Audit-readiness check-list

In order to evaluate the audit scope and get an estimate, the Customer must provide:

  • a link to the GitHub repository

  • a list of smart contracts to be audited

  • the target commit

  • (for diff audit) the initial commit - the commit from which the fork was made

  • (for diff audit) a link to the audit report for the initial commit

For greater audit efficiency, it's desirable (but not mandatory):

  • running tests

  • documentation describing the protocol logic

  • natspec for functions in smart contracts

  • compliance with coding style for contracts

The timing and budget of the audit contest are based on:

  • the number of code lines (empty lines, comments are not counted in the evaluation)

  • the use of known and audited libraries (e.g. OpenZeppelin, these contracts are excluded from the evaluation)

  • the degree of integration and interaction with other protocols and projects, both known and unknown. (The less interaction there is, the faster it is. The better known the project is, the faster it is.)

  • (for diff audit) the number and degree of changes to the original code base (small changes in large numbers will be studied faster than a complete rewrite of some contracts)

Last updated