Authored by Timothy Hao Chi Ho
And making public the ChainSafe Audits Github repo
Faulty smart contracts could be the death knell of your blockchain projects.
In an industry as young as blockchain's, a well-reviewed security audit of your smart contracts vs. none could mean the difference between complete trust in a well-functioning protocol or a critical contract flaw resulting in the loss of user funds and absolute loss of faith in your project. This is why so many industry leading projects in the space regularly call upon other leaders in the space to review, audit, and help make suggestions in optimizing a protocol's smart contracts. This sort of open collaboration forms the backbone of our decentralized ethos and showcases the hand-in-hand grassroots nature of the garden of blockchain, with which we are all called upon to nurture and tend to.
Here at ChainSafe, we are proud contributors to the open source ecosystem, and we are so grateful to receive opportunities to work closely with industry leading projects and experts everyday. We live for this sort of collaboration, and are so happy to share and leverage our domain expertise, especially with Ethereum and Solidity.
While the consensus guaranteeing state transitions in a blockchain can be secure, the applications that get built on top of that consensus layer may not be. When an exploit or fault is found, the consensus will do its job guaranteeing the carrying out of faulty smart contract logic. This necessitates rigorously examined smart contracts to mitigate the asymmetric downside risk of badly written code. It takes diligence and a fine-eye for detail to comb through complex smart contract code with untold - often hidden - downstream effects. Failure to assess smart contracts for potential faults have led to many infamous hacks, harming many more multiples of that in financial value and community reputation. But positively, as a result of the transparent nature of blockchain, we sit in an antifragile position to absorb and learn from these hacks, and bolster our understanding of vulnerabilities in smart contracts. As a result of collaborating with other projects in the space by cross-examining smart contract code, we can help build a world with a robust smart contract economy where we can trustlessly rely upon the interactions of the interconnected Web 3.0.
How can ChainSafe help?
We have an in-house team of Solidity engineers that are regularly called upon to battle-test and safeguard smart contracts, working with top-tier blockchain projects such as Connext Network and The Graph. Today, with consent from our partnering organizations and in keeping with the values of the open-source communities, we make public our ChainSafe/audits github repo, and happily share our security audits for all to view. To date, we have publicized our audits with Connext, Gas Station Network, Ethereum Push Notification Service, Ribbon Finance, and The Graph.
All this to say, if your smart contract code ever needs an audit, then please reach out to firstname.lastname@example.org! It would be our pleasure to consult your project. :)
The reviews make no statements or warranties about the utility of the code, safety of the code, suitability of the business models, regulatory regimes for the business models, or any other statements about fitness of the contracts for any specific purpose, or their bug free statuses.
The review documentation is for internal management discussion purposes only and should not be used or relied upon by external parties without the express written consent of ChainSafe Systems.
If you are interested in getting involved and contributing to our projects, check out our Github. If you would like to get in contact with one of our team members, feel free to drop by on Chainsafe's Discord, or email email@example.com. We would love to know more about you, your team and your project!
Thank you to David Ansermino and Aidan Hyman. Your contributions were invaluable to the making of this article.