We often get asked about smart contract auditors, so here we offer a brief explanation of what smart contract auditing entails along with a list of firms providing smart contract auditing services.
What is a smart contract?
The term smart contract implies an autonomously self-enforcing version of a traditional contract. However, a smart contract is in reality just a piece of software that runs on the blockchain. It is executed automatically when certain conditions are met (such as payment being made).
Smart contracts as with any type of software come with a risk in terms of security and exploits. There can potentially be loopholes in the software’s code where malicious actors are able to take advantage of or use the smart contract in a way where it was not intended.
In 2016, an early decentralized autonomous organization (DAO) was launched to be an investor-directed venture capital fund, named The DAO. Onlookers expressed concerns about vulnerabilities in The DAO’s smart contract code, but these issues were not able to be fixed before the launch of The DAO. While the bug remained in the smart contract code, an attacker exploited it and $60 million of ether was stolen.
Smart contract auditors
Smart contract auditors are a way to evaluate the code of a smart contract to check and validate its security, reliability, and efficiency for potential threats. In the case of The DAO, smart contract auditors would have been a great way to reduce the chances of this vulnerability persisting if it was found earlier before the launch. Third-party auditors are available for checking over exploits and ensuring there are no security issues in the code that can prompt a malicious attack.
By having your smart contracts audited by an independent party, you can reduce many security risks associated with deploying smart contracts. With third party auditors, you are able to get a fresh pair of eyes on your smart contract code, catch common mistakes, and increase public confidence that your application is safe to use.
Below is a list of smart contract firms, a few of whom we have worked with
- Chain Security
- ConsenSys Diligence
- Fairyproof *
- Hacken *
- Halborn
- OpenZeppelin Audits
- OXORIO
- Peckshield
- Quantstamp *
- Secure3
- SlowMist
- Solidified
- Trail of Bits
- Zokyo
*accepted as audit proof by CoinMarketCap for listing purposes
There are also crowd-sourced security auditing and bug bounty finders with a growing popularity in the web3 space such as the ones below. They bridge the gap between traditional security audits and post-developmental bug bounties.
If you would like us to add your firm to the list or have other questions about smart contracts and auditing, please reach out and we would be happy to have a chat!
[Updated 2024-06-28]