Some details
We review and verify project specifications and the source code of smart contracts to assess their overall security, with a focus on weaknesses and potential vulnerabilities. We complement our findings with solutions that mitigate the risk of future attacks or loopholes.
PROBLEMS OF SMART CONTRACTS
- Inconsistency between specification and implementation
- Flawed design, logic, or access
METHODS AND TOOLS
Our audits of smart contracts comply with the following requirements:
- The goal of the smart-contract audit is a meticulous code analysis to find security flaws and vulnerabilities.
- The security audit is performed using a combination of manual and automated tools and techniques to identify vulnerabilities within the target environment and to model their exploitation.
- The smart contract audit includes the following stages:
- The tests are conducted by a team of specialists with more than 17 years experience in different IT security domains, CISSP, OSCP, CISA and CEH certification holders.
- In general, the code review follows the best practices: Solidity Style Guide and Ethereum Smart Contract Security Best Practices.
The tools we use: Slither, securify, Mythril, Sūrya, Solgraph, Truffle, Geth, Ganache, Mist, Metamask, solhint, mythx, etc.