Arbitrary Execution Inc. (AE) is a team of security researchers with experience in mission critical offensive security capability development for the US Government. Our focus is bringing our offensive security expertise, tactics, techniques, and hacker mindset to securing the crypto ecosystem. AE provides services for smart contract auditing, design consulting, software research and development, and training. AE's security researchers have extensive experience in finding exploitable vulnerabilities both on and off the blockchain and for developing research tools to help in this effort.
AE will review all available documentation associated with the project to form a high-level understanding of the architecture and contract interactions, while confirming any assumptions with the client. Different attack scenarios will be formulated depending on the contract application, and this puts additional focus on specific areas of the source code. AE’s approach to smart contract audit is hybrid: A line-by-line manual review of the source code looking for vulnerabilities, and both static and dynamic analysis using automated tools. Any ancillary issues discovered during the review (documentation errors, bad practices, etc.) will also be documented. Two auditors are assigned to each audit and these steps are performed independently by each auditor so that every line of code gets multiple looks. As issues are found, they are classified by category and according to severity, and a brief writeup of each issue is generated, with a recommended course of action. These issues are collected into an initial report which is provided at the end of the audit period to the client for remediation. Once the client has performed fixes, AE will verify the fixes and update the audit report for final delivery.