How to perform a smart contract audit?

Dmitry Mishunin
Jan 29, 2018 · 2 min read
Image for post
Image for post

Last year our HashEx team performed more than 50 smart contract audits and wrote more than 100 smart contracts. In this post we want to share HashEx smart contract audit framework. This framework is suitable for any DApp, not only the ones built on Ethereum network.

Before we start describing typical security issues in smart contracts, we want to say a few words about the audit report structure. HashEx audit report consists of 7 sections:

  1. Disclaimer. This part of report is actually more important than you would think. As auditor you need to explain to your client that passing your audit is not the ultimate security insurance. Everyone can make mistakes and you are not an exception.

Now that you know how to structure audit information, let’s talk about typical issues.

  1. Unit tests passing, checking tests configuration (matching the configuration of main network);

Once you checked against the issues above, you can use auto-testing tools to polish your audit report. Do not expect that they will make a serious contribution, but sometimes they could be useful.

HashEx website: https://hashex.org

Connect with me via LinkedIn https://www.linkedin.com/in/dmitrymishunin/

HashEx Blog

HashEx — blockchain consulting and development company, ICO…

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch

Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore

Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store