SmartDec has been solving complex IT problems since 2009. They are specialists in a wide range of areas, including security audits, static analysis tools, decompilation and technical consulting. Their team member have more than 15 years of experience in decompilation and security analysis and hold PhDs in these areas. In the area of blockchain they provide security audits for smart contracts, DApps (front-end, back-end, and interactions between them), custom blockchains, 2nd layer scaling solutions and crypto wallets.
The client provides access to the codebase (via the link to the repo, or simply by sending an archive). Team replies with the estimate on the costs and timeline.
Team scans the smart contracts with both publicly available and proprietary security tools as well as with their own open source tool, SmartCheck. Any issues found by the tools are then checked manually and rejected or confirmed.
The smart contracts are then fully and thoroughly analyzed manually (this includes the checks for bugs, vulnerabilities, code quality, irrational gas consumption, etc.). The logic of the contracts is verified and compared with the logic described in the documentation/whitepaper. The smart contracts are then deployed to a Testnet to check tests coverage (if any). They are also checked for ERC20 compliance, if applicable.
The report includes comprehensive description of found issues along with recommendations on how to fix them. Optionally, a call can be scheduled with the client to further clarify any of the reported points.
Optionally, after the developer updates the code, they perform one free recheck to make sure everything is fixed. After this they prepare a final retrospective report. The final report reflects the interaction of SmartDec and customer to achieve the secure code.