Introduction to Auditing and our smart contract audit process

1. What are smart contract audits?

2. Types of auditing

3. The benefits of auditing

4. Common exploits

function withdraw(uint256 amount) public returns (uint256) { require(amount <= balance[msg.sender]); require(msg.sender.call.value(amount)());
balance[msg.sender] -= amount;
return balance[msg.sender];
}
function reentrancyAttack() public payable { targetAddress.withdraw(amount); 
}
function () public payable {
if(address(targetAddress).balance >= amount) { targetAddress.withdraw(amount);
}
}
mapping(address => uint256) public balance; function transfer(address _recipient, uint256 _amount) { require(balance[msg.sender] >= _amount); 
balance[msg.sender]-= _amount;
balance[_recipient] += _amount;
}
contract Auctioneer { uint256 currentHighestBid; 
address currentHighestBidder;
function bid() payable {
//new value check
require(msg.value > currentHighestBid);
//return funds require(currentHighestBidder.send(currentHighestBid)); //modify higher bidder information
currentHighestBidder = msg.sender;
currentHighestBid = msg.value;
}
}

5. Our auditing process

What we look for during an audit

Gas Optimisation

//SPDX-License-Identifier: UNLICENSED
pragma solidity ^0.8.0;

contract multiplication {

uint256 amount = 13;
uint256 newAmount;

function multiplyAmount(uint256 multiplyBy) external {
uint256 multipliedAmount;
for (uint256 ii = 0; ii < multiplyBy; ii++) {
multipliedAmount += amount;
}
newAmount = multipliedAmount;
}

function getNewAmount() public view returns (uint256) {
return newAmount;
}
}
struct myStruct {
uint64 number1;
uint128 number2;
uint256 number3;
uint64 number4;
}
struct myStruct { 
uint64 number1;
uint64 number4;
uint128 number2;
uint256 number3;
}
string[7] daysOfTheWeek;
uint256 randomNumber = 0; 
uint256 randomNumber;
import ‘./SafeMath.sol’ as safeMath;contract SafeCalculations { function computeSubtraction(uint256 x, uint256 y) public view returns(uint256) { 
return safeMath.sub(x, y);
}
}

Tools we use to support our process

Timescales

6. Complimentary processes for ensuring code security

7. Disclaimer

--

--

--

Oxford-based blockchain and zero knowledge consultancy and auditing firm

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

In a Data-Driven World, Privacy is King and Security is Queen

Data protection — What is really important for HR

Changing the Culture Around Info Sec

Mainframe: Escaping the Global Panopticon

Securing Information in Database using Data Encryption (written in Go)

Stellar Staking Email-Phishing Scam and the Ledger.com Database Breach

Songbird Token Distribution: Important Update

Daily newsletter of Fernand0 — Issue #43

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Extropy.IO

Extropy.IO

Oxford-based blockchain and zero knowledge consultancy and auditing firm

More from Medium

Fork Uniswap v2 Smart-Contracts & UI on Remix

01 Exchange — SOLUNAVAX Blitz Trading Competition (Solana, Luna, Avalanche)

How to burn Ethers the right way

Ethereum Global Pending Transactions Mempool