You’ve probably heard the phrase smart contract audit many times. We all know that audits are very important, but what exactly do the auditors do? Keep reading to find out!
Table of contents
- Why smart contract audit
- Smart contract audit basics
- What happens during a smart contract audit
As always, to answer tough questions, it is helpful to start from definitions.
A smart contract is a computer protocol intended to digitally facilitate, verify, or enforce the negotiation or performance of a contract. Smart contracts allow the performance of credible transactions without third parties. These transactions are trackable and irreversible. © Wikipedia
Even if you don’t understand all the words in this definition, the one word you should pay attention to is irreversible.
There are a lot of areas where it makes no sense to overthink what you’re doing. If your soup is too bland you can always add a little bit more salt. If you don’t like the green button on your website you can always change it to blue.
A smart contract system, however, cannot be changed once it has been published (unless you are a VC-backed pseudo-decentralized company and you have specifically introduced a backdoor into your system, such as Bancor, 0xProject or Kyber Network (Hint: the last one hasn’t had issues yet, and their code looks safe to use. However, they needlessly introduced admin functionality, which means that a government or a hacker can stop trading. It is also withdrawable, meaning Kyber admin, a hacker or a government can seize all digital assets from Kyber smart contracts. Don’t do that! Instead, read our DEX architecture review.).
Because smart contracts deal with money, operations in smart contracts are irreversible, and there is no way to make changes to a deployed smart contract, the cost of a mistake is very high. As such, smart contract developers should learn from NASA and medical robot industries. Their projects cost billions of dollars to make, and the cost of a mistake is usually the loss of all this money, time, and sometimes even people’s lives.
To reduce the risk of such horrible events happening you can hire experts to audit your code.
A smart contract audit needs three inputs for it to happen:
- The code of the smart contract.
- An auditor - somebody who is an expert at smart contract security.
- Human language (e.g. English if the auditor speaks English) description of the smart contract’s desired goals and the way it is intended to be used. EOS community calls this a Ricardian Contract.
The output of a smart contract audit is typically a report that describes what steps an auditor has undertaken to break the Ricardian Contract, as well as all the issues that the auditor has found. Some of those issues can be minor, and act more as advice rather than a complete ban. Some of the issues can be severe, in which case the dev team and the auditor may work together to resolve them before publishing the smart contract onto the blockchain.
First, the auditor needs to familiarize themselves with the submitted code and Ricardian Contract. The auditor needs to understand what the dev team was trying to accomplish before they can proceed with further assessment.
Then, a combination of automated tools and auditor’s experience are being used to assess the smart contract’s security. While there is no substitute for a good human brain of an auditor, no human is infallible, and automated tools help the auditor focus on the most important, creative things while leaving more detailed brute-forcible checks to the machine.
Depending on the type of smart contract and available budget, the auditor will choose some of the following:
- Symbolic execution tools (e.g. mythril, Oyente, manticore). These tools are aimed at finding the most typical vulnerabilities, such as unprotected self-destruct that caused Parity to lose $150M.
- Automated testing (e.g. solidity-coverage, sol-cover). It is common practice, and a good thing, to write automated tests alongside the main smart contract code. Not only do these tests help developers focus on building new features without worrying about breaking the old ones, but a good test suite acts as the best documentation.
- If time and budget permits, formal verification is the best combination of security that humans and machines can achieve (e.g. SMTChecker, K Framework). These tools are like symbolic execution tools on steroids. Not only can these discover some typical bugs, but they also let the auditor verify certain properties of the logic of your smart contract. For example, if your smart contract is an ERC-20 token, you might want to specify that transferring coins from one wallet to another does not change the total supply of the token.
Discoveries from running these tools should be documented, even if they didn’t find any issues (which is usually a testament to high code quality). If there are any issues, the auditor should triage them: are those just little minor issues that don’t cause any harm, or are these issues severe enough that the smart contract should be rewritten?
The report should finish with a recommendation: ready to be deployed or send back to more work.
A bad smart contract can ruin your business’s reputation and cause material harm such as loss of funds. Before you proceed with deploying a smart contract on a blockchain it is wise to hire an expert smart contract auditor to take a look at your code and fix the bugs before they become liabilities.
Support Saturn Network continue developing new features such as Atomic Arbitrage by participating in our IDEO or upcoming HODL programs!