Table of Contents for How to audit a smart contract

I’ll write a proper guide soon on how to audit a Solidity smart contract, but until I write that up here are some good introduction guides to auditing Solidity.

• for a very high level overview, Binance have a good intro guide https://academy.binance.com/en/articles/what-is-a-smart-contract-security-audit

• https://www.devteam.space/blog/how-to-audit-a-smart-contract-a-guide/

• You should be able to easily complete every ethernaut challenge: https://ethernaut.openzeppelin.com/

• You should also easily be able to complete https://www.smartcontract.engineer/challenges

• Read existing audits. For example:

  • https://github.com/ConsenSys/Uniswap-audit-report-2018-12/blob/master/Uniswap-final.md
  • https://omniscia.io/reports/alliance-block-multitoken-bridge/
  • https://omniscia.io/
  • https://certificate.quantstamp.com/full/aavegotchi-ghst-staking
  • https://github.com/pie-dao/audits/blob/main/Mixbytes - ExperiPie_Smart_Contrac 2020-12-11.pdf
  • https://github.com/trailofbits/publications#security-reviews

• https://github.com/crytic/building-secure-contracts/blob/master/development-guidelines/token_integration.md

• https://docs.google.com/document/d/1YLPtQxZu1UAvO9cZ1O2RPXBbT0mooh4DYKjA_jp-RLM/edit

• https://cmichel.io/how-to-become-a-smart-contract-auditor/

• https://byterocket.com/audits

• https://blog.openzeppelin.com/solidity-compiler-audit-8cfc0316a420/ https://blog.openzeppelin.com/security-audits/

• https://chainsecurity.com/smart-contract-audit-reports/

• https://consensys.net/diligence/audits/

• https://docs.arcadia.agency/

• https://docs.arcadia.agency/audits-and-code-reviews/directory

• https://faraz.faith/

• https://github.com/Dedaub/audits

• https://github.com/HalbornSecurity/PublicReports

• https://github.com/immunefi-team/Web3-Security-Library?utm_source=immunefi

• https://github.com/peckshield/publications/tree/master/audit_reports

• https://github.com/spearbit/portfolio/tree/master/pdfs

• https://github.com/trailofbits/publications/tree/master/reviews

• https://hacked.slowmist.io/en/

• https://omniscia.io/

• https://quantstamp.com/audits

• https://rekt.news/

• https://solidity.finance/audits/

• https://www.coinspect.com/tempus-audit/

• https://github.com/immunefi-team/Web3-Security-Library

• https://medium.com/immunefi/a-poc-of-the-hundred-finance-heist-4121f23a098

• https://wooded-meter-1d8.notion.site/0e85e02c5ed34df3855ea9f3ca40f53b?v=22e5e2c506ef4caeb40b4f78e23517ee

• https://www.youtube.com/watch?v=NK9Dp54YEWU

• https://web3sec.notion.site/Web3-security-ddaa8bf9a985494dbaf70d698345b899/

• https://github.com/pcaversaccio/reentrancy-attacks

Types of issues audits can find

Denial of service

For example, allowing an array to grow to an unbounded size and allowing a function to return this (ever growing) array.

TODO - more coming soon

This post is incomplete and a work-in-progress
I'll update it soon and flesh it out with more info!

Spotted a typo or have a suggestion to make this crypto dev article better? Please let me know!