Back to Course

3. Advanced Course

0% Complete
0/0 Steps
  1. 1. What is Taproot?
  2. 2. Blockchain bridges – what are they?
  3. 3. What is Ethereum Plasma?
  4. 4. What is Ethereum Casper?
  5. 5. What is Zk-SNARK and Zk-STARK? 
  6. 6. What is Selfish Mining? 
  7. 7. What is spoofing in the cryptocurrency market? 
  8. 8. Schnorr signatures - what are they? 
  9. 9. MimbleWimble - what is it? 
  10. 10. What is digital property rights in NFT?
  11. 11. What are ETFs and what role do they play in the cryptocurrency market? 
  12. 12. How to verify a cryptocurrency project – cryptocurrency tokenomics 
  13. 13. What is the 51% attack on blockchain?
  14. 14. What is DAO, and how does it work?
  15. 15. Zero-knowledge proof – a protocol that respects privacy 
  16. 16. What is EOSREX?
  17. 17. What is Proof of Elapsed Time (PoET)?
  18. 18. Mirror Protocol – what it is? 
  19. 19. What are synthetic assets? 
  20. 20. How to create your own NFT? 
  21. 21. Definition of DeFi, and what are its liquidations?
  22. 22. New identity system - Polygon ID
  23. 23. Ethereum Foundation and the Scroll protocol - what is it?
  24. 24. What is Byzantine fault tolerance in blockchain technology?
  25. 25. Scalability of blockchain technology - what is it?
  26. 26. Interchain Security - new Cosmos (ATOM) protocol
  27. 27. Coin Mixing vs. Coin Join - definition, opportunities, and threats
  28. 28. What is Ethereum Virtual Machine (EVM) and how does it work?
  29. 29. Soulbound Tokens - what are they, and how do they work?
  30. 30. Definition of LIDO - what is it?
  31. 31. What are Threshold Signatures, and how do they work?
  32. 32. Blockchain technology and cyberattacks.
  33. 33. Bitcoin script - what it is, and what you should know about it.
  34. 34. What is zkEVM, and what are its basic features?
  35. 35. Do confidential transactions on blockchain exist? What is a Confidential Transaction?
  36. 36. Algorithmic stablecoins - everything you should know about them.
  37. 37. Polygon Zk Rollups ZKP - what should you know about it?
  38. 38. What is Web3 Infura?
  39. 39. Mantle - Ethereum L2 scalability - how does it work?
  40. 40. What is the NEAR Rainbow Bridge?
  41. 41. Liquid Staking Ethereum and LSD tokens. What do you need to know about it?
  42. 42. Top 10 blockchain oracles. How do they work? How do they differ?
  43. 43. What are Web3.js and Ether.js? What are the main differences between them?
  44. 44. What is StarkWare, and recursive validity proofs
  45. 45. Quant Network: scalability of the future
  46. 46. Polygon zkEVM - everything you need to know
  47. 47. What is Optimism (OP), and how do its roll-ups work?
  48. 48. What are RPC nodes, and how do they work?
  49. 49. SEI Network: everything you need to know about the Tier 1 solution for DeFi
  50. 50. Types of Proof-of-Stake Consensus Mechanisms: DPoS, LPoS and BPoS
  51. 51. Bedrock: the epileptic curve that ensures security!
  52. 52. What is Tendermint, and how does it work?
  53. 53. Pantos: how to solve the problem of token transfer between blockchains?
  54. 54. What is asymmetric encryption?
  55. 55. Base-58 Function in Cryptocurrencies
  56. 56. What Is the Nostr Protocol and How Does It Work?
  57. 57. What Is the XDAI Bridge and How Does It Work?
  58. 58. Solidity vs. Rust: What Are the Differences Between These Programming Languages?
  59. 59. What Is a Real-Time Operating System (RTOS)?
  60. 60. What Is the Ethereum Rinkeby Testnet and How Does It Work?
  61. 61. What Is Probabilistic Encryption?
  62. 62. What is a Pinata in Web 3? We explain!
  63. 63. What Is EIP-4337? Will Ethereum Account Abstraction Change Web3 Forever?
  64. 64. What are smart contract audits? Which companies are involved?
  65. 65. How does the AirGapped wallet work?
  66. 66. What is proto-danksharding (EIP-4844) on Ethereum?
  67. 67. What is decentralised storage and how does it work?
  68. 68. How to Recover Cryptocurrencies Sent to the Wrong Address or Network: A Practical Guide
  69. 69. MPC Wallet and Multilateral Computing: Innovative Technology for Privacy and Security
  70. 70. Threshold signature in cryptography: an advanced signing technique!
  71. 71. Vanity address in cryptocurrencies: what is it and what are its characteristics?
  72. 72. Reentrancy Attack on smart contracts: a threat to blockchain security!
  73. 73. Slither: a static analyser for smart contracts!
  74. 74. Sandwich Attack at DeFi: explanation and risks!
  75. 75. Blockchain RPC for Web3: A key technology in the world of decentralized finance!
  76. 76. Re-staking: the benefits of re-posting in staking!
  77. 77. Base: Evolving cryptocurrency transactions with a tier-2 solution from Coinbase
  78. 78. IPFS: A new era of decentralized data storage
  79. 79. Typical vulnerabilities and bridge security in blockchain technology
Lesson 64 of 79
In Progress

64. What are smart contract audits? Which companies are involved?

Audits, is a detailed analysis of the smart contract code, designed to identify security issues, as well as inefficient and incorrect coding. Moreover, the audit, so carried out, is to find ways to solve the problems that will occur in a given contract.

The audit of smart contracts is a very important part of the cryptocurrency sector that ensures the security of blockchainapplications. How is such an audit carried out? We already explain!

Smart contract audit – what does it involve?

It is a detailed analysis of the code of a given contract that identifies potential errors and shortcomings. It is to find incorrect and inefficient coding, and to find ways to solve these problems.

There is no room for error in intelligent contracts. Contracts work as the code dictates. Once a intelligent contract is deployed to the network, it can no longer be fixed or changed. This is why audits are so important to ensure that the coded code is secure and will not fail.

Smart contract audits – what do they deliver?

Although blockchain technologyis secure, the applications themselves can sometimes have security holes. The creation and implementation of a intelligent contract alone costs between approximately $7,000 and $45,000. Interestingly, a intelligent contract to be deployed in a large organisation can cost up to US$100,000!

So how do you audit such a contract? The entire audit methodology is a line-by-line analysis of the code. The audit ensures that the blockchain is airtight and that intelligent contracts can be implemented into it. It assures investors and customers that the contracts will work as planned and that their assets are safe.

With blockchain applications error-free codes are a must. With such a detailed report, we can be sure that the intelligent contract is robust and the application is ready to use.

How does such an audit work and what documentation is needed for it?

You know from our previous lessons that a intelligent contract can consist of thousands of lines of code. In all this, even obvious issues can get lost. Testing tools and auditors must detect such errors and potential vulnerabilities in the code in question.

The first step of a good audit is to collect all relevant documentation. This is the white paper, the code base and all other material related to the intelligent contract. Already at this level the auditor can isolate the first errors, if any, of course.

Moreover, without access to such documentation, auditors will not know what such contract is for. Without this knowledge, they are unable to correctly determine the operation of the code. For an auditor to see that the code is working as intended, they need to know what the code is ultimately intended to achieve.

At this stage, developers and auditors also determine code freeze. New code will not be written and the contract audit will no longer consider any code written after the documentation has been collected.

The next stage is content testing. If the auditor has understood the code and the application, automated content is run using a variety of tools. This is the easiest way to detect problems. This stage includes integration tests, which examine a huge amount of code, unit tests, which check individual functions, or penetration tests, which detect vulnerabilities.

Once the automated tests are complete, the auditor moves on to manual tests, i.e. manually reviewing the code. At this point, it is worth knowing that the automated tests identify gaps in the code, but they cannot understand what the developer wants to achieve with the application. This is why manual code review is so essential. The auditor reads such code and tries to understand if everything fits together. When manually reviewing the code, the auditor identifies potential problems that the automated tests miss.

The next stage of the audit is problem solving. When errors arise, the auditor will work with the development team to resolve them. Admittedly, the whole process is long and arduous, but the result will be a successful project. By solving each problem, you can ensure that the smart contracts are ready for implementation.

Once all of the above processes have been completed, the auditor will present a report that includes all the key settings. This is a specific source of information for those involved in developing the application.

How long does such an audit take?

It all depends on the size and complexity of the code of a given intelligent contract. The audit of short codes may take a few days, but those of larger applications – definitely longer. However, this guarantees us the security and success of the blockchain application in question.

Popular tools for auditing smart contracts include:

  • Echidna – a programme designed to test Ethereum smart contracts.
  • Ethlint – analyses the Solidity code.
  • Mythril – EVM bytecode security analysis tool.
  • MythX – automatically looks for security vulnerabilities.
  • Rattle – a binary framework for static EVM analysis.
  • Solgraph – detects potential security vulnerabilities.
  • Scribble – a tool that translates Solidity’s high-level code specifications.

Top companies auditing smart contracts:

  • CertiK
  • Hacken
  • ConsenSys Diligence
  • OpenZeppelin
  • Certora
  • Quantstamp
  • ChainSecurity
  • PeckShield
  • Trail of Bits

Summary

The audit process ensures that the applications and protocols in question are error-free. For cryptocurrency projects, such an audit is of great importance. It shows that their applications are safe for users and that intelligent contracts can be implemented.

Complete today’s lesson!

  1. What is a smart contract? [BASIC LEVEL].
  2. Is blockchain secure? [BASIC LEVEL].