Audit of smart contracts

REQUEST A QUOTE

Analysis and verification of specifications and source code of smart contracts

Your smart contracts may contain hidden vulnerabilities that could result in loss of money or interruption of business operations. In the world of blockchain, even small security issues negatively affect reputation and investment decisions.

Secure your blockchain solutions, fix costly bugs, optimize your code, and give assurance to your users and investors. As a result, you will boost the trust of the blockchain community in your projects and ensure their stable growth.

Our certified experts analyse the security of your smart contracts line by line, finding their vulnerabilities and other weaknesses. We develop guidelines that protect your smart contracts and your business.

Please read the introduction to the security of smart contracts. Find out more about the problems we solve, the methods and tools we use, and the results we deliver.


The problems with smart contracts

  1. Inconsistency between specification and implementation.
  2. Deficiencies in design, logic and access control.
  3. Arithmetic overflow operations (integer overflow and underflow).
  4. Reentrancy attacks, code injection attacks, and Denial of Service attack.
  5. Exceeded limits on bytecode and gas usage.
  6. Miner attacks on timestamp and transaction ordering, transaction-ordering dependence (TOD).
  7. Race conditions, other known attacks, and access control violations.
?
More about vulnerabilities
  • Common and platform-specific vulnerabilities:
  • Incorrect standard implementation
  • Integer Overflow and Underflow
  • Callstack Depth Attack
  • Timestamp Dependency
  • Block Properties Dependency
  • Multisig Bug
  • Transaction-Ordering Dependency
  • Function Call Vulnerabilities
  • Business Security
  • Event Security 
  • Reentrancy
  • PRNG Vulnerabilities
  • DoS Vulnerabilities
  • Fake Deposit
  • Token Vesting Implementation
  • Exceptional Reachable State
  • and other (100+ vulnerabilities)
  • Common vulnerabilities of coding in Solidity and other languages:
  • Extra gas consumption
  • Implicit visibility level
  • Costly loop
  • External to public visibility level
  • Deprecated items
  • Fallback usage
  • Overriding variables
  • Redundant code
  • and other
Изображение - Аудит смарт-контрактов

Requirements for auditors of smart contracts 

  • The goal of the smart-contract audit is a meticulous code analysis to find security flaws and vulnerabilities.
  • The security audit is performed using a combination of manual and automated tools and techniques to identify vulnerabilities within the target environment and to model their exploitation.
  • The tests are conducted by a team of specialists with more than 17 years of experience in different IT security domains; CISSP, OSCP, CISA, and CEH certification holders.
  • The code analysis review follows the best practices: Solidity Style Guide and Ethereum Smart Contract Security Best Practices.
  • Classification of vulnerabilities corresponds to DASP Top 10, SWC Registry and CWE/SANS Top 25.
GET A QUOTE

Audit stages

  • Documentation check.
  • Detailed analysis of the smart contract code, functionality and logic of its operation, cryptography, third-party modules, and library structure.
  • Analysis of specific cases: Web security, Social security, Token/smart-contract OSINT, Signs of Risk, Signs of Confidence.
  • Manual search for weaknesses in functions, development of attack vectors, writing tests for their implementation.
  • Automatic scanning of source files for inconsistencies with smart contract security best practices.
  • Checking scan results, identifying false positives, tools and real vulnerabilities that can affect the security of the application.
  • Development of recommendations to eliminate the found deficiencies and risk assessment.
  • Checking the implementation of recommendations.
  • A public certificate issued for the successfully completed audit.

We audit

?
The list of platforms that we support
  • aelf, Aeron, Aeternity, AION, Algorand, Ambrosus, AnycoinDirect, Arcona, Ardor, Ark, Asure, Auctus, Augur, Aurum, Avalanche, BILLCRYPT, Bithemoth, Block Collider, BNB Beacon Chain (BEP2), BNB Smart Chain (BEP20), BnkToTheFuture, Cardano, Casper, Centrality, ChangeNOW, ChiliZ, ConsenSys Quorum, Cortex, Cosmos, COTI, Cronos, Cryptonex, CyberMiles, Dapp Fight, Dapps, Disciplina, Dogezer, Earths, ECROFund, Elastos, Electrify Asia, Enigma, Enjin Coin, Enkronos, EOS, Ethereum ERC-20 – ERC-4626 standards, Etherparty, Fantom, Fluence, FReeStart, Funfair, Gimli, Gnosis, GoByte, GXChain, HECO, HoloChain, I-chain, ICON, IExec, Ignis, Internxt, INTRO, Ion, IOStoken, JUST, Klaytn, Komodo, Lisk, Loom Network, Loopring, MaidSafeCoin, Mainframe, Maker, Metaverse ETP, Morpheus Network, MVL, NAV Coin, Near, Nebulas, NEM, Neo, Nimiq, NIX, Nuls, NXT, OEL Foundation, OmniBazaar, ONT, Ontology, Opporty, OpuLabs, ORIS.SPACE, Papusha, Polkadot, Polygon, ProximaX, Qtum, QuarkChain, QUOINE, RChain, Red Pulse, RepuX, Request Network, Revain, Scorum, Siacoin, Skycoin, SmartMesh, Solana, Stellar, Stream, Swarm city, Syscoin, Taklimakan, Tezos, Theta, TON, Trivver, Tron TRC-20 – Tether, Vechain, Verge, Wanchain, Waves, WaykiChain, Xdc, Zilliqa, and others.

Our tools

Slither, securify, Mythril, Sūrya, Solgraph, Truffle, Hardhat, Ganache, Mist, solhint, mythx, manticore, etc.


What you get

Project deliverables include the Report on Audit of Smart Contract:

  1. Executive summary
  2. Project approach
    • Rules of Engagement
    • Description of security audit methodology
    • Scope description
  3. Findings and recommendations
  4. Workflow of security audit
  5. Further information on findings and detailed recommendations
  6. Conclusion
  7. Risk Mitigation Recommendations.

After you fix the shortcomings of your smart contract, we do the retest for free and issue a security certificate that guarantees the reliability of your smart contract and significantly increases the total value of your project.

GET A QUOTE

Check out our additional services and business cases. Send the form below to request an audit of smart contract. Get a free consultation.

Business cases of projects we completed

Audit of smart contracts and blockchain
Business Automation
Information security incident response and investigation
Managed security and compliance (ISO 27001, etc.)
Security analysis of software source code
Security assessment: audits and penetration tests
Security Operations Center cases