What is Smart Contract Audit?
Smart contract audit is the process of identifying vulnerabilities in a smart
contract code prior to its deployment on production systems of blockchain platforms like
Ethereum, Tron, EOS, Hyperledger and others.
It involves automated and manual testing of the smart contracts to highlight commonly encountered technical, security vulnerabilities and patterns that could be exploited by malicious parties.
A smart contract audit also includes suggestions on best practices of writing smart contracts, improving code efficiency, logic and overall optimization. There are two types of audit – Technical Audit and Full Security Audit
Why to opt in for a smart contract audit?
A 2017 report by Gartner predicts that 22% of global organizations will be using smart contracts for their critical business processes by 2022. With the exponential rise in usage of smart contracts for enterprise business processes and fund raising in the cryptocurrency ecosystem, it is paramount to undertake audits for reducing the attack surfaces of smart contracts.
A smart contract having vulnerabilities can be exploited. A single bug, pattern or error in a smart contract, may lead to irrecoverable loss of funds or locking up of millions of dollars in irreparable smart contract functions. The owning party may incur extensive losses, ranging from money to trust of the community, owing to a few anomalies. The Smart Contract Audit facilitates in securing such technical security vulnerabilities and unintentional code executions through extensive testing to deliver a production ready Smart Contract.
How does SOMISH conduct smart contract audits?
Our unbiased and independent blockchain aficionados assess and identify the technical and security vulnerabilities and glitches in the smart contract, basis the provided code and business, technical documentation specifying behavior of the contract. At times, developers find it difficult to write unit test cases for the smart contracts and our team can help in liaising for the same.
Post-assessment, the contract undergoes a 360° verification process to ensure that it fulfills the required specifications as per the provided documentation
The results of the first two phases are shared with the contract owners with brief suggestions on how to improve. The contract owners then engage in rectifications of the anomalies in a pre-decided time window, post which, our team undertakes one-time code re-verification.
Finally testing is followed by a detailed technical / security audit report which is provided to the contract owners for their reference and usage.
Why Choose SOMISH for Audit?
Our company enjoys the trust and success earned over a decade of hard work. We diversified into blockchain technology in the year 2016 and our team won the London Blockchain Week Hackathon in January 2017.
Since then, SOMISH has worked with Governments, Fortune 500 companies and startups globally to provide consulting, development and audit expertise on platforms like Ethereum, Hyperledger, Quorum, Tron, EOS and such others.
Our company GitHub profile can be seen at: github.com/somish
If you’re looking for detailed company testimonials, please reach out to us!Ask for testimonials
What is the duration of an audit?
The duration of an audit depends on the project size. A simple token contract (like ERC20 and others) can be audited in a span of a couple of days, whereas, a complex project such as of a decentralized exchange or a dApp may take anywhere between 15 days to a month.
What differentiates automated audit from a manual audit?
In a manual audit, the code undergoes various inspections and tests by our team of Code Auditors to check the correct implementation of its specifications. While it is a manual audit, there exists a possibility of human error, missing out on hard to find bugs. In an automatic audit, the code is treated with various smart contract code testing tools that mathematically prove the implementation of the contract’s specifications.
Who will audit the contract?
Our company in-house resources, perform the Smart Contract Audits under the supervision of our CTO, Nitika Arora. Nitika’s GitHub profile can be seen here: github.com/nitika-goel
What are the auditing charges?
Charges are a function of the complexity and duration of the audit. It also depends on the quality of the business requirement and technical documentation provided by the contract owners.