Generated: 2026-04-18
Scanned Repos: MetaMask/delegation-framework, ethereum/ERCs, scaffold-eth/scaffold-eth-2, openclaw/openclaw
Total Issues Found: 50+ open issues across 4 repos
Repo: ethereum/ERCs
Issue: #1616 - "ERC-8183: 7 HIGH-severity issues found via structural analysis"
Type: AI Agent Standard / Security / Specification Review
Why This Fits Sam:
- Direct alignment with AI agent work - ERC-8183 is an agent interaction standard
- Structural analysis using Prism Oracle reveals authorization mismatches, reentrancy risks, and incentive distortions
- Opportunities to contribute security analysis, spec improvements, and test cases
- High-impact work that strengthens AI agent infrastructure on Ethereum
Key Findings:
setBudget()authorization mismatch (client OR provider vs provider-only)- Missing
expectedBudgetfield (front-running protection) - Hook reentrancy via
afterAction(no reentrancy guards) - Hook whitelist lacks removal mechanism (unbounded gas costs)
- Budget negotiation deadlock (no timeout)
- Evaluator fee incentive distortion (volume over accuracy)
Contribution Path:
- Review the full report: https://github.com/Cranot/prism-oracle/blob/master/examples/erc8183-full-pipeline.md
- Propose fixes to spec for each HIGH-severity finding
- Add security warnings and best practices to ERC-8183 documentation
- Submit PR with revised spec sections
Repo: scaffold-eth/scaffold-eth-2
Issue: #1236 - "Improve skill architecture based on SkillsBench findings"
Type: AI Agent Skills / Performance Optimization / Documentation
Why This Fits Sam:
- Direct overlap with OpenClaw skills work - optimizing how AI agents use structured knowledge
- Research-backed improvements (SkillsBench paper benchmarked 86 tasks across 7 agent models)
- Concrete actionable findings with measurable impact
- Opportunity to split large skills, add executable resources, and improve composition guidance
Key Findings from Research:
- Skill length sweet spot: Compact (+17.1pp) and Detailed (+18.8pp) outperform Comprehensive (-2.9pp)
- Optimal skill count: 2-3 skills per task (+18.6pp peak); 4+ skills drops to +5.9pp
- Executable resources matter: Skills with companion scripts/templates outperform markdown-only
- Smaller models + good skills > bigger models without: Haiku 4.5 with skills (27.7%) beats Opus 4.5 without (22.0%)
Contribution Path:
- Split large skills (
solidity-securityat 533 lines,defi-protocol-templatesat 443 lines) into focused 150-250 line pieces - Add template files alongside SKILL.md (working .sol contracts, deploy scripts, starter .tsx pages)
- Add composition guidance in AGENTS.md (suggest which 2-3 skills pair well for common tasks)
- Add verification checklists at end of each skill ("did you actually do this right?")
- Create test plan to validate improvements (run common build prompts before/after)
Repo: ethereum/ERCs
Issue: #719 - "ERC-223: problematic description of tokenReceived"
Type: Documentation / ERC Specification / Clarity
Why This Fits Sam:
- High-value documentation contribution with clear path to completion
- ERC-223 is a widely-used token standard; fixes impact many developers
- Multiple conflicting statements need resolution (good for attention to detail)
- Opportunity to improve technical writing and spec clarity
Issues to Fix:
- Conflicting return value description ("returns nothing" vs "must return 0x8943ec02")
- Unclear statement about fallback function ("may not return" - ambiguous)
- Phrases like "This function can be manually called by a EOA" add confusion without purpose
- The fallback function explanation should be moved to rationale section
Contribution Path:
- Read ERC-223 fully to understand intent of tokenReceived behavior
- Rephrase the problematic paragraph for clarity
- Move fallback function discussion to rationale section where it belongs
- Remove unnecessary EOA call mention
- Submit PR with improved description and rationale expansion
Repo: MetaMask/delegation-framework
Issue: #172 - "feat: ExecutionBoundEnforcer — exact execution commitment at redemption"
Type: Smart Contract Implementation / Delegation Framework / Solidity
Why This Fits Sam:
- Solidity implementation with clear acceptance criteria
- Builds on existing framework (CaveatEnforcer)
- Reference implementation already exists: https://github.com/terriclaw/execution-bound-intent
- Port branch available: https://github.com/terriclaw/delegation-framework/tree/feat/execution-bound-enforcer
- Combines EIP-712 signing, ERC-1271 verification, and delegation concepts
Technical Requirements:
- Inherits
CaveatEnforcer ExecutionIntent:(account, target, value, dataHash, nonce, deadline)- Supports EOA + ERC-1271 signatures via
SignatureChecker - Nonce scoped by
(delegationManager, account, nonce) - EIP-712 domain anchored to enforcer contract address
- Restricted to single-call + default execution mode
Acceptance Criteria:
- Exact execution passes
- Mutated calldata reverts (
DataHashMismatch) - Replay reverts (
NonceAlreadyUsed) - Unsupported call type reverts
- Signer distinct from delegator passes with valid signature
- Wrong signer reverts (
InvalidSignature) - Wrong account reverts (
AccountMismatch) - Expired deadline reverts (
IntentExpired)
Contribution Path:
- Review reference implementation and port branch
- Implement
ExecutionBoundEnforcerfollowing specs - Write tests for all acceptance criteria
- Add documentation explaining use cases
- Submit PR to MetaMask/delegation-framework
Repo: ethereum/ERCs
Issue: #1529 - "Inconsistent formatting of notes in function documentation"
Type: Documentation / ERC Standards / Consistency
Why This Fits Sam:
- Low-barrier entry contribution (documentation only)
- ERC20 is the most critical token standard - wide impact
- Clear problem with proposed solutions provided
- Good first issue for building reputation in ERC community
Current Problems:
transfer()andtransferFrom(): Uses "Note" (capitalized, no colon)approve(): Uses "NOTE:" (all caps with colon)- Inconsistent across different function descriptions
Proposed Solutions:
- Option 1: Use "Note:" (bold with colon) consistently
- Option 2: Use "NOTE:" (all caps with colon) consistently
Impact:
- Improves documentation consistency
- Enhances readability
- Maintains professional documentation standards
- Better developer experience
Contribution Path:
- Scan ERC20 spec for all "Note" instances
- Choose consistent format (recommend "Note:" for readability)
- Replace all instances with chosen format
- Verify no other formatting inconsistencies introduced
- Submit PR with rationale for chosen format
Repo: ethereum/ERCs, #877
- Add warnings about universal verifier inheritance and precompile address
0x04usage - Recent exploit discovered using ERC-6492 reference implementation
- High security impact
Repo: ethereum/ERCs, #1529
- Similar to #719 but for ERC20 spec
- "Note" vs "NOTE:" inconsistency across functions
- Quick win for documentation improvement
Repo: scaffold-eth/scaffold-eth-2, #1206
- Refactor test suite to use Hardhat
loadFixturepattern - Add test cases for missing functions (
withdraw(),premium) - Good for testing experience
- Scanned open issues across 4 target repos
- Filtered for: "good first issue" labels, documentation gaps, and ERC-7710/7702/8004/AI agent relevance
- Prioritized based on: alignment with AI agent work, impact on Ethereum ecosystem, and actionable contribution path
- Assessed "Sam's expertise" based on context cues (OpenClaw agent work, ERC standards interest)
- No explicit "good first issue" labels found in the current issue set
- Documentation gaps are present in ERCs repo (multiple clarity/consistency issues)
- AI agent-related work: ERC-8183 (#1616) and skill architecture optimization (#1236) are the strongest matches
- OpenClaw repo had 50+ open issues but most were product-specific bugs, not good external contributions