SolidStamp Smart Contract Auditor Report — November 2018 edition

Watching Watchmen: Meet smart contract auditors

Smart contracts are the heart of the Ethereum blockchain. Every dApp we engage with contains a smart contract created to dictate how it works at the most basic level. It is safe to say we should expect smart contract creators to produce sound and stable smart contracts. But the proverb, trust but verify, exists for a reason. Smart contract auditors are the independent verification mechanism to determine if the intentions and goals of the contract’s creator were rendered into the language of the blockchain. This verification is essential. Because of this importance, we want to shed some light on the organizations doing the audits to verify the integrity of the smart contracts powering the Ethereum blockchain.

We want to shed some light on the organizations doing the audits to verify the integrity of the smart contracts powering the Ethereum blockchain

Our report details a list of 17 smart contract auditing firms. It includes our analysis of 197 publicly available smart contract audits to visualize the scope and size of audits by these particular companies. From this data, we have focused on what we see as the key metrics to consider when choosing a smart contract auditor:

  • Total amount of Ether passing through the audited contracts
  • Number of distinct addresses that have interacted with the audited contracts
  • Total token valuation of token audits conducted
  • Number of distinct addresses holding the audited tokens
  • Ratio of token-related audits to all other audits to see the degree of token-only audit activity

Selected information about auditors on the list:

Authio (https://authio.org) is a blockchain consulting firm offering a range of services to bring a project from whiteboard to production. Authio’s method is to focus heavily on internal R&D as a means to understand the rapidly evolving ecosystem and always offer the best possible solution to clients. Their services cover initial design consultation, development, and end-of-line audits.

Our methodology and raw data

Our report is based on 197 smart contract audits listed by the auditors on SolidStamp or found on the Internet. We only considered audits that had a clear indication of client-side commissioning. Audit dates come from either the audit report as indicated or, lacking this, off of the GitHub commit date. Total values for number of public audits, number of 2017 audits and total audits from 2018 is a direct sum of all audits performed, broken down by year.

Disclaimer

This is the second edition of our report and we made every effort to ensure the accuracy and validity of any data published here. However, there is always room for improvement. Please contact us if you believe we have made an error or you would like us to include additional data in future editions.

About SolidStamp

SolidStamp connects smart contract users and security auditors to ensure the safety of their Ether and tokens. We maintain an on-chain database of smart contract audits so you can be sure you are investing your funds securely. SolidStamp allows you to hire top-notch security specialists to audit the contract you plan to use to confirm their authenticity and security.

On-chain registry of Ethereum smart contract audits: https://www.solidstamp.com Discontinued