THE CYCLE
The thorough and Detailed Process
Specification Gathering
This is the most crucial stage because the detail is key for a successful smart contract Security audit. Here we will gather the specifications from you to know the intended behavior of smart contract. In this stage, we need a summary of the intended behavior of the smart contract from your side. We would also gather specification through forms.
Manual Review
Goals of manual review
Verify that every detail in the specification is implemented in smart contract.
Verify that the contract does not have any behavior that is not specified in specifications.
Verify that contract does not violate original intended behavior of specifications.
Here we would look for undefined, unexpected behavior and common security vulnerabilities like
Re-entrance
Overflows
Uncheck return values for low-level calls
Denial of service
Bad randomness
Front running
Time manipulation
Short address attack
Unknown vulnerabilities
The goal is to get to as many skilled eyes on contract code as possible
Manual Testing
Smart contract will be manually deployed on any of the test network (Ropsten/Rinkeby) using remix IDE. All the transaction hashes will be recorded.
Gas consumptions and behavior of functions also noted.
Functional Testing
The smart contract will be manually deployed in a sandbox environment like testnet/mainnet forks, hardhat, ganache, etc
Smart contract functions will be tested on multiple parameters and under multiple conditions to ensure that all paths of functions are functioning as intended.
In this phase, the intended behavior of the smart contract is verified.
In this phase, we would also ensure that smart contract functions are not consuming unnecessary gas.
Gas limits of functions will be verified in this stage.
Testing with Automated Tools
Slither
Mythril
Oyente
Manticore
Solgraph
Solidity Coverage
Testing with automated tools is important to catch those bugs that humans miss. Some of the tools we would use are
Initial Audit Report
At the end, we would provide you a comprehensive report along with details of audit and steps to cover up with the vulnerabilities if we found any in your contracts.
Final Audit Report
After initial audit fixes, process is repeated again and Final audit report is delivered.
Delivery
After getting a green light from the previous step, we send the report to our designers. With their skills, they make a PDF version of the Audit Report and beautifully showcase everything in it. Sample Audit Report:
The report then gets uploaded onto our official GitHub Repository. We then share with you the link to the Audit Report along with a Certificate of Compliance from QuillAudits.
Post-Audit
Social Media Announcements
As per your requests from you, we make an Audit Announcement from our social media handles to mark the completion of the Audit.
Access to QuillAudits Ecosystem (Exchanges, IDO, KYC, Incubators, VC Partners)
AMA Sessions
Expert Auditors Explaining the Nuances of the Audit Report
QnA and Direct Interaction with Your Audience to Build Trust in Your Project
Niche Targeted PR Services
Articles & Guest Posts in Renowned Publications
Cross-Platform Promotions to Give More Exposure to the Project
