• Attention! If you want to see both (Russian and English) localizations of the forum, go to the profile preferences and select "Display nodes in all languages". By default, you are shown the localization that corresponds to your interface language.

    Внимание! Если вы хотите видеть обе (Русскую и Английскую) локализации форума, пройдите в настройки профиля и выберите пункт «Отображать разделы на всех языках». По умолчанию, вам отображается та локализация, которая соответствует вашему языку интерфейса.

EOS Smart Contract Audit

Somish11

Hamster
Threads
1
Messages
1
Points
0
What is a Smart Contract Audit?

A smart contract audit is a process of identifying vulnerabilities in a smart contract code prior to its deployment on production systems of blockchain platforms like Ethereum, Tron, EOS, Hyperledger, and others. It involves automated and manual testing of the smart contracts to highlight commonly encountered technical, security vulnerabilities, and patterns that could be exploited by malicious parties. A smart contract audit also includes suggestions on best practices of writing smart contracts, improving code efficiency, logic, and overall optimization. There are two types of audit – Technical Audit and Full Security Audit.

EOS Smart Contract Audit Goals

• Smart contract built on the top of EOSIO blockchain allows for a lot of features to be covered by tests, but the turning completeness of C++ programming language and it’s flexibility leaves some space for unexpected runtime exceptions.

• Our audit ensures the reliability of your smart contract by complete the assessment of your application architecture and your smart contract codebase.

• Through our manual and automated analysis, we provide a complete solution to identify and determine vulnerabilities and violations of logic in smart contracts.

• We will check whether the developed source code is compatible with the contents described in the whitepaper.

• How efficiently CPU utilized, RAM usage.

• Auth checks, numeric overflows, buffer overflows, transfer prompt errors, rollback attacks, random number attacks.

• Dangling pointers and references and memory management

• Mapping of actions to roles and permissions

• Persistent data on RAM and usage of index tables

• DoS attacks

• whoever deploys the contract does not have access to user funds

3rd Party - Smart Contract Audit

Hiring an external smart contract audit company is a crucial step in ensuring that your smart contracts work as intended.
Historically, a single bug in smart contracts has to lead to irrecoverable loss of funds or locking up millions of dollars. See as under:
  1. The DAO Hack in 2016 resulted in the loss of 3.6 million ETH, worth ~ $750 million as on July’19
  2. The Parity Wallet Hack in July’17 resulted in the loss of 150,000 ETH, worth ~ $31 million as on July’19
The Parity 2 Hack in Nov’17 resulted in the freezing of 513,774 ETH, worth ~ $107 million as on July’19

5 Signs You Need Help With Smart Contract Audit


  1. Worried about the intended behavior of smart contracts written by your developers?

  2. You’ve heard about various smart contract hacks like (The DAO Hack and Parity Hack) and are worried that your smart contract might have bugs?

  3. Are you launching a tokenized crowdfunding campaign and want to get your smart contracts audited before exchange listing?

  4. Your blockchain developers are unable to write comprehensive unit test cases for your smart contracts and you’re worried about the functionality of the contracts?

  5. Your investors are asking for 3rd party security audit of your smart contracts but you are unable to find an experienced team of auditors?

4 Steps Of Conducting Smart Contract Audits

1) Our unbiased and independent blockchain aficionados assess and identify the technical and security vulnerabilities and glitches in the smart contract, basis the provided code and business, technical documentation specifying behavior of the contract. At times, developers find it difficult to write unit test cases for the smart contracts and our team can help in liaising for the same.

2) Post-assessment, the contract undergoes a 360° verification process to ensure that it fulfills the required specifications as per the provided documentation

3) The results of the first two phases are shared with the contract owners with brief suggestions on how to improve. The contract owners then engage in rectifications of the anomalies in a pre-decided time window, post which, our team undertakes one-time code re-verification.

4) Finally testing is followed by a detailed technical / security audit report which is provided to the contract owners for their reference and usage
 
Top Bottom