< All articles
Smart contract audit

TheTokener and GoForSmartAudit partner up to audit your smart contract

By Puneet
Published over 2 years ago

We at TheTokener are happy to announce our partnership with GoForSmartAudit. GoForSmartAudit analyses and reviews techniques to effectively minimize the risk of your smart contract’s potential vulnerabilities. Together we are offering a new smart contract audit service to make the smart contract of your ICO more secure. If you are interested in this service, contact us at audits@thetokener.com


What are smart contracts?

A smart contract is a computer protocol intended to digitally facilitate, verify, or enforce the negotiation or performance of a contract.

Smart contracts are used to facilitate a huge range of agreements that include ICOs, charities, cybersecurity, media, and travel to name but a few. Given that organizations, like the Ethereum Project, allow developers low-cost access to their services. literally anyone can now tap into the power of smart contracts.

The importance of getting the smart contract code right before it is deployed is enormous. This is because once written to the blockchain the code cannot be changed. The implications of activating a smart contract that has not been properly audited could be severe since it may well result in the contract failing to operate in the desired manner or being susceptible to security breaches that could result in theft, loss of personal data, etc.

The dangers of relying on smart contracts that have not been independently audited are well-documented. In the past year $500 million has been lost due to bad code and around half of that figure involved ethereum. The most notorious case was the Parity bug which led to $168 million of ether being rendered permanently inaccessible, though there have been plenty of smaller incidents where inexperienced or inattentive developers have been caught out.

I hope this gives you some idea of the amount of value that can be at risk. Solidity is not an easy language and is filled with quirky behavior that can seem correct at a cursory glance. An open-source blockchain platform revolves around writing smart contracts and dictating how data and value is received and sent, dependent on set criteria and inputs. Most members of the community are not developers. Fewer understand the finer details of Solidity. Even fewer have the time to comb through each contract they interact with to ensure security and identify malicious threats. We are putting our trust in the hands of a minute fraction of people when we send billions of USD in value through transactions, and that is dangerous.


What are audits?

An audit is a scanning of a smart contract script for vulnerabilities, exploitative features, and inefficiencies to provide security against malicious actors and oversight, as well as adding a layer of trust and safety between project and community.

You have an ethical responsibility to secure your contracts to the best of your technical/financial abilities in order to secure the safety of your users’ funds, as they’ve put their trust in your project.

The security, privacy, and scalability issues faced by blockchain are unprecedented because decentralized applications and protocols have never been tested before.

The importance of secure code cannot be overstated, especially when writing smart contracts. Auditing the code is the only way to make sure a smart contract will do only what it’s been programmed to do. This isn’t simply about writing code so airtight no hackers can get in, but also about catching dangerous bugs. Leaving a bug in a piece of self-executing code is almost as bad as designing a killer robot without an off switch, allowing it to run amok and cause all sorts of chaos. Due to the nature of smart contracts, once a contract goes live, it’s not always easy to claw back the mistakes. A buggy contract could suddenly start misbehaving, which isn’t good for building confidence in those interested in the benefits of the blockchain.

Smart contract code security is a serious issue and shouldn’t be taken lightly. An investor’s money could be put at stake in a smart contract, and a simple bug could make a significant investment disappear for no reason other than a lack of audit.’

Most developers recognize the value of having their code audited by an entirely separate group of experts. Whether this is a dedicated development team or a group of impassioned smart contract programmers who are willing to audit your code for free, the benefits of multilayered scrutiny of code cannot be overstated.

The main problems that arise from automated code reviews include missed vulnerabilities and code being falsely identified as a problem when it isn’t. While false positives can be a nuisance, the real danger is in missed vulnerabilities. It is for this reason that developers should always conduct a thorough manual analysis of code even if they have already conducted automated code testing.

The exploitation of this smart contract and other smart contract hacks convincingly illustrates the need to thoroughly evaluate the correctness of smart contracts. These contracts codify legal agreements, financial obligations, and other conditional logic with potentially large finances and assets at stake. Even formal audits may not be sufficiently comprehensive and imaginative when conducted by a single individual or team


What can GoForSmartAudits offer

The goal of GoForSmartAudits team is to provide blockchain companies the assurance needed to conduct a secure Initial Coin Offering(ICO) or a token sale. We work with projects at different stages of the product cycle. In our toolbox, we have a number of analysis and review techniques to effectively minimize the risk of your smart contract’s potential vulnerabilities. We match the smart contract operations & functions with white paper contents to make sure the smart contracts are functioning as stated.
Most of our clients go for ICO Security Audits as well along with Smart Contract Audits. Smart contracts are tested for the readiness of the audit early in development and then the formal audits are carried out at different stages of the product. We give our seal of approval to ICO contracts giving investors confidence in the security of the code and safety of their investment.

Audit of Smart Contracts includes both objective findings from the contract code as well as subjective assessments of the overall architecture and design choices by consulting experts.

Also, it will assess if the codebase follows the modern best and established practices for Smart Contracts development.

The primary goal of our smart contract audit service is to provide BlockChain companies the confidence needed to conduct an ICO or token sale. We have developed a number of analysis and review techniques to effectively minimize the risk of logic errors or vulnerabilities, it was done by judging few general categories:

- Security: Does the contract has any security leaks? Does the code actually do what it was intended to do or achieve?

- Optimization: Is the contract wasting a GAS during execution resulting in an unnecessary and completely avoidable increase in transaction costs?

- Code Legibility: Is it easy to trace the execution flow through the source code?

We focus on the security of smart contracts and perform auditing that maintains the quality in a transparent and affordable manner. In order to ensure a complete and thorough analysis and review, our Smart Contract Audit Services include the following:
- Automated and Manual Analysis of the code.
- Smart Contract Performance Validation.
- Smart Contract Optimization via Gas Analysis.
- Detailed Audit Report and Certification.
- Smart Contract Vulnerability Identification.

Default audition process looks like this:
- Primary architecture review
- Manual comparison of requirements and implementation
- Testing according to the requirements
- Test net / main net

Any weak or exploitable code can make blockchain-based technology, like smart contracts, look unreliable. While the blockchain is strong, a smart contract is only as secure (and strong) as its code. This type of vulnerability is what led to The DAO fiasco. A hacker was able to exploit a weakness in a smart contract and drain The DAO of over $50 million in pooled funds. Luckily, a hard fork was able to restore most of the lost investments. Aside from risky code almost allowing a substantial amount of money to be stolen, it actively damaged the reputation of blockchain-based technologies. The latter fact could be considered worse, seeing as how this disruptive tech is still very much in its developing stages.

If you want your Smart Contracts audited, contact us at audits@thetokener.com