Authored by Oleksii Matiiasevych
A smart contract is simply a program that runs on a blockchain. It's a collection of code (functions) and data (state) that resides at a specific address. The increasing number of these programs, and the growing amount of capital they control, make their security more important than ever.
To that end, we wanted to share some of our experiences auditing smart contracts since 2020. Below we'll explore what a smart contract audit actually entails, what are the benefits, what are some common vulnerabilities and fixes, how to prepare for one, and much more. Let's dive in!
What is a Smart Contract Audit?
Smart contract audits are crucial to ensuring that code is secure and reliable. While smart contracts are immutable by design, the code that underlies them often has flaws or weaknesses. Such vulnerabilities have been historically exploited, resulting in spectacular financial losses and reputational damage.
A smart contract audit aims to reduce the amount of these losses - identifying potential flaws or bugs and addressing them before the contract is deployed. Or sometimes, an audit is conducted shortly after a launch while the risk is still relatively low.
Conducting an audit (or, ideally, multiple audits) significantly increases the chances that your code is fortified against any would-be attackers.
Benefits of Smart Contract Audits⚔️
By identifying vulnerabilities, a smart contract audit helps avoid potential losses. In addition, they enhance security, increase transparency, and - among other things - can improve the efficiency of a protocol's contracts.
By addressing issues at the beginning, it's possible to reduce risk and save costs associated with any errors. In addition, an objective review of a contract's code and functionality is often vital in increasing user confidence. After all, no one wants to put their funds into a platform or application that cannot provide any credible guarantee of safety.
Audits can also help address potential inefficiencies in the code that would otherwise result in excessive gas consumption and higher transaction fees for the users. For example, an audit team may suggest alternative algorithms or design patterns which may be more efficient.
Types of Smart Contract Audits
There are different types of smart contract audits that a decentralized application (Dapp) or protocol developer might choose from. Understanding the range of options and their respective benefits can help you choose the most appropriate one for your needs.
Here are a few examples.
Formal verification audit: uses mathematical and logical reasoning to prove that a smart contract behaves as intended. While more resource-intensive, this audit type typically offers the highest level of assurance.
Code review audit: involves analyzing the smart contract's source code to identify potential security vulnerabilities. While less thorough than a formal verification audit, it offers a clear picture of any flaws in the codebase.
Penetration testing audit: attempts to exploit vulnerabilities in the smart contract in order to determine its level of security. This audit type focuses on identifying either potential attack vectors or any weaknesses in the smart contract's design.
Functional testing audit: primarily tests the smart contract's functionality to ensure it performs as intended. This audit type is focused less on security and more on the contract's performance and usability.
Take the necessary steps to protect your project by [enlisting the help](mailto: firstname.lastname@example.org) of ChainSafe security experts.
Most Common Smart Contract Vulnerabilities🐞
Most audits uncover a laundry list of issues and categorize them by severity. Over the years, we've built a track record by auditing dozens of smart contracts across a network of top-tier protocols like 1inch, The Graph, or Push.
Here's a sampling of the most frequent issues that we've encountered.
Reentrancy attacks: allows attackers to re-execute a contract before the current execution is completed, causing the contract to behave unexpectedly or even resulting in the loss of funds.
Integer overflows/underflows: integer overflows and underflows occur when a value exceeds its maximum or minimum limit, respectively. Attackers often exploit them to put a contract into an invalid state or to bypass function conditions.
Dependency vulnerabilities: smart contracts often rely on external libraries or services to function (dependencies), which could introduce weaknesses that attackers may exploit.
Unauthorized access: If a smart contract does not properly restrict access to certain functions or data, it can be vulnerable to unauthorized access and manipulation from attackers.
Lack of input validation: if a smart contract does not properly validate user input, it can be prone to vulnerabilities like buffer overflows, unintended behavior, and other attacks that may compromise the security of the contract.
Onchain random number generation: something that is commonly done improperly and could end up being a point of weakness.
Delve into more vulnerabilities:
Costs of a Smart Contract Audit
The cost of a smart contract audit depends on numerous factors. For example, a code review audit of a smart contract, limited in scope, can be relatively inexpensive. In contrast, a formal verification audit of an intricate smart contract is much more involved and, therefore, more expensive.
Not all audits are created equal, which, of course, factors into the price.
Naturally, what makes sense in terms of expenditure is derived from an evaluation of how much value is at risk. While everyone has practical constraints, choosing a budget option or foregoing an audit altogether is generally inadvisable.
This is because a smart contract that has not been adequately vetted for flaws or insecurities can be a massive liability. But in many cases, hiring a reputable smart contract auditing company is a reasonable step to ensuring an objective and thorough review.
Performing a Smart Contract Audit
Making the right preparations ahead of the audit can greatly improve the speed and efficiency of the entire process. Ideally, project developers know what they want, communicate it clearly, and grant access to well-configured code via a repository in a timely fashion. Generally speaking, developers should use industry-standard security practices, do some threat modeling, and test the contracts on their own before the start of the audit process.
If you're not sure where to start, here's a preparation checklist:
👉 Outline requirements
👉 Provide documentation
👉 Provide access to clean & executable code
👉 Verify audit scope
👉 Grant access to an exhaustive test unit
Our smart contract audit approach typically involves four key steps.
At a high level, these include:
First, research the project's codebase to fully grasp the business logic, all the actors involved, and the system's purpose.
Second, determine why users would interact with the protocol, what the features' lifecycle is, and what the purpose behind every user-facing function is. Upon completion, we aim to thoroughly understand all state variables to the point where we can easily explain the protocol and how it functions.
Then, we inspect every function and how it interacts with all the other functions it calls to fully understand how their state is affected. We verify each function's access control, the state of returned values, and the values of input parameters like minValue or maxValue.
The third step involves reevaluating all the state variables and functions. We do this by identifying the purpose of every expression, validating whether the expression is fundamental to the code, and determining its impact if deemed non-essential. At the end of this analysis, we have a clear understanding of every constant and state variable's role and how or when it could change.
Lastly, we deliver an extensive report with findings uncovered in the previous steps. The team can implement necessary modifications and pass the updated code for final verification. Then we deliver and publish, sometimes with a co-announcement of the results with our clients.
Smart contract auditing - final thoughts
Over the years, ChainSafe has become one of the most trusted names in the smart contract auditing space. Since our first review of Connext's vector state channel contracts, we've built a network of partners like 1inch, Push, NiftyKit, The Graph, and many others.
We conduct smart contract, off-chain, networking, and front-end audits to enhance your decentralized application's security. We've fine-tuned our process to ensure the reliability of any contract we review, and best of all, we're blockchain agnostic.
Need a quote or want to get started on an audit? 👉 Contact Us