B
Bored Ape Crypto Club
Guest
An audit is a form of independent verification of an organization's activities.
In the cryptocurrency sector, smart contracts are audited. Because contracts are the weak point of any project.
A smart contract audit is a check of the project code for vulnerabilities to minimize the project's scam.
How does an audit happen?
For example, the Uniswap protocol is updated to V4 and in order to be safe to use, their smart contract needs to be checked. To do this, an independent team is invited to conduct audits for a fee and the audit begins.
The audit takes place in several stages:
Collection of documentation.
Documents such as project architecture, whitepaper and other materials upon request are selected. This is necessary so that auditors understand the task, logic and context of the project.
Automated testing.
At this stage, auditors conduct tests of functions, methods and a penetration test. All possible smart contract states are analyzed and gross code violations are identified.
Manual code review.
A team of programmers examines the code line by line for architectural or logical errors and vulnerabilities. Manual code review also allows you to optimize the program and reduce commission costs.
The error found is classified as follows:
Critical error - affects the security of the entire protocol.
Serious error - an error in the logical structure that can lead to the loss of user funds or control over the protocol.
Average error - affects the overall performance or reliability of the platform.
Minor error - not the most efficient code that does not compromise the security of the project.
Information error - related to the form/presentation of information.
After checking and identifying errors, a report is compiled in which auditors suggest ways to solve problems in the code. This report is assigned to the project and can be viewed by anyone. And the same report will indicate the errors found. If the project has fixed the errors, then you need to re-check and the whole process again. But many projects ignore error correction. Which leads to hacking and loss of funds. So the presence of an audit in the project does not mean its security. You need to delve into the report, look at the identified shortcomings and their elimination.
In the cryptocurrency sector, smart contracts are audited. Because contracts are the weak point of any project.
A smart contract audit is a check of the project code for vulnerabilities to minimize the project's scam.
How does an audit happen?For example, the Uniswap protocol is updated to V4 and in order to be safe to use, their smart contract needs to be checked. To do this, an independent team is invited to conduct audits for a fee and the audit begins.
The audit takes place in several stages:
Collection of documentation.Documents such as project architecture, whitepaper and other materials upon request are selected. This is necessary so that auditors understand the task, logic and context of the project.
Automated testing.At this stage, auditors conduct tests of functions, methods and a penetration test. All possible smart contract states are analyzed and gross code violations are identified.
Manual code review.A team of programmers examines the code line by line for architectural or logical errors and vulnerabilities. Manual code review also allows you to optimize the program and reduce commission costs.
The error found is classified as follows: Critical error - affects the security of the entire protocol. Serious error - an error in the logical structure that can lead to the loss of user funds or control over the protocol. Average error - affects the overall performance or reliability of the platform. Minor error - not the most efficient code that does not compromise the security of the project. Information error - related to the form/presentation of information.After checking and identifying errors, a report is compiled in which auditors suggest ways to solve problems in the code. This report is assigned to the project and can be viewed by anyone. And the same report will indicate the errors found. If the project has fixed the errors, then you need to re-check and the whole process again. But many projects ignore error correction. Which leads to hacking and loss of funds. So the presence of an audit in the project does not mean its security. You need to delve into the report, look at the identified shortcomings and their elimination.