DeFi Smart Contract Security Audit

Systematically analysing and evaluating the risks associated with the DeFi projects

Why Get Your Project A Diligence By QuillAudits

Having a due diligence done by a competent firm is a must have for any project, and with the expertise of QuillAudits it will be done flawlessly. The due diligence process for DeFi is based on the comprehensive approach we follow to investigate the code for security flaws and potential vulnerabilities, and the best possible ways to mitigate them.

security

Why DeFi Due Diligence?

While interacting with DeFi protocols, users' and investors' funds are likely to be stolen. Due Diligence in a DeFi project is one of the crucial steps in analysing DeFi protocols before using them.
There is a steep rise in DeFi-related scams and cryptocurrencies being stolen; having a thorough analysis of the DeFi project can help avert them. Investigating a DeFi project by considering the movement of funds between address to address can save users and investors from fraudulent activities in the DeFi ecosystem that is vulnerable and should be approached cautiously.

security

Risks associated with the DeFi Ecosystem

QuillAudits acknowledges the significant threats linked to the DeFi ecosystem, which can lead to many critical possibilities.
We identify ways the system is susceptible to be gamed or abused, what parts are exposed to centralisation risks like the point of interaction with oracles, and what governance mechanisms are in place that could be a potential threat to the investor funds.

Coding Risk

Coding Risk

The complex nature of DeFi protocols is not surprising that there are errors in the code that can provide malicious parties with an attack vector through which hackers can steal funds. One such attack was on DeFi protocol SushiSwap which was exploited for between $10,000 and $15,000.

The risk posed as it is trivial for a malicious party to take control of the singular source of data and manipulate the market to their profit. Oracles are a possible source of systemic risk, and their data feeding role is prone to manipulation.

Centralization Risk

Centralization Risk

Financial Risk

Financial Risk

DeFi protocols are based on public blockchains. These blockchains typically have a native digital asset. The price-performance of the asset of the supporting blockchain is likely to affect the value of the holdings locked in a DeFi protocol. While this may lead to profit, it is also possible that there are losses.

Unfortunately, due to a combination of factors, such as a lack of understanding and the complexities in technology, some regulators and jurisdictions are not in favour of the DeFi space. Fortunately, this issue is likely to be alleviated with time.

Regulatory report

Regulatory Risk

NECESSARY

Benefits of DeFi Due Diligence

Intrinsic Risks
Intrinsic Risks

Risk mechanisms that are, by default, incorporated into a protocol's design are referred to as intrinsic protocol risk. Even if the protocols function as they should, they pose significant dangers to investment plans. With DeFi due diligence, risks can be mitigated from centralised counterparties to programmable mechanics in a protocol.

Extrinsic Risks
Extrinsic Risks

Attacks such as oracle manipulations, flash loan exploits or attacks exploiting contract logic bugs are extrinsic risks associated with DeFi protocols. Thorough analysis helps in identifying whether a trustworthy firm audits the protocol you are dealing with or not.

Blockchain Risks
Blockchain Risks

DeFi protocols depend on the blockchain infrastructure on which they are built. Compromising parameters like consensus mechanisms on a specific blockchain can lead to vulnerabilities in DeFi projects on those platforms. We check for the dependency of these protocols on the underlying blockchains.

Marketplace Risks
Marketplace Risks

If the asset price significantly changes from when the liquidity was delivered to the pool, investors in non-stablecoin AMM pools may experience losses. We analyse the traditional market risk elements like volatility and price manipulations that can impact investors' funds.

THE POSITIVES

What Should One Look For While Carrying out DeFi Due Diligence?

White Paper

White Paper

You should be cautious if a white paper briefly summarises a protocol without detailed information on the working of the protocol. If a project fails to explain its mechanism, it should be considered a Red Flag.

Documentation

Documentation

It tells how to interact with the protocol; verifying the documentation's uniqueness is one way to spot potential scams, as a good project has its documentation written by the project team.

Team

Team

It's often not a good sign when team members only post about and hype up the token for their project. A successful project team concentrates on the result, which is the protocol itself rather than the token.

Tokenomics

Tokenomics

Approaching projects with a sizable portion of the token supply allocated to insiders and project team members should be done cautiously. Tokenomics helps to understand the economic condition of protocol.

Process

How we Process

Process Flow Diagram
Know More

THE DETAILS

Our Smart Contract Security Blueprint

Map Image
QuillAcademy IconLearn More about Web3 Security

A Comprehensive Look at Hacks and Scams in Web3

Each year, millions drain down the crypto hacks. Here are a few examples how hackers took advantage of the loopholes in the code to escape with millions:

In March 2022, $615M were stolen from Ronin Network, a platform powering the popular mobile game Axie Infinity.

In August 2021, the criminals transferred $611M-worth of Poly Network tokens to three wallets they controlled.

In September 2020, $275m worth of cryptocurrency was stolen from the Singapore-headquartered exchange KuCoin.

Top ten biggest cryptocurrency thefts by estimated losses as of June 2022

Caption: Values calculated according to cryptocurrency prices at the time of the theft

Source: Statista/Bloomberg, Business Insider, TechCrunch, CNBC, Ronin Network, Vice.

Hacks GraphCurious about the most common types of vulnerabilities and attack vectors in the Web3 space? Our Hackerboard can help you stay informed

PORTFOLIO

Latest Work

Therapoid Smart Contract Audit Report

Therapoid Smart Contract Audit Report

View
TheRugGame Smart Contract Audit Report

TheRugGame Smart Contract Audit Report

View
Bored & Lucky Smart Contract Audit Report

Bored & Lucky Smart Contract Audit Report

View
PixelWar Smart Contract Audit Report

PixelWar Smart Contract Audit Report

View
Browse through Our Audits

PROOF OF CAPABILITIES

Why QuillAudits

Check List

1000+
Audits Completed

Money Bag

$30B
Secured

Software Development

1M
Lines of Code Audited

Years of Experience

6+
Years of Experience

TESTIMONIALS

What our Clients are saying

PI-Protocol

I can absolutely recommend working with QuillAudits, great work together, high level of advising and reviewing!

Gorden Kirisits

Gorden Kirisits

PROJECT FOUNDER, PI - PROTOCOL

BCUBE

You guys rock, and I really will stick with you guys. I will even look at the opportunity to go to other services that you are providing.

Erwan Rouzel

Erwan Rouzel

CTO, BCUBE

Azomland Metaverse

The whole experience was good, from the beginning to the delivery of the final certification certificate. Undoubtedly a professional job and with a focused attention to understand the project. 100% recommended.

Niccolas

Niccolas

CEO, Azomland

BetSwirl

On top of doing our security audit, the team identified ways to decentralize further the governance and management of our smart contracts.

Romuald Hog

Romuald Hog

Co-Founder, BetSwirl

Pandora Finance

Our experience with QuillAudits was pretty good. They helped us improve our protocols in many spectrums, security being one of them.

Pushkar Vohra

Pushkar Vohra

CEO, Pandora Finance

Polylastic

While researching similar companies, I came across QuillAudits and from the moment we first contacted, we were constantly supported and the process went smoothly.

Niko Sairanen

Niko Sairanen

Technology Director

Pathfund

The whole experience was far better than we expected. The reports given by quill team were outstanding and we do see quill as one of the top auditing companies currently. If things evolve in the same way as until now, we predict that quill has everything it needs to be the top company for auditing.

Alexander

Alexander

CEO, Path Fund

Aquarius Exchange

Quillhash team was very meticulous in planning our smart contract audit and they did a very good job identifying issues with our code and also provided us with a crystal clear understanding of the potential fix as well. The Audit report is comprehensive and have a pretty smooth flow as well.

Varun Singhi

Varun Singhi

Blockchain Business Strategies

Kichee

QuillAudits helped us with the auditing of our smart contract and even helped us with amazing feedback! It was a good experience with them and hope to work again with them.

Ambar Gupta

Ambar Gupta

Head of Technical Development,Kichee

CXN Network

It was an awesome experience with QuillAudits, for sure. Everything was fast, smooth and perfect; I can't seem to see any loophole

Azeez Ibrahim

Azeez Ibrahim

COO, CXN Network

Finblox

I enjoyed working with QuillAudits because they were very responsive and patient with us. They followed up with us professionally and overall a positive experience with everyone.

Charlie Phan

Charlie Phan

Head of Operations

Sportiqo

It was quite a wonderful service and the customer experience was top-notch.

King Favour

King Favour

Team Member

V2SOFT

QuillAudits were very professional in executing the audit and providing valuable suggestions to V2SOFT. Their quick turnaround and style of audit is really commendable.

Naveen Namperumal

Naveen Namperumal

Delivery Head

BITLEARN GALAXY

It was really awesome experience working with QuillAudits, best thing about QuillAudits is their expert team committed to provide their best service in stipulated time. The Best

Qais Qasim

Qais Qasim

Team Member

Starly

Very satisfied. You were the ones who could start the audit much earlier than others.

Valery Leushin

Valery Leushin

CTO

Jadu.ar

The complete Audit process from beginning to delivery was Smooth.

Arpit Toshniwal

Arpit Toshniwal

Project Manager

AssetMantle

The process was made quite simple by QuillAudits. The turnaround time was less which was favorable for us.

Kamlesh Parikarath

Kamlesh Parikarath

Product Manager

CryptoUnity

The team was very helpful at solving problems that they identified at reviewing our smart contract.

Sandi Ε penko

Sandi Ε penko

Founder

WalliD

Pretty fast process and good reporting.

Filipe Veiga

Filipe Veiga

Founder

Enedex

The auditing process was professional and on-time.

Pavuk

Pavuk

Team Member

The Centaurus.io

Very Knowledgeable, professionals, very smooth experience. Thank you for your professionalism.

Shaker Sangam

Shaker Sangam

Founder

UrDEX Finance

All great, quick response, high efficiency, high responsible team.

Son Pham

Son Pham

Founder

Zenland

Everything was top-notch. Its our first experience with audit agencies. Happy so far.

Dior Khasanov

Dior Khasanov

Founder

Tryvium Travels

Very skilled people, kind. Overall very good experience with QuillAudits.

Alessandro Sanino

Alessandro Sanino

CTO

Voltage Finance

Amazing service and attention to detail!

Voltage Finance

Voltage Finance

Team Member

AI Pepe

Our overall experience with QuillAudits was exceptionally positive. Their smart contract audit services demonstrated expertise, thoroughness, and clear, timely communication, instilling confidence in the security of our smart contract. They not only met deadlines but also delivered results promptly. We highly recommend QuillAudits as a trusted partner for smart contract security.

AI Pepe

AI Pepe

Team Member

Polygon DAO

QuillAudits provided security enhancements for Polygon projects, earning positive feedback for their prompt and high-quality service as an auditing partner.

Polygon DAO

Polygon DAO

CORE TEAM

DCOM

All great, quick response, high efficiency, high responsible team.

DCOM

DCOM

Team Member

Melodity

Got a smart contract audit for 10 contracts, spetted and helped solving multiple bugs.

Melodity

Melodity

Team Member

Archean Resources Pty Ltd

The service was extremely professional on time and budget. The staff are all well trained and know their tasks. Very satisfied.

Archean Resources Pty Ltd

Archean Resources Pty Ltd

Team Member

Advon LLC

It was just fantastic. Created a safe and secure contract audit.

Advon LLC

Advon LLC

Team Member

Stage4All

We had a great experience working with QuillAudits! Communication was perfect and they delivered on time! Besides working closely with our devs they also took the time to explain their findings to our management who dont have the same level of deep understanding about smart contracts.

Stage4All

Stage4All

Team Member

Redefined

Very responsive, fast and detailed audits by QuillAudits.

Redefined

Redefined

Team Member

Last Man Standing

They have been very helpful and cooperative with us, we cant thank them enough for giving us this opportunity :)

Last Man Standing

Last Man Standing

Team Member

Taisys Technologies

We have sent 6 smart contracts for auditing and experienced the quality auditing service from QuillAudits.

Taisys Technologies

Taisys Technologies

Team Member

MetaMerce

QuillAudits is always as expected fast, efficient, supportive.!

MetaMerce

MetaMerce

Team Member

SpaceFi

QuillAudits delivered the audit Fast with professional service.

SpaceFi

SpaceFi

Team Member

ArtSwap, LLC

QuillAudits services are Professional, timely, and cost-effective.

ArtSwap, LLC

ArtSwap, LLC

Team Member

Shamlatech

It was a Great experience getting our Audit done by QuillAudits.

Shamlatech

Shamlatech

Team Member

Crepe Inc

You are kind, smart and communicative, it was a pleasure to work with you.

Crepe Inc

Crepe Inc

Team Member

StrongHands

Guys are really fast and are hardworking to deliver the best experience.

StrongHands

StrongHands

Team Member

Ginoa

Fast & Clean.

Ginoa

Ginoa

Team Member

Mrweb Finance

The whole audit process was done within a desirable time frame. The team demonstrated a high level of professionalism in dealing with us.

Mrweb Finance

Mrweb Finance

Team Member

CrickDAO

It was super smooth and the whole process with QuillAudits was beyond the expectations. As a start-up we guys are looking for something genuine & QuillAudits is way ahead of our expectations.

CrickDAO

CrickDAO

Team Member

ChainCollection

Initially when we talked with Audit company they said they will deliver it on so and so day but it was delayed by 3-4 days. Reason behind this was complexity of our contract [5000+] which took longer for them and they did it with complete responsibility. Their recommendation also helped us a lot in later stage so I would recommend if any of my friends looking for Audit.

ChainCollection

ChainCollection

Team Member

Bitsliced

Fast, professional, and always a quick response.

Bitsliced

Bitsliced

Team Member

Cronospad Technology Limited

It was really smooth. Team at QuillAudits cooperated and helped us know the vulnerabilities in our smart code and also suggested possible ways to fix. Excellent support during the process.

Cronospad Technology Limited

Cronospad Technology Limited

Team Member

CrazySnake

QuillAudits is a professional and attentive auditing firm.

CrazySnake

CrazySnake

Team Member

Carpe Diem Savings

It felt like the auditing team was available within a short timeframe, which was excellent. The auditing process looked thorough, and I really appreciate the fact that you took time to investigate GAS optimizations. However, some issues found were a bit far-fetched and in were not about the security.

Carpe Diem Savings

Carpe Diem Savings

Team Member

PlayTrade Win

Service from QuillAudits was Smooth as silk.

PlayTrade Win

PlayTrade Win

Team Member

FAQ

Frequently Asked Questions

Visit our FAQs help centre to clear out any doubts or queries you may have regarding us and our services. or reach out to us directly at Telegram.

Explore FAQs
What is DeFi Diligence?
DeFi Due Diligence is the methodical examination to analyse risks associated with DeFi protocols. It is a systematic way to identify possibilities in which the system is prone to threats. It helps users and investors identify what parts of a DeFi project are exposed to risks and could potentially threaten their funds.
What issues can be identified during DeFi Diligence?
Why DeFi Diligence Important?

Trusted by 1000+ Web3 Products

Clients Logo
Clients Logo
Clients Logo
Clients Logo
Clients Logo
Clients Logo
Clients Logo
Clients Logo

NEWSLETTER

Security First Newsletter by QuillAudits

DeFi & NFT Hacks, CTFs, and Blockchain Security Insights Straight to your Inbox. Explore our weekly newsletter: HashingBits. Stay updated on everything we’re publishing. Stand a step ahead.

Newsletter