Trail of Bits digs deeper into the construction of smart contracts than any other team because they have invested in building the best available tools - many of which are open source — for assessing the security of smart contracts, the security implications of the Solidity language, and the Ethereum Virtual Machine (EVM). This suite of tools represents their decades of experience in information security, an asset they constantly enrich as chair of the Enterprise Ethereum Alliance Security Task Force, and apply to help keep the community informed about the latest developments in Ethereum security. Contact their consulting practice for unmatched expertise and support with your smart contracts.
Smart contract audit process
Pre-Audit Scoping and Agreement
Parties define the project, its requirements, and goals and the Trail of Bits team provides guidance to prepare for the audit.
Audit Activities
Team applies a comprehensive suite of tools to quickly and automatically uncover bugs, conducts review of the system architecture for design flaws and performs a detailed manual code review, as well as build custom tooling for difficult-to-analyze project components.
Weekly Status Updates
Trail of Bits reports on actions taken throughout the week and describe each confirmed vulnerability in detail, as well as review engagement plan for the following weeks and implement any changes to plan based on feedback.
Final Delivery
Team prepares a final report and delivers a list of identified security properties and code to informally or formally verify them with static analysis, fuzzing, or symbolic execution. They also provide guidance on other topics, such as operational security, threat hunting, and policy.
Continued Guidance
Parties connect via shared Slack to answer questions about the remediation process. Client also receives access to Crytic, a continuous assurance system for Ethereum smart contracts that provides automated security reviews via Github Pull Requests. Finally, during regular office hours Trail of Bits engineers will also take questions on blockchain technology, development and security tools. For more detailed info about the audit process please visit the Trail of Bits website.
Connect
TWITTER
2021 SmartContractAudits.com. All Rights Reserved.