Skip to content

This repository contains a mindmap on smart contract auditing methodology and different steps in how to audit a smart contract.

Notifications You must be signed in to change notification settings

Quillhash/Smart-contract-Auditing-Methodology-mindmap

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 

Repository files navigation

Smart-contract-Auditing-Methodology-mindmap

Untitled

PDF Version: Auditing-Methodology-Mindmap

Mindmap Link: https://xmind.works/share/LoZXVn0y

1. Information Gathering:

  1. It involves reading Technical documentation about the project.
  2. Understanding What project wants to deliver
  3. Any undocumented features
  4. Whitepaper of Projects

2. Understanding the Code:

  1. Read the Code line by line
  2. Understand the core logic of Contracts.
  3. Detailed business logic review and smart contract architecture
  4. Access control map, Fund flow map

3. Static analysis by automated tools.

  1. Mythx
  2. Slither
  3. Mythril
  4. Manticore
  5. Manually Verify the result as these tools generate lots of false positives.

4. Test against the standard list of vulnerabilities.

  1. SWC Registry
  2. Solidity Attack Vectors
  3. List-of-Security-Vulnerabilities

5. Functional Testing:

  1. Running unit tests provided by Auditee.
  2. Functional Testing for various edge case scenarios.
  3. Writing POCs for the manual findings:
    1. Hardhat
    2. Foundry
    3. Brownie (Deprecating soon)
    4. Ape
    5. Truffle
  4. Remix Deployment [Optional]
  5. Gas Optimizations Test Reports

6. Fuzz Testing

  1. Echidna
  2. Foundry Fuzz-Testing

7. Provide Recommendations and Generating Reports

  1. Provide Recommendations and fixes for Bugs.
  2. Audit report preparation and Final submission.

About

This repository contains a mindmap on smart contract auditing methodology and different steps in how to audit a smart contract.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published