An audit is the last thing you need before the smart contract starts working

22 July 2022

next article
Ivan Bocharov


Ivan  Bocharov
An audit is the last thing you need before the smart contract starts working

A thorough check of smart contracts with the aim of correcting all possible flaws, or in other words, an audit, is a mandatory condition before the start of electronic transactions. To be more precise, it is not necessary, but we would really like every user to consider it as such, because it is the audit that determines how useful your smart contract will be. Unlike other modern IT areas, smart contracts have certain features that should not be forgotten, namely:

It is not possible to change an already launched smart contract;

The length of the code has certain limitations;

Contract execution on the blockchain is not free.

Aviva specialists are responsible for the audit of smart contracts of customers, since all further activities of customers will depend on their report. We trust the automatic audit only to search for critical errors, an approximate list of which is widely known to robotic systems. But the correction of logical errors, the search for vulnerable places, and optimization is done purely manually, which ensures an impeccable result. But where can the shortcomings lie?

Blockchain, code and gas

Blockchain technology is known for its reliability and it really is. At the same time, many people do not distinguish between the system and the people who cooperate with it - developers, consultants and various hackers. Since smart contracts involve the transfer or blocking of significant funds, there are bound to be people who seek to benefit from them in a dishonest way. And it's very easy to do if you deal with customers who don't understand anything about code. Even minor interventions in the code at the stage of its writing can lead to fatal consequences - the capture of your funds by third parties. At the same time, the blockchain remains a reliable system — it will simply do what is programmed in the smart contract.

Thus, the first thing an audit can detect is the compliance of the code with the specified purpose of creating a smart contract. Low-level Solidity language, where the code is quite easy to read, and it is quite possible to find third-party commands. The commands themselves are also important: their logic, simplicity and consistency directly affect the cost of maintaining a smart contract in the future. In e-transactions, each team is a luxury, as each thread adds to the amount of gas to process it on the blockchain. Therefore, well-written smart contracts are usually calculated only in kilobytes.

From the above, it is clear that a long and illogical smart contract code will cost you more gas. You can view what and how much it costs here. And under the condition of cyclical repetition, all this will turn into unmotivated extra costs, actually for nothing. Audit with gas calculation allows you to optimize the code and avoid unnecessary overpayments.

How does the audit take place?

As you know and as already mentioned at the beginning, a smart contract that has been launched cannot be stopped or changed. In fact, this is not entirely true, but editing is possible only if, when creating a specific smart contract, the possibility of making changes was specified in the code. That is why we believe that the smart contract audit should be the final chord in the creation of every new electronic agreement. The verification takes place on the test service, which allows you to simulate the environment of the blockchain platform.

Avivi specialists practice an individual approach to each client, but the general procedure of a smart contract audit looks like this:

Determination of the sphere of activity of the smart contract, the direction of the project, its architecture, features, etc. This will help auditors to better understand the logic of the smart contract and its goals;

Providing a preliminary estimate of cost and time. In case of agreement, the client receives a commercial offer, a deal is concluded and the process begins. Please note that our company additionally signs NDA, so you can be sure of the confidentiality of our work;

Conducting automated tests and audits by auditors. The stage ends with the creation of a draft report indicating intermediate results, problem areas and proposals for their elimination;

If the customer agrees, we perform the work and issue a final report with a list of completed tasks and the result.

From the auditors

From experience, we would like to note that the best method of finding vulnerabilities in modern smart contracts is to simulate an attacker's attack. Most often, they are related to the problem of re-entry, when the interaction occurs without updating information about recent transactions, overflow of an integer, which can usually have 18 digits after the decimal point, as well as situations where an illiterately structured code can indicate the intention of the owner of the contract to perform various actions on market. All this can be found, corrected and the smart contract can be started with peace of mind. So take your time: let's do an audit first, so that later we don't regret not doing it.

Similar articles
Apply for a consultation

We will reach out to within 10 minutes