Smart Contract Audit.

About SMART CONTRACT AUDIT

Introduction.

Blockchain technology and "smart contracts" are going to revolutionize our lives. The security and code integrity of your project is the foundation of your Ethereum Smart Contract.Certain protocols can be followed and automated to protect against many common security issues and reliability threats.

Our Mission.

We provide Smart Contract security services, including smart contract auditing and Decentralized Application (dApps) Penetration Testing. Our Mission is to ensure that code behaves as intended and is free from security loopholes. Our clients include cryptocurrency exchanges, ICOs and other established businesses leveraging blockchain technologies.

Why Smart
Contract Audit.

A recommended method for an independent smart contract audit is to discover and resolve any issues before the contract is deployed. Every piece of the smart contract code should be audited and reviewed under a watchful eye. Before a transaction takes place, smart contracts involve a set of rules that must be satisfied. There are two main reasons why security audits are necessary:

  1.      To protect against security hacks and vulnerabilities.
  2.      To ensure that the code will execute as expected.

The most important approach is a review from trusted vendor to find bugs, vulnerabilities, and security misconfigurations in smart contracts which may have been unnoticed at the production level. If your smart contract is prepared to be deployed, then this would be the last opportunity to save your project from becoming a victim of crypto hacks due to the irreversible nature of smart contracts.

THE APPROACH

Methodology

evaluate-security@3x

Design Analysis

We first inspect the manual and automated analysis of the overall structure of the smart contract. The design pattern analysis checks the appropriate test coverage, utilizes a liner to ensure consistent style and composition, and code comments are reviewed. The overall architecture and safe usage of third party smart contracts are checked to ensure that the contract is structured in a way that will not result in any future issues.

evaluate-security@3x

Static Analysis

The static analysis portion of our audit is performed by using a series of automated tools which are designed to test the security of the contract. These tools include: Manticore, Mythril, Oyente, and Solgraph.

evaluate-security@3x

Manual Analysis

The most intensive part of our audit is to perform hands-on review of the smart contract to identify common vulnerabilities.

evaluate-security@3x

Network Behavior

In addition to our design pattern check, we also specifically look at network behavior. We model how the smart contract will operate once in production, then determine the answers to questions such as:

  • How much gas will be used?  
  • Are there any optimizations?  
  • How will the contract interact?
Smart Contract

Top 10 Vulnerabilities

dast-1@3x

Reetrancy

dast-1@3x

Access Control

dast-1@3x

Arithmetic Issues

dast-1@3x

Unchecked Low Level Calls

dast-1@3x

Denial of Service

dast-1@3x

Bad Randomness

dast-1@3x

Race Condition

dast-1@3x

Time Manipulation

dast-1@3x

Short Address Attacks

dast-1@3x

Transaction Ordering Dependency

dast-1@3x

Transaction Ordering Dependency

dast-1@3x

Transaction Ordering Dependency

Resources

Connect with Us

Request for Resource

Sample Report

Take a look at the deliverable

Case Study

Know how Application VAPT helps you

Newsletter

Cyber Security in 60 Words

Get weekly news and updates to your inbox!

Vimal Nair

Chief Technology Officer

Nowcom

We are extremely pleased with the results of Secure Source Code Auditing service from WeSecureApp (WSA). The expert team at WSA were able to identify a large list of vulnerabilities that were missed by our internal team reviews and multiple third party PEN testers. The WSA team was proactive in ensuring that the fixes were applied correctly, including multiple code reviews as well as follow up tests. Without a review from the experts at WSA, I believe we would be operating our critical applications with a false sense of security.