// the find
0xJuancito/multichain-auditor
Observations and tips checklist for auditing protocols on multiple chains 🧐
A checklist of cross-chain pitfalls for Solidity auditors — block time assumptions, opcode differences, token decimal mismatches, signature replay, address aliasing, and more. Aimed at security researchers auditing protocols that deploy to multiple EVM chains.
Each gotcha links to real contest findings (Code4rena, Sherlock), so you can read the actual exploit and judge severity yourself. Covers genuinely subtle stuff that bites even experienced devs: AMM token0/token1 ordering changing between chains, ERC20 decimals differing on BSC vs Ethereum, push0 opcode support gaps for Solidity >=0.8.20. The disclaimer discouraging contest spam is unusually honest for this kind of resource.
It's a flat markdown file, not a structured database — no severity ratings, no chain-by-chain matrix, no machine-readable format you could feed into a tool. Coverage is uneven: Arbitrum and Optimism get real depth, but newer chains like Base and zkSync Era get one-liners. Hasn't been touched in months despite the ecosystem moving fast; some linked docs (Optimism Goerli uptime feed) point to deprecated testnets.