Smart contract built on the top of EOSIO blockchain allow for a lot of features to be covered by tests, but the turing completeness of C++ programming language and it’s flexibility leaves some space for unexpected runtime exceptions.
2. ABOUT SOMISH
Established in 2006, we dived into Blockchain
Technology back in 2016. Ever since, we have worked
with Fortune 500 companies, governments and startups
across the world to build award-winning, validated
products
2
3. What is Smart Contract Audit?
Smart contract audit is the process of identifying vulnerabilities in a smart contract code prior
to its deployment on production systems of blockchain platforms like Ethereum, Tron, EOS,
Hyperledger and others. It involves automated and manual testing of the smart contracts to
highlight commonly encountered technical, security vulnerabilities and patterns that could be
exploited by malicious parties. A smart contract audit also includes suggestions on best
practices of writing smart contracts, improving code efficiency, logic and overall optimization.
There are two types of audit – Technical Audit and Full Security Audit
4. EOS Smart Contract Audit Goals(1 of 2)
• Smart contract built on the top of EOSIO blockchain allow for a lot of features to be covered by
tests, but the turing completeness of C++ programming language and it’s flexibility leaves some
space for unexpected runtime exceptions.
• Our audit ensures the reliability of your smart contract by complete assessment of your
application architecture and your smart contract code base.
• Through our manual and automated analysis, we provide complete solution to identify and
determine vulnerabilities and violations of logic in smart contract.
• We will check whether the developed source code is compatible with the contents described in
whitepaper.
• How efficiently CPU utilized, RAM usage.
5. EOS Smart Contract Audit Goals(2 of 2)
• Auth checks, numeric overflows, buffer overflows, transfer prompt errors, rollback attacks,
random number attacks.
• Dangling pointers and references and memory management
• Mapping of actions to roles and permissions
• Persistent data on RAM and usage of index tables
• DoS attacks
• whoever deploys the contract does not have access to user funds
6. Hiring an external smart contract audit company is a crucial step in ensuring that your smart
contracts work as intended.
Historically, a single bug in smart contracts has lead to irrecoverable loss of funds or locking up
of millions of dollars. See as under:
1. The DAO Hack in 2016 resulted in loss of 3.6 million ETH, worth ~ $750 million as on
July’19
2. The Parity Wallet Hack in July’17 resulted in loss of 150,000 ETH, worth ~ $31 million as
on July’19
3. The Parity 2 Hack in Nov’17 resulted in freezing of 513,774 ETH, worth ~ $107 million
as on July’19
3rd Party - Smart Contract Audit
7. 5 Signs You Need Help With Smart Contract Audit
1. Worried about the intended behavior of smart contracts written by your developers?
2. You’ve heard about various smart contract hacks like (The DAO Hack and Parity Hack)
and are worried that your smart contract might have bugs?
3. Are you launching a tokenized crowdfunding campaign and want to get your smart
contracts audited before exchange listing?
4. Your blockchain developers are unable to write comprehensive unit test cases for your
smart contracts and you’re worried about the functionality of the contracts?
5. Your investors are asking for 3rd party security audit of your smart contracts but you are
unable to find experienced team of auditors?
8. What Can We Do For You?
Security Audit within
48 Hrs
Check For 125+
Vulnerabilities
Report on Critical, Major,
Minor Bugs
Audit for Major ProtocolsAudit by 2 Unbiased
Experts
Unlimited Re Audits
9. 4 Steps Of Conducting Smart Contract Audits (1 of 2)
Our unbiased and independent blockchain aficionados assess and
identify the technical and security vulnerabilities and glitches in the smart
contract, basis the provided code and business, technical documentation
specifying behavior of the contract. At times, developers find it difficult to
write unit test cases for the smart contracts and our team can help in
liaising for the same.
Post-assessment, the contract undergoes a 360° verification process to
ensure that it fulfills the required specifications as per the provided
documentation
Assessment
Verification
10. 4 Steps Of Conducting Smart Contract Audits (2 of 2)
The results of the first two phases are shared with the contract owners
with brief suggestions on how to improve. The contract owners then
engage in rectifications of the anomalies in a pre-decided time window,
post which, our team undertakes one-time code re-verification.
Finally testing is followed by a detailed technical / security audit report
which is provided to the contract owners for their reference and usage.
Testing
Reporting
11. Types of Tools
Alongside manual review, code audit shall be done by using applicable tools as per the
following list:
1. Mythril
2. Oyente
3. Manticore
4. Solgraph
5. Solidity-coverage
6. Slither