As the popularity of cryptocurrencies have risen dramatically over the last several years, the capabilities of the blockchain has been extended to run computations on top of technologies such as Ethereum. This is extremely exciting because it opens up a number of possibilities. (i.e. "world computer) With any new opportunity, there are associated risks. Smart contracts are no different. Security vulnerabilities or bugs have the ability to result in substantial financial losses. If you are developing technology on the blockchain, it is never too early to begin hardening your stack.
The primary goal of our smart contract audit service is to provide blockchain companies the confidence needed to conduct an ICO or token sale. We have developed a number of analysis and review techniques to effectively minimize the risk of logic errors or vulnerabilities. Smart contract auditing is typically paired with our ICO Security Audit, which validates the maturity your entire organization giving investors confidence. A review is typically carried out first as a readiness audit early in development and then the official audit just before the ICO begins.
Analysis of smart contract design patterns is the first step in our review. We validate that the smart contract is structured in a way that will not result in future problems.
A series of automated tools are used to test the security of smart contracts. Data flow and control flow are analyzed to identify smart contract vulnerabilities.
We perform a hands on review of smart contracts to identify common vulnerabilities. This include race conditions, transaction-ordering dependence, timestamp dependence, and DoS attacks.
An analysis is performed modeling how the smart contract will operate once in production. How will it interact, how much gas will be used, are there any optimizations?
We offer a remediation period in which flaws can be remediated and we perform verification to validate that the issues have been resolved. Remediated issues are noted in the report.
A digitally signed detailed report is published by Practical Assurance. This report may be shared with potential token buyers, investors, or customers.