Home » Services » Ethereum-Smart-contract-Audit

Ethereum Services

Smart Contract Audit for Ethereum

The audit process for Ethereum smart contract is based on the comprehensive approach we follow to investigate the code for security flaws and potential vulnerabilities, and best possible ways to mitigate them.

Importance of Audit(security)

Smart contract hold assets of millions of worth, all the issues and security flaws must be solved before deploying on mainnet.

Secure code has high chances of project success.

Your code should justify your use-case.

If your smart contract Verified by 3rd party Auditor, it gains value in the market as well as attract investor.

Our Ethereum Audit Services


Blockchain / Platform Audit

It is generally of the combined nature (smart contract + backend with wallets). We identify and research on best optimisations possible with the smart contract that may save the precious gas of Ethereum. We focus to make the platform more efficient and secure overall.


Smart Contracts Audit

A Smart contract audit is a process to test the source code against all known vulnerabilities and attacks. A Smart Contract audit identifies and prevents the deployment of security vulnerabilities that may cause to loss. Both business case logic and security point of view are considered.

How We Process

quillaudits process quillaudits process

Our Ethereum Audit Items

ID Title Relationships Test cases

Unencrypted Private Data On-Chain

CWE-767: Access to Critical Private Variable via Public Method


Code With No Effects

CWE-1164: Irrelevant Code


Message call with hardcoded gas amount

CWE-655: Improper Initialization


Hash Collisions With Multiple Variable Length Arguments

CWE-294: Authentication Bypass by Capture-replay


Unexpected Ether balance

CWE-667: Improper Locking


Presence of unused variables

CWE-1164: Irrelevant Code


Right-To-Left-Override control character (U+202E)

CWE-451: User Interface (UI) Misrepresentation of Critical Information


Typographical Error

CWE-480: Use of Incorrect Operator


DoS With Block Gas Limit

CWE-400: Uncontrolled Resource Consumption


Arbitrary Jump with Function Type Variable

CWE-695: Use of Low-Level Functionality


Insufficient Gas Griefing

CWE-691: Insufficient Control Flow Management


Incorrect Inheritance Order

CWE-696: Incorrect Behavior Order


Write to Arbitrary Storage Location

CWE-123: Write-what-where Condition


Requirement Violation

CWE-573: Improper Following of Specification by Caller


Lack of Proper Signature Verification

CWE-345: Insufficient Verification of Data Authenticity


    Missing Protection against Signature Replay Attacks

    CWE-347: Improper Verification of Cryptographic Signature


      Weak Sources of Randomness from Chain Attributes

      CWE-330: Use of Insufficiently Random Values


      Shadowing State Variables

      CWE-710: Improper Adherence to Coding Standards


      Incorrect Constructor Name

      CWE-665: Improper Initialization


      Signature Malleability

      CWE-347: Improper Verification of Cryptographic Signature


      Block values as a proxy for time

      CWE-829: Inclusion of Functionality from Untrusted Control Sphere


      Authorization through tx.origin

      CWE-477: Use of Obsolete Function


      Transaction Order Dependence

      CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')


      DoS with Failed Call

      CWE-703: Improper Check or Handling of Exceptional Conditions


      Delegatecall to Untrusted Callee

      CWE-829: Inclusion of Functionality from Untrusted Control Sphere


      Use of Deprecated Solidity Functions

      CWE-477: Use of Obsolete Function


      Assert Violation

      CWE-670: Always-Incorrect Control Flow Implementation


      Uninitialized Storage Pointer

      CWE-824: Access of Uninitialized Pointer


      State Variable Default Visibility

      CWE-710: Improper Adherence to Coding Standards



      CWE-841: Improper Enforcement of Behavioral Workflow


      Unprotected SELFDESTRUCT Instruction

      CWE-284: Improper Access Control


      Unprotected Ether Withdrawal

      CWE-284: Improper Access Control


      Unchecked Call Return Value

      CWE-252: Unchecked Return Value


      Floating Pragma

      CWE-664: Improper Control of a Resource Through its Lifetime


      Outdated Compiler Version

      CWE-937: Using Components with Known Vulnerabilities


      Integer Overflow and Underflow

      CWE-682: Incorrect Calculation


      Function Default Visibility

      CWE-710: Improper Adherence to Coding Standards

      Frequently Asked Questions

      What is Ethereum Smart Contract Audit?
      It is the process to scrutinize the smart contract code based on the Ethereum blockchain. It is a thorough analysis of the code against vulnerabilities and loopholes to ensure there are no errors in the source code.
      How do you audit Ethereum smart contracts?
      Our Ethereum smart contract audit process begins with the code specification gathering, where we get to know the behaviour of the smart contract. After this, there is unit testing followed by static analysis and formal code verification to identify coding flaws. Then the manual analysis and initial report are submitted with all the vulnerabilities and issues to be fixed.
      What are the key benefits of passing an Ethereum contract audit?
      The major benefit of an Ethereum smart contract audit is that the chances of your project getting hacked by an attacker are nullified. As the root cause behind any smart contract exploit is the vulnerabilities in the code, with audits, those vulnerabilities and loopholes are mitigated as the code is tested against severe critical conditions. Audits help projects build trust and authority before users, partners, and investors.
      How much does it cost to audit an Ethereum smart contract?
      On average, the cost lies between $1500 to $15k. However, it depends on the lines of code and the code complexity of the Ethereum smart contract. The above is a broad range; the cost varies based on the project size.
      What issues can be identified during the Ethereum contract audit?
      We scrutinize the Ethereum contract code against vulnerabilities which were behind recent exploits. We thoroughly examine the code against all the vulnerabilities in the SWC registry. Some common loopholes we check are; Reentrancy, Integer Overflow and Underflow, Unprotected Ether Withdrawal, Floating Pragma, and others.

      Trusted by 700+ web3 Products

      Secure Your Projects on Ethereum Blockchain with QuillAudits Smart Contract Auditing Services

      Request an Audit