Preparing for a Smart Contract Audit

Prepare a Protocol architecture document

Build the audit into your ship schedule*

(Generic Example: if you have 500 SLOC expect the audit to take at least three weeks. One week for the audit, one week to remedy any vulnerabilities, one week for re-audit)

*Build it into your schedule could also be including a buffer to prevent a larger delay due to a missed audit slot from an auditor. If the auditor is expecting code freeze on Jan 1, but you are not ready until Jan 5 you will lose the audit slot which may result in an additional 4-8 week delay in shipping. If you build in the buffer, you add the extra week, but guarantee you don’t miss the audit potentially adding 4-8 weeks delay.

Prepare a brief description of the functionality of the contracts to be audited (what do they do? who will be using it? how will they use it? etc)

Confirm code Freeze Date

Utilize the office hours provided by security team to review/defend contract architecture

To be established in Season 12/13

Compile a list of the contracts to be reviewed.

Compile a list of contracts that have been audited before.

Provide approximate SLOC

Provide any third party libraries or frameworks the projects depends on

Describe the team’s biggest areas of concern.

Compile a list of contract invariants

Describe identified scenarios to be avoided.

Plan time to fix the vulnerabilities found