patterns to detect and remediate vault accounting and rounding issues.

What's included

• Scripts: Example Solidity snippets illustrating vulnerable patterns and fixes (rounding functions, deposit flow, totalAssets tracking).
• References: Inlined explanations and checklists for severity classification and audit steps.
• Instructions: Guidance on which conversions should round up/down, first depositor defenses, and how to account for external yield sources.

Compatible agents

Best used with security/audit-focused agents and developer assistants that understand Solidity and can reason about smart-contract accounting and attack surfaces.