Smart Contract Audit

We entail diverse and elaborate strategies to make sure that your system is safe and works as intended.

importance of audit

Smart contracts are built to hold or interact with financial assets or funds. Immutability has its own pros and cons and when it comes to cons, a single vulnerability left in the codebase could question the reliability of the organisation and pose a threat to incur loss. Deprived of a contract auditor's bias in the process, defi systems are potentially exposed to malicious actors.

Audit Process

  • 01 - Reconnaissance

    The primary goal of the first phase is to build up clarity with respect to the intended workings of the codebase. Initially, this is attained through rigorous internal discussions on the whitepaper/ architecture document provided. This helps build an initial understanding of the system which leads to the building of test-case scenarios. After this phase, the auditors end up with preliminary semantics of the system.
  • 02 - Code Review

    Regardless of the language used, we make sure that your code is in accordance with the latest standards of code correctness. Starting off, our manual code review is vulnerability specific; this includes all publicly reported issues as well as our own registry of errors. After that, an automated review is carried out using multiple tools and any flags raised are retested. After static analysis, we move towards the extensive execution of the test cases in search of any vulnerabilities.
  • 03 - Formal Verification

    In order to provide an extra layer of fortification, we use certain techniques to formally verify all functionalities of the code. Being an extensive process, formal verification is available upon request. This includes symbolic execution using Scribble/ k-language and fuzzing using Echidna.
  • 04 - Certification

    A detailed initial audit report is shared and the findings are communicated to the stakeholders in an inclusive manner. After the fixes have been made, a final review is carried out which results in another report being issued that certifies that the smart contract is free from potential threats and blockchain risks. However, we do not claim that the contracts are resistant to any kind of zero-day attack vectors and penetration techniques.

audit services we offer

ethereum audit

polygon audit

bsc audit

solana audit

cosmos audit

protocol audit

protocol
monitoring

formal 
verification

audit reports

Unipilot V2 Final Audit Report

Unipilot is an automated liquidity manager designed to maximize ”in-range” intervals for capital through an optimized rebalancing mechanism of liquidity pools. Unipilot V2 also detects the volatile behavior of the pools and pulls liquidity until the pool gets stable to save the pool from impairment loss.

Dafi V2 Super Staking Audit Report

Our team performed a technique called “Filtered Audit”, where the contract was separately audited by two individuals. After their thorough and rigorous process of manual testing, an automated review was carried out using Mythril, MythX and Slither. All the flags raised were manually reviewed and re-tested.

Unipilot Farming V2 Audit Report

Our team performed a technique called “Filtered Audit”, where the contract was separately audited by two individuals. After their thorough and rigorous process of manual testing, an automated review was carried out using Mythril, MythX, and Slither. All the flags raised were manually reviewed and re-tested.

FAQs

1. Why do we need a smart contract audit?

Projects that interact with blockchains using smart contracts do not have sufficient in-house security expertise and therefore they rely on external experts who have domain expertise to assure maximum possible security for their project in order to prevent potential reputational/ financial losses.

2. How much does a smart contract audit cost?

It generally depends on the scope of the project, its complexity and the number of lines of the code.

3. What is the tentative timespan for an audit to complete?

The time of completion of the audit depends on the nature of the smart contract, its architecture and its complexity. BlockApex always sacrifices urgency over security. However, we put in extra hours in order to push to the deadline.

request a quote

Having questions regarding what we do and how we do it? Fill up the form and we will reach out to you swiftly.
Request

Stay in Touch

Drop your email to read the BlockApex newsletter and keep yourself updated around the clock.

    All rights reserved. Copyright 2020-21