Security Audits & Code Reviews

Security in the blockchain world is mandatory! We use a collection of tools to ensure that your smart-contracts is working as intended and no issues or unexpected behaviors will happen.

Frequently Asked Questions

How are performed security audits and code reviews?

Our security audits and code reviews are performed through several steps:

  1. A basic “human” analysis of the code, in order to understand how the contract should work and try to find any obvious errors or unexpected behaviors.
  2. A static analysis of the code, performed using Solhint, Solium, Mythril, Manticore and Smart Check.
  3. A dynamic analysis, performed using Ganache, Truffle, Mocha, a series of tests and attacks written in Solidity and Javascript.

What kind of report do you deliver?

At the end of each security audits and code reviews, we deliver to our client a full report with the following structure:

  • Introduction: Overview, Scope, Methodology, Terminology
  • Findings: Detailed findings with the corresponding impact (High, Medium, Low) and a solution to solve each issue
  • Conclusion: What are the main findings and if the contract can be released in its current state
  • Appendix: All the reports from the tools we used and the tests we performed

Are the security audits and code reviews reports public?

No, unless you want to release them! We strongly recommend to do so, in order to contribute to the Ethereum ecosystem and to prove the reliability of your project.

Feel free to visit our Github repo to see our most recent work!