Pair-audit Solidity with Claude Code Native + LingModel

Three valid paths — pick whichever you already have

LingCode's Claude tab gives you the same agent loop regardless of how Claude is authenticated:

• BYOK Anthropic API key — paste your key in Settings → Providers → Anthropic. Pay-as-you-go.
• Claude Pro / Max OAuth — sign in with your existing Claude.ai subscription. Best if you already pay Anthropic monthly.
• LingModel Pro tier — managed by LingCode. No key wrangling; one subscription for everything.

All three drive the same Node-based agent bridge with full tool use, MCP support, and permission gating. From the audit's perspective, none of these matter — pick the cheapest path you can stomach.

Sign in and you're done

If you're on the LingModel Pro tier, it appears automatically in the chat's provider switcher next to your Claude option. No key wrangling. Settings (⌘,) → Account confirms the tier is active.

LingModel runs a different model family than Claude Code Native, which is exactly what the audit pass needs — fresh priors on the same contract. An audit pass of a 300-line contract is well under $0.10 of LingModel usage.

Open a Claude chat and draft normally

Two non-obvious habits make the audit step actually useful:

• Write the Foundry test file alongside the contract. Both models will reason better about invariants if the tests express them. forge init, contract under src/, test under test/.
• Put your threat model in a comment block at the top of the contract. Three lines is enough: "This contract holds X. The threat actors are Y. The trust assumption is Z." Now both models have something to attack against.

Example threat-model comment for a vault contract:

// THREAT MODEL
// Holds: depositor USDC, up to ~$50M assumed TVL.
// Trust: governance multisig (5/9) can pause and rotate strategist;
//        no other admin path. Strategist is trusted to not collude.
// Adversaries: depositors trying to mint excess shares (4626 inflation);
//              MEV bots front-running deposit/withdraw; oracle griefers.

New chat, new provider, no shared context

Click the provider switcher in the chat input area and select LingModel. Open a new chat — do not continue the drafting conversation. Sharing context with the model that wrote the code defeats the entire purpose. The audit pass needs to read the contract cold, the way an auditor would.

Paste the contract (and Foundry tests, if you have them) and use a structured prompt rather than "audit this." Vague audit prompts produce vague findings.

Audit this Solidity contract assuming it controls $10M on mainnet.
Check every item below. For each finding, give:
  - Severity (Critical / High / Medium / Low / Info)
  - File:line
  - One-paragraph explanation
  - Concrete fix or mitigation

CHECKLIST
1.  Reentrancy — including read-only reentrancy and cross-function
2.  Access control — modifier coverage, owner-can-rug surface area
3.  Integer arithmetic — even on 0.8.x, unchecked blocks and casting
4.  Oracle dependency — staleness checks, manipulation, fallback path
5.  Front-running — does any path need commit-reveal?
6.  Signature replay — chainId, nonce, deadline, domain separator
7.  Upgrade safety (if proxy) — initializer guards, storage gaps, __gap
8.  ERC-4626 share inflation — first-depositor griefing, virtual shares
9.  Gas griefing — unbounded loops over user-controlled input
10. Checks-Effects-Interactions discipline — order of state updates
11. External call return values — silent failure modes
12. Token assumptions — fee-on-transfer, rebasing, blocklist, ERC-777 hooks
13. Block.timestamp / block.number assumptions
14. tx.origin usage
15. Self-destruct / selfdestruct in dependencies

Output: a numbered findings list. Don't editorialize.

Save LingModel's findings. Then start a fresh chat in Claude with the same checklist prompt and the same contract. You now have two independent findings lists.

Both-flagged → fix. One-flagged → think. Neither-flagged → still possible.

• Both models flagged the same finding. Fix it. Write a Foundry test that fails on the unfixed version and passes on the fixed one, before moving on. The test is what protects you on future refactors.
• Only one model flagged a finding. This is where the workflow earns its keep. The lone flagger is right surprisingly often — different priors catch what the other missed. Read the finding carefully, write a Foundry test trying to reproduce the issue, and decide based on the test, not the explanation.
• Neither flagged a category in the checklist. This doesn't mean you're safe — it means both models share that blind spot. For Critical-severity categories (reentrancy, access control, oracle), write your own Foundry test against the unfixed assumption anyway.

Loop the process until both models produce only Info-level findings on the latest version. That's your hand-off state to a real auditor — clean enough that they spend their hours on systemic risk, not on triage.

Skill Gallery → install writing-smart-contracts

The community skill writing-smart-contracts encodes auditor-grade Solidity heuristics — reentrancy patterns, proxy storage collisions, oracle/MEV exposure, ERC-20/721/1155/4626 tokens, deploy-script gotchas — and pushes a Foundry test-first workflow. Install it once from the Skill Gallery and it activates in any chat where you mention Solidity, Forge, Hardhat, or an EIP.

Run it as the third pass after the Claude / LingModel reconcile. Same checklist prompt, but now the skill's heuristics steer the model toward categories the bare model would have skimmed. This is genuinely additive — it's not a fourth model, it's a sharper system prompt for whichever model you're using.