Smart Contract Audit FAQ
What is a smart contract?
Do not let the word contract confuse you. Smart contracts have very little to do with legal stuff. Smart contracts are computer programs. However, unlike normal computer programs, smart contracts are executed on the Blockchain. Main purpose of smart contracts is to embody certain logic when executing transactions on the Blockchain. As such, smart contracts are ideal for creating a so called "trustless environment".
Why smart contracts are powerful?
If smart contracts are normal computer programs, what does make them so powerful? Because smart contracts "live" on the Blockchain, once they are published, they cannot be altered. It means that, if I review a smart contract and make sure that it will do what it pretends to do, I can be sure that it will perform the same way today, tomorrow or after ten years. However, how can you be sure that the smart contract will execute intended logic? You are right. Unless you are a programmer or someone with deep knowledge of smart contract programming language (for example Solidity), you have no way to know that smart contract does not contain bugs or other security issues. Enter smart contract audit.
What is smart contract audit?
Smart contract audit is a process by which a reputable third party verifies a smart contract and produces an audit report. If issues are discovered during the audit process, the report documents those issues along with recommended actions.
Is smart contract audit really required?
Smart contract audit is not cheap. Audit of even very simple smart contract may cost thousands of dollars. Audit of complex smart contracts costs tens of thousands of dollars. Is the cost justified? To answer this question, you need to understand clearly, what smart contract audit may give you. Smart contract audit must serve several stakeholders.
The most important goal of smart contract audit is to ensure that Ether (in case of Ethereum smart contracts) is not stolen or hacked by malicious attackers. This goal directly addresses needs of a smart contract operator. Imagine your project raises millions of dollars worth Ether and then money is stolen.
Secondary goal of smart contract audit is to ensure that the smart contract works as expected by customers, users and investors. A solid smart contract audit report gives peace of mind to users and investors of a smart contract.
Can original developers do smart contract audit?
This is a question that I get very often. If a programmer was able to develop a smart contract, why he or she cannot do its audit? This is a well-known problem in programming. Normally a person who develops software cannot ensure that the software does not contain security issues or vulnerabilities.
How smart contract audit is done?
There are several techniques to do a smart contract audit. It is possible (and recommended) to do automatic tests. However, maximum quality of audit is achieved by manually reviewing the smart contract source code and verifying that the source code is free of bugs and vulnerabilities. Of course, this is a very simplified view of the audit process. In reality, the process is quite involved and time-consuming.
I hope this article gives you a clear picture about what smart contract audit is and why it is important to hire a reputable third party auditor to perform audit. While smart contract audit is not cheap, the investment is justified in almost all cases. Unless your smart contract does not deal with money (which is very rare), smart contract audit is a must. If you need professional, yet affordable smart contract audit service, feel free to get in touch at any time. I provide competitive rates and fast turnaround time.