Having an audit done by a competent firm is a must have for any smart contract, and with the expertise of QuillAudits it will be done flawlessly. The audit process for Ethereum smart contract is based on the comprehensive approach we follow to investigate the code for security flaws and potential vulnerabilities, and the best possible ways to mitigate them.
Smart contracts become crucial if you are developing on the Ethereum blockchain. When you are dealing with such a critical component having users' and investors' funds locked in it, safety becomes the top priority. With a thorough analysis and scrutiny of the code, you can detect those vulnerabilities before malicious actors exploit them. At QuillAudits, we help Web3 projects built on the Ethereum blockchain achieve credibility and gain users' and investors' trust by mitigating contract risks.
The smart contract code is examined to find the areas that fall short of quality standards, increasing the risk portion of the contract exploitation. Our veteran smart contract auditors conduct a hands-on review to analyse the bug exposure in the contracts, thereby offering remediation to fix the issue and prepare for the safe launch of the contract.
Equipped with an industry-leading suite of security tools, we run the code through automated scanners to get rid of the minute possibility of missing out on any flaws in the contract. The manual code review combined with the automated security checks terminates the scope of security vulnerabilities in the Ethereum contracts.
Automated Security Check
The project’s behaviour is studied by launching it on the testnet, which helps assess its performance on the mainnet. The experts spot any shortcomings in the functioning, and mitigation guidance is offered to the project development team to rectify the errors before deployment.
A vulnerability report provides an extensive summary of the project studied throughout auditing. It covers the complete details about the observations on vulnerability issues, their associated severity level, mitigation suggestions and whatnot to enhance the security and thereby the efficiency of Ethereum smart contracts.
Detailed Vulnerability Reports
It is generally of the combined nature (smart contract + backend with wallets). We identify and research on best optimisations possible with the smart contract that may save the precious gas of Ethereum. We focus to make the platform more efficient and secure overall.
A Smart contract audit is a process to test the source code against all known vulnerabilities and attacks. A Smart Contract audit identifies and prevents the deployment of security vulnerabilities that may cause to loss. Both business case logic and security point of view are considered.
|SWC-100||Function Default Visibility||CWE-710: Improper Adherence to Coding Standards|
|SWC-101||Integer Overflow and Underflow||CWE-682: Incorrect Calculation|
|SWC-102||Outdated Compiler Version||CWE-937: Using Components with Known Vulnerabilities|
|SWC-103||Floating Pragma||CWE-664: Improper Control of a Resource Through its Lifetime|
|SWC-104||Unchecked Call Return Value||CWE-252: Unchecked Return Value|
|SWC-105||Unprotected Token Withdrawal||CWE-284: Improper Access Control|
|SWC-106||Unprotected SELFDESTRUCT Instruction||CWE-284: Improper Access Control|
|SWC-107||Reentrancy||CWE-841: Improper Enforcement of Behavioral Workflow|
|SWC-108||State Variable Default Visibility||CWE-710: Improper Adherence to Coding Standards|
|SWC-109||Uninitialized Storage Pointer||CWE-824: Access of Uninitialized Pointer|
Each year, millions drain down the crypto hacks. Here are a few examples how hackers took advantage of the loopholes in the code to escape with millions:
In March 2022, $615M were stolen from Ronin Network, a platform powering the popular mobile game Axie Infinity.
In August 2021, the criminals transferred $611M-worth of Poly Network tokens to three wallets they controlled.
In September 2020, $275m worth of cryptocurrency was stolen from the Singapore-headquartered exchange KuCoin.
Caption: Values calculated according to cryptocurrency prices at the time of the theft
Source: Statista/Bloomberg, Business Insider, TechCrunch, CNBC, Ronin Network, Vice.
Very professional and timed delivery. Also very prompt in responses and queries.
The team is very supportive and they were able to work as per our requirements
QuillAudits did a great job with our audit, was very professional and provided quick service
QuillAudits provided security enhancements for Polygon projects, earning positive feedback for their prompt and high-quality service as an auditing partner.
Visit our FAQs help centre to clear out any doubts or queries you may have regarding us and our services.Explore FAQs
DeFi & NFT Hacks, CTFs, and Blockchain Security Insights Straight to your Inbox. Explore our weekly newsletter: HashingBits. Stay updated on everything we’re publishing. Stand a step ahead.