Audit of smart contracts

Home / Services / Security audit and testing / Audit of smart contracts

Analysis and verification of specifications and source code of smart contracts

Your smart contracts may contain hidden vulnerabilities that could result in loss of money or interruption of business operations. In the world of blockchain, even small security issues negatively affect reputation and investment decisions.

Secure your blockchain solutions, fix costly bugs, optimize your code, and give assurance to your users and investors. As a result, you will boost the trust of the blockchain community in your projects and ensure their stable growth.

Our certified experts analyse the security of your smart contracts line by line, finding their vulnerabilities and other weaknesses. We develop guidelines that protect your smart contracts and your business.

Please read the introduction to the security of smart contracts. Find out more about the problems we solve, the methods and tools we use, and the results we deliver.

Free smart contract security analysis

The problems with smart contracts

Inconsistency between specification and implementation.
Deficiencies in design, logic and access control.
Arithmetic overflow operations (integer overflow and underflow).
Reentrancy attacks, code injection attacks, and Denial of Service attack.
Exceeded limits on bytecode and gas usage.
Miner attacks on timestamp and transaction ordering, transaction-ordering dependence (TOD).
Race conditions, other known attacks, and access control violations.

More about vulnerabilities

Common and platform-specific vulnerabilities:
Incorrect standard implementation
Integer Overflow and Underflow
Callstack Depth Attack
Timestamp Dependency
Block Properties Dependency
Multisig Bug
Transaction-Ordering Dependency
Function Call Vulnerabilities
Business Security
Event Security
Reentrancy
PRNG Vulnerabilities
DoS Vulnerabilities
Fake Deposit
Token Vesting Implementation
Exceptional Reachable State
and other (100+ vulnerabilities)

Common vulnerabilities of coding in Solidity and other languages:
Extra gas consumption
Implicit visibility level
Costly loop
External to public visibility level
Deprecated items
Fallback usage
Overriding variables
Redundant code
and other

Requirements for auditors of smart contracts

The goal of the smart-contract audit is a meticulous code analysis to find security flaws and vulnerabilities.
The security audit is performed using a combination of manual and automated tools and techniques to identify vulnerabilities within the target environment and to model their exploitation.
The tests are conducted by a team of specialists with more than 17 years of experience in different IT security domains; CISSP, OSCP, CISA, and CEH certification holders.
The code analysis review follows the best practices: Solidity Style Guide, Ethereum Smart Contract Security Best Practices, Smart Contract Security Verification Standard (SCSVS).
Classification of vulnerabilities corresponds to DASP Top 10, SWC Registry and CWE/SANS Top 25.

GET A QUOTE

Audit stages

Documentation check.
Detailed analysis of the smart contract code, functionality and logic of its operation, cryptography, third-party modules, and library structure.
Analysis of specific cases: Web security, Social security, Token/smart-contract OSINT, Signs of Risk, Signs of Confidence.
Manual search for weaknesses in functions, development of attack vectors, writing tests for their implementation.
Automatic scanning of source files for inconsistencies with smart contract security best practices.
Checking scan results, identifying false positives, tools and real vulnerabilities that can affect the security of the application.
Development of recommendations to eliminate the found deficiencies and risk assessment.
Checking the implementation of recommendations.
A public certificate issued for the successfully completed audit.

We audit

The list of platforms that we support

aelf, Aeron, Aeternity, AION, Algorand, Ambrosus, AnycoinDirect, Arcona, Ardor, Ark, Asure, Auctus, Augur, Aurum, Avalanche, BILLCRYPT, Bithemoth, Block Collider, BNB Beacon Chain (BEP2), BNB Smart Chain (BEP20), BnkToTheFuture, Cardano, Casper, Centrality, ChangeNOW, ChiliZ, ConsenSys Quorum, Cortex, Cosmos, COTI, Cronos, Cryptonex, CyberMiles, Dapp Fight, Dapps, Disciplina, Dogezer, Earths, ECROFund, Elastos, Electrify Asia, Enigma, Enjin Coin, Enkronos, EOS, Ethereum ERC-20 – ERC-4626 standards, Etherparty, Fantom, Fluence, FReeStart, Funfair, Gimli, Gnosis, GoByte, GXChain, HECO, HoloChain, I-chain, ICON, IExec, Ignis, Internxt, INTRO, Ion, IOStoken, JUST, Klaytn, Komodo, Lisk, Loom Network, Loopring, MaidSafeCoin, Mainframe, Maker, Metaverse ETP, Morpheus Network, MVL, NAV Coin, Near, Nebulas, NEM, Neo, Nimiq, NIX, Nuls, NXT, OEL Foundation, OmniBazaar, ONT, Ontology, Opporty, OpuLabs, ORIS.SPACE, Papusha, Polkadot, Polygon, ProximaX, Qtum, QuarkChain, QUOINE, RChain, Red Pulse, RepuX, Request Network, Revain, Scorum, Siacoin, Skycoin, SmartMesh, Solana, Stellar, Stream, Swarm city, Syscoin, Taklimakan, Tezos, Theta, TON, Trivver, Tron TRC-20 – Tether, Vechain, Verge, Wanchain, Waves, WaykiChain, Xdc, Zilliqa, and others.

Our tools

Slither, securify, Mythril, Sūrya, Solgraph, Truffle, Hardhat, Ganache, Mist, solhint, mythx, manticore, etc.

What you get

Project deliverables include the Report on Audit of Smart Contract:

Executive summary
Project approach
- Rules of Engagement
- Description of security audit methodology
- Scope description
Findings and recommendations
Workflow of security audit
Further information on findings and detailed recommendations
Conclusion
Risk Mitigation Recommendations.

After you fix the shortcomings of your smart contract, we do the retest for free and issue a security certificate that guarantees the reliability of your smart contract and significantly increases the total value of your project.

GET A QUOTE

Check out our additional services and business cases. Send the form below to request an audit of smart contract. Get a free consultation.