Sui Blockchain is a layer 1 blockchain designed to enable creators and developers to build experiences catering to the next billion users in web3. It is a permissionless, proof-of-stake blockchain with smart contract capabilities. Sui aspires to deliver Ethereum-style capabilities but with better design and tools for scaling. It has been designed to provide instant settlement and high throughput, making it suitable for on-chain use cases like DeFi and GameFi.
Sui blockchain uses Move as its native programming language for writing smart contracts.
Connecting with you
You must have been added to a closed group with the Auditing Team by this time. You would be connected with the Project Manager and the Auditors through this dedicated channel during the process for collaboration and instant resolution. At any point, if you face any query or find a need to discuss anything - we are just a message away!
Things We Cover in Move Contract Audit Process but not limited to:
We ensure your smart contract goes through all the stages, from manual code review to automated testing, before generating the Initial Audit Report. Once your team updates the code, we thoroughly scrutinise the smart contract to provide you with the Final Audit Report. Let's dive deep into it and explore more.
This is the most crucial stage because the detail is key for a successful smart contract security audit. Here is how you can prepare for it:
Code quality
Use comments to document complex parts of the code and ensure these are consistent with the code.
Test the code
This will maximize focus on the difficult parts of the code. Auditing should not discover that some functions are uncallable or do not do what they are expected to do under entirely straightforward inputs. Optimal auditing should focus on unexpected, corner-case, and possibly adversarial behaviour.
Code freeze
After freezing the code, we will gather the specifications from you to know the intended behaviour of the smart contract through the 'Smart Contract Specification' document.
How can you help?
Please ask your developers to fill out the specification doc - It would help us to understand & verify the business logic and facilitate confirming everything thoroughly.
Here we would look for undefined, unexpected behaviour and common security vulnerabilities. The goal is to get as many skilled eyes on contract code as possible. Aims of manual review:
Testing with automated tools is essential to catch those bugs that humans miss. Some of the tools we would use are (based on the requirement/auditor preference, we use specific tools) :
In the end, we will provide you with a comprehensive report, which we call an Initial Audit Report (IAR):
How can you help?
You have to prepare an 'Updation Summary' or 'Comment Report' carrying details of the changes you've made after getting the IAR; this would help us identify the changes and test them rigorously.
Note - Please acknowledge that we start the Audit Process once the Audit Scope is frozen ( commit hash or explorer link ). If you make any changes to the code between the process, we can check the updated code only after delivering the Initial Audit Report. We cannot abort the process in between and start working on the updated code.
After initial audit fixes, the process is repeated, and the Final Audit Report is delivered. There is a possibility that even after the fixes you've made, some issues are still not resolved, and/or those changes have led to a few more issues.
So, after receiving the Final Audit report, you have to take a call (based on the severity table containing the unresolved issues) on whether to alter the code again or to move forward as it is.
Following the completion of the second audit review, the Fixed codebase, along with the comprehensive audit report, will be formally delivered to our dedicated Vigilant Squad. This elite team is comprised of world-class security researchers, each possessing extensive experience and expertise in identifying and analyzing vulnerabilities within complex systems. The Vigilant Squad will undertake a meticulous and in-depth review of both the codebase itself and the accompanying report. They will dedicate their full time and resources to this critical task, leveraging their specialized skills to proactively search for and uncover any potential security issues, however subtle they may be. In the event that the Vigilant Squad discovers any vulnerability, security flaw, or other issue, we will be notified immediately, ensuring swift action can be taken to mitigate any potential risks.
How you can help?
You have to prepare an 'Updation Summary' or 'Comment Report' with details of the changes in case, if you get any New issues from our side; this would help us identify the differences and test them rigorously.
After getting the green light from the previous Step, we sent the report-designed PDF of the Audit Report, displaying all the necessary details of the auditing process.
Sample Audit Report - Swarm Security
Then, the report is uploaded to our official GitHub Repository
, after which we share the link to the Audit Report.
After the Final Audit report, we take your project in front of the masses through :
Social Media Announcements
LinkedIn - X (Twitter) - Telegram - Reddit - Medium
The completion of this step depends on the calendar availability of our Marketing Team. Therefore, this step might take some time to complete.
AMA Sessions
Niche Targeted PR Services
Organize Product Launches, Community Meetups, etc.
QuillAudits is a leading blockchain security firm with 7 years of experience, securing $30B in TVL with multi-layered audit framework, across 1400+ projects in DeFi, GameFi, NFT, Gaming, and all blockchain layers.
Our senior auditors conduct line-by-line code reviews, combining manual & AI-driven audits for smart contracts on 20+ chains including Ethereum, BSC, Arbitrum, Algorand, Tron, Polygon, Polkadot, Fantom, NEAR, & Solana. We also offer token risk assessments & real-time monitoring tools to fortify Web3 security.
Beyond audits, we’ve hosted 50+ global events and 300+ workshops to educate and support the Web3 community.