Trusted by the Top Names in Web3
Broken Access Control? No chance! See How QuillAudits Resolved 4 Critical Issues in Brahma Fi Console
Minimize security risks in your Rust Smart Contracts
Missing signer checks
Solana programs rely on AccountInfo::is_signer to verify if a transaction is signed by the authorized account. Missing this check can allow unauthorized access.
Missing ownership checks
Programs should verify the AccountInfo::owner field to ensure accounts are used as intended. Not checking ownership could lead to unintended consequences.
Cross-program invocation depth
Solana limits nested program calls to prevent complex attacks; understanding this is vital to avoid related vulnerabilities.
Unsafe Rust code
Rust offers default memory safety, but unsafe blocks can bypass these safeguards. We Careful review it to avoid memory corruptions like buffer overflows.
Over-reliance on Anchor abstractions
Anchor simplifies development, but over-reliance on its abstractions can obscure Solana concepts, potentially introducing unnoticed vulnerabilities.
Dependency management
Anchor projects rely on external dependencies. Updating these dependencies is crucial to addressing any security issues in those libraries.
OUR AUDIT PROCESS
We follow a Multi-Layered Audit Framework, which is a holistic security approach that combines manual expertise, automated testing, and independent verification.
| Title | Relationship | |||||
|---|---|---|---|---|---|---|
| Rust Smart Contract Security Best Practices | We check best practices for secure Rust development in smart contracts, such as using libraries and tools designed for secure coding in the Solana or NEAR ecosystem. | |||||
| Account Ownership & Permissions | Assess how the smart contract manages account ownership and access control mechanisms. Look for vulnerabilities that could allow unauthorized access or manipulation of accounts. | |||||
| Solana Program Libraries (SPLs) | Analyze the use of SPLs (standardized libraries) within the smart contract for known vulnerabilities or potential misuse. | |||||
| Cross-Program Invocations (CPIs) | Evaluate how the smart contract interacts with other Solana/NEAR programs through CPIs. Identify vulnerabilities in how data is passed or how responses are interpreted. | |||||
| Syscalls & Solana Runtime | Assess the use of system calls provided by the Solana/NEAR runtime environment. Ensure proper error handling and validation for any interaction with the runtime. | |||||
Get an Audit done today for your Smart Contract
Join 1400+ leaders who secured themselves from losing Billion Dollars
We audit smart contracts on these blockchains and more
What will you get after a Rust Smart Contract Audit?
Ecosystem & Dev Support
You'll receive our Ecosystem Support, which leverages the network of our esteemed partners, VCs, and clients to enhance your project's visibility and credibility.
Certification and Audit Report
Upon completion of the audit, you will receive a Certification and Audit Report to demonstrate that your project has been "Audited by QuillAudits".
Co-Marketing
Get co-marketing support to boost your project’s visibility and grow your presence in the ecosystem.
Project & Accelerator Support
Access resources and mentorship to accelerate your project’s development and ecosystem impact.
WHAT OUR CLIENTS SAY
FREQUENTLY ASKED QUESTIONS
Check Out Our Work
We've audited top DApps and DeFi protocols, ensuring they remain secure and free from any exploit. Check out their audit reports to see our impact.
Read the Reports
OTHER SERVICES
Explore our specialized services designed to cater to specific protocols, from intelligent agents to real-world assets and decentralized finance.
Penetration Testing
Identify vulnerabilities in your system infrastructure and codebase. - Simulate real-world attacks to evaluate the current security measures.
- Receive a comprehensive report with prioritized remediation steps.
RWA Audit
- Verify the on-chain representation of real-world assets such as real estate, commodities, or securities.
- Assess legal frameworks, tokenization logic, and custody mechanisms for full compliance and asset-backed assurance.
- Identify risks related to off-chain data feeds, price oracles, and collateral mismanagement.
DeFi Audit
- Audit smart contracts powering DeFi protocols, including DEXs, lending platforms, and yield aggregators.
- Uncover vulnerabilities like reentrancy, oracle manipulation, and economic exploits through rigorous manual and automated testing.
- Deliver a transparent audit report with actionable insights and recommendations for secure protocol deployment.
