Preparing for a Smart Contract Audit
(Generic Example: if you have 500 SLOC expect the audit to take at least three weeks. One week for the audit, one week to remedy any vulnerabilities, one week for re-audit)
*Build it into your schedule could also be including a buffer to prevent a larger delay due to a missed audit slot from an auditor. If the auditor is expecting code freeze on Jan 1, but you are not ready until Jan 5 you will lose the audit slot which may result in an additional 4-8 week delay in shipping. If you build in the buffer, you add the extra week, but guarantee you don’t miss the audit potentially adding 4-8 weeks delay.
Smart Contract Security Best Practices:
Make sure you’re using the most up-to-date Solidity.
Confirm your team has utilized secure OZ Contracts wherever possible.
Review SWC Registry for known weaknesses.
Review Ethereum Best Practices and Known Attacks.
Review Solidity Recommendations page.
Complete automated testing of contracts.
Know the most common bugs:
Flashloan (Oracle Exploit)
Misuse of contract calls