Skip to main content

Claude/ChatGPT Prompt to Run a Smart Contract Pre-Deploy Security Checklist

Prioritised Solidity pre-deploy security checklist: reentrancy, access control, oracle and upgrade risks, plus audit readiness.

Fill in the placeholders

Edit the values, then copy your finished prompt.

Your Prompt
prompt.txt

                                

What this prompt does

This prompt turns the AI into a senior smart-contract security reviewer and asks for a prioritised pre-deploy checklist tied to your specific contract — not generic boilerplate. Every item must map to a concrete check or test that proves it, which is what makes the output usable as a deployment gate rather than a reading exercise. It covers the categories that actually drain funds: reentrancy, integer overflow/underflow, unchecked external calls, access control, economic and oracle risks, and upgradeability pitfalls.

The placeholders focus the review. [contract] describes the system under review so the model references real functions instead of abstractions, [chain_version] sets the chain and Solidity version (which affects overflow behaviour and tooling), and [criticality] — for example "holds user deposits, high criticality" — calibrates how aggressive the Critical/High/Medium prioritisation should be. The more you tell it about value at risk, the better it ranks what to fix first.

When to use it

  • You're running a final gate before a mainnet deploy and want a prioritised, testable checklist.
  • You use proxies and need a careful review of storage collisions, pausing, and timelocks.
  • You want each finding tied to a one-line check or test rather than vague warnings.
  • You're preparing a contract to hand to an external auditor and need to know your coverage gaps.
  • You're worried about economic risks like front-running, MEV, or oracle manipulation.
  • You need a list of invariants to fuzz before deploy.

Example output

You get a prioritised checklist grouped Critical / High / Medium, where each item carries a one-line check or test that proves it. Sections cover reentrancy and arithmetic safety, access-control and privileged-function exposure, economic and oracle risks (front-running, MEV, slippage), upgradeability and lifecycle (proxy storage collisions, emergency stop, timelocks), observability (events and post-deploy monitoring), and audit readiness (coverage gaps and invariants to fuzz). Because items reference [contract], the checklist reads as a review of your system rather than a generic security article.

Pro tips

  • Describe [contract] in real terms — "an ERC-20 with minting caps and pausability" yields findings about those exact functions, while a vague description produces boilerplate.
  • Set [criticality] honestly; "holds user deposits, high criticality" pushes more items into the Critical band where they belong.
  • Do the upgradeability section (deliverable 4) carefully if you use proxies — storage-layout mistakes are silent until they're catastrophic.
  • Match [chain_version] to your actual compiler; overflow behaviour and available tooling differ across Solidity versions.
  • Treat this as a complement to a professional audit, not a replacement — it surfaces gaps and invariants to fuzz, which makes the eventual audit cheaper and faster.
  • Turn each one-line check into an actual test where you can; a passing test beats a checked box.

Frequently Asked Questions

Is this prompt a replacement for a professional security audit?
No. It produces a prioritised, testable pre-deploy checklist that surfaces common risks and coverage gaps, which makes an eventual audit faster and cheaper. For contracts holding real value, a human audit by specialists is still essential before mainnet.
How does [criticality] change the output?
It calibrates the Critical/High/Medium prioritisation. Telling the model the contract holds user deposits pushes more findings into the Critical band, while a low-stakes contract gets a more relaxed ranking. Being honest about value at risk produces a more useful order.
Does it cover proxy and upgradeability risks?
Yes. Deliverable 4 specifically addresses proxy storage collisions, pausing, emergency stop, and timelocks. These matter because storage-layout mistakes in upgradeable contracts are silent until they cause catastrophic, hard-to-reverse failures.
Will it reference my actual contract or give generic advice?
It's instructed to reference the real contract and avoid boilerplate, so the quality depends on how specifically you fill [contract]. Describing actual functions and behaviour yields findings tied to your system rather than a generic security checklist.
Engr Mejba Ahmed

Need this built for real?

Engr Mejba Ahmed

AI Developer · Software Engineer

I'm Mejba — I design and ship production AI systems, automations, and full-stack apps. If you want this turned into a working solution for your team, let's talk.

More in Blockchain & Web3 Development Prompts

Engr Mejba Ahmed

Engr Mejba Ahmed

Claude Code Expert · Online

👋

Hey there!

Quick Actions

WhatsApp Instant reply

Chat on WhatsApp

+880 1723 741224 · Instant reply

Popular Questions

Engr Mejba Ahmed is connected
Engr Mejba Ahmed is typing...
Engr Mejba Ahmed avatar

✉ Want me to follow up? Drop your email

Engr Mejba Ahmed avatar

📞 Connect Directly

Choose how you'd like to reach me

WhatsApp

+880 1723 741224

Email

[email protected]

✓ Details sent! I'll get back to you shortly.

Powered by OpenAI

335+

Blog Posts

25

AI Courses

63

Projects

Services & Expertise

Pricing & Process

Learning & Resources

Connect & Support