Services
Stronghold provides 2 formats of smart contract audit services:
Combo audit is the main format of code review, which involves checking the entire code base by solo auditors of the Stronghold community and parallel checking by a dedicated full-time Lead auditor.
Workflow:
The community of solo auditors, in parallel with the full-time Lead auditor, conducts an interim audit to detect all possible vulnerabilities.
Solo auditors provide the Lead auditor with their reports with a list of detected findings by the specified date.
The Lead auditor validates and triages all received bugs and generates a single interim audit report, which is provided to the Customer.
After receiving comments and bug fixing on the Customer’s side, the Lead auditor conducts a re-audit.
Upon completion of the re-audit, the Lead auditor provides the Customer with a final report.
Private audit will be the most suitable format for those projects who are not willing to provide access to the smart contracts code to the broad community of solo auditors as part of an open and competitive contest, but who want to take advantage of a more conventional form of private audit with a dedicated experienced team limited by the number of participants to ensure best audit and service practices.
Workflow:
The Customer signs NDA with the involved auditors of Stronghold and provides access to the private code base to be audited.
Stronghold estimates the scope, prepares a private audit proposal and selects a dedicated team of 3 full-time auditors (1 Lead auditor and 2 solo auditors from the Stronghold community who have the highest rating according to the Leaderboard and the most relevant experience in auditing protocols with similar business logic).
Stronghold ensures that the auditors involved have verified their identity using the eKYC tool and provides the necessary information to the Customer.
The dedicated team, consisting of 1 Lead auditor and 2 auditors, conducts an interim audit to detect all possible vulnerabilities and provides the Customer with an interim audit report.
After receiving the Customer's comments and bug fixing, the dedicated audit team performs a re-audit.
Upon completion of the re-audit, the dedicated audit team provides a final report to the Customer
*Stronghold can arrange an additional iteration of the Audit contest\Interim audit if, after providing an interim audit report to the Client and making changes to the initial code, the actual volume of the scope increases by more than 15% due to the addition of new logic and functionality of smart contracts. In this case, an additional contest\interim audit is to be carried out with the appropriate overhead payment.
Last updated