cairo-security

Security patterns and common vulnerabilities for Cairo smart contracts on Starknet. Sourced from 50+ public audit reports including Nethermind, ConsenSys Diligence, Code4rena, ChainSecurity, Cairo Security Clan, Zellic, and Nethermind AuditAgent, plus the Cairo Book security chapter, Crytic's Not So Smart Contracts, Oxor.io Cairo Security Flaws, and FuzzingLabs Top 4 Vulnerabilities.

Versions: This skill targets Cairo 2.12.4 (latest stable tagged on GitHub; v2.15.0 exists but 2.12.4 carries the "Latest" tag), Scarb 2.15.1, Starknet Foundry 0.56.0, OpenZeppelin Contracts for Cairo 3.0.0 (v4.0.0-alpha.0 is pre-release, uses Scarb 2.15.1 / snforge 0.55.0), and Starknet v0.14.1 (mainnet Dec 2025). All code examples and import paths are verified against these versions.

Cairo Editions: Cairo v2.15.0 introduced edition 202512, which changes snapshot/member access syntax (e.g., (@a).b returns desnapped value). If your Scarb.toml specifies this edition, test code that accesses struct members through snapshots — the number of @ levels needed may differ from pre-202512 behavior.