Ethereum Services

Smart Contract Auditing Services for Ethereum Blockchain

QuillAudits offers advanced Ethereum, EOS, TRON smart contract audit, blockchain protocol security and formal verification to ensure your platform’s integrity.

Importance of Audit(security)

Smart contract hold assets of millions of worth, all the issues and security flaws must be solved before deploying on mainnet.

Secure code has high chances of project success.

Your code should justify your use-case.

If your smart contract Verified by 3rd party Auditor, it gains value in the market as well as attract investor.

Our Ethereum Audit Services

service

Blockchain / Platform Audit

It is generally of the combined nature (smart contract + backend with wallets). We identify and research on best optimisations possible with the smart contract that may save the precious gas of Ethereum. We focus to make the platform more efficient and secure overall.

service

Smart Contracts Audit

A Smart contract audit is a process to test the source code against all known vulnerabilities and attacks. A Smart Contract audit identifies and prevents the deployment of security vulnerabilities that may cause to loss. Both business case logic and security point of view are considered.

How We Process

quillaudits process quillaudits process

Our Ethereum Audit Items

ID Title Relationships Test cases
SWC-136

Unencrypted Private Data On-Chain

CWE-767: Access to Critical Private Variable via Public Method

SWC-135

Code With No Effects

CWE-1164: Irrelevant Code

SWC-134

Message call with hardcoded gas amount

CWE-655: Improper Initialization

SWC-133

Hash Collisions With Multiple Variable Length Arguments

CWE-294: Authentication Bypass by Capture-replay

SWC-132

Unexpected Ether balance

CWE-667: Improper Locking

SWC-131

Presence of unused variables

CWE-1164: Irrelevant Code

SWC-130

Right-To-Left-Override control character (U+202E)

CWE-451: User Interface (UI) Misrepresentation of Critical Information

SWC-129

Typographical Error

CWE-480: Use of Incorrect Operator

SWC-128

DoS With Block Gas Limit

CWE-400: Uncontrolled Resource Consumption

SWC-127

Arbitrary Jump with Function Type Variable

CWE-695: Use of Low-Level Functionality

SWC-126

Insufficient Gas Griefing

CWE-691: Insufficient Control Flow Management

SWC-125

Incorrect Inheritance Order

CWE-696: Incorrect Behavior Order

SWC-124

Write to Arbitrary Storage Location

CWE-123: Write-what-where Condition

SWC-123

Requirement Violation

CWE-573: Improper Following of Specification by Caller

SWC-122

Lack of Proper Signature Verification

CWE-345: Insufficient Verification of Data Authenticity

    SWC-121

    Missing Protection against Signature Replay Attacks

    CWE-347: Improper Verification of Cryptographic Signature

      SWC-120

      Weak Sources of Randomness from Chain Attributes

      CWE-330: Use of Insufficiently Random Values

      SWC-119

      Shadowing State Variables

      CWE-710: Improper Adherence to Coding Standards

      SWC-118

      Incorrect Constructor Name

      CWE-665: Improper Initialization

      SWC-117

      Signature Malleability

      CWE-347: Improper Verification of Cryptographic Signature

      SWC-116

      Block values as a proxy for time

      CWE-829: Inclusion of Functionality from Untrusted Control Sphere

      SWC-115

      Authorization through tx.origin

      CWE-477: Use of Obsolete Function

      SWC-114

      Transaction Order Dependence

      CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

      SWC-113

      DoS with Failed Call

      CWE-703: Improper Check or Handling of Exceptional Conditions

      SWC-112

      Delegatecall to Untrusted Callee

      CWE-829: Inclusion of Functionality from Untrusted Control Sphere

      SWC-111

      Use of Deprecated Solidity Functions

      CWE-477: Use of Obsolete Function

      SWC-110

      Assert Violation

      CWE-670: Always-Incorrect Control Flow Implementation

      SWC-109

      Uninitialized Storage Pointer

      CWE-824: Access of Uninitialized Pointer

      SWC-108

      State Variable Default Visibility

      CWE-710: Improper Adherence to Coding Standards

      SWC-107

      Reentrancy

      CWE-841: Improper Enforcement of Behavioral Workflow

      SWC-106

      Unprotected SELFDESTRUCT Instruction

      CWE-284: Improper Access Control

      SWC-105

      Unprotected Ether Withdrawal

      CWE-284: Improper Access Control

      SWC-104

      Unchecked Call Return Value

      CWE-252: Unchecked Return Value

      SWC-103

      Floating Pragma

      CWE-664: Improper Control of a Resource Through its Lifetime

      SWC-102

      Outdated Compiler Version

      CWE-937: Using Components with Known Vulnerabilities

      SWC-101

      Integer Overflow and Underflow

      CWE-682: Incorrect Calculation

      SWC-100

      Function Default Visibility

      CWE-710: Improper Adherence to Coding Standards

      Subscribe to our newsletter

      Get the latest QuillAudits smart contract audit guidelines , events, blogs sent straight to your inbox every week.