How to be prepare for an audit of a smart contract

1
How to be prepare for an audit of a smart
contract
2
How to be prepare for an audit of a smart
contract

• An audit may help to increase the security of
  your smart contract system. There are various
  things you can do to make sure you get the most
  out of your investment in addition to choosing a
  qualified auditor for the job.
• The best outcomes may be attained by taking these
  precautions before an audit.
• 1. Documentation
• 2. Clean code
• 3. Test
• 4. Automated analysis
• 5. Freeze code
• 6. Use a checklist

3
Literature

• We can go deeper into your code faster and spend
  more time uncovering faults the less time we
  spend attempting to grasp your system. As a
  result, providing excellent documentation is the
  first thing you can do to enhance the quality of
  your audit.
• A straightforward explanation of what you're
  building and why you're building it serves as the
  foundation for good documentation. This should
  apply to both the system as a whole and to any
  individual contract inside it.
• Another sign of high-quality documentation is a
  declaration of the expected functionality of your
  system. The key characteristics or conduct that
  must be maintained for each contract should be
  specified. It ought to include descriptions of
  situations and states that ought not to exist.

4
Clean Code

• Refined, well-formatted code is easier to read,
  reducing the cognitive load needed to review it.
  We need to do a little cleaning so we can
  concentrate on locating bugs.
• 1. Run a linter on your code. Fix errors or
  warnings unless you have a good reason not to.
  For Solidity, we like EthLint.
• 2. If the compiler generates warnings, respond to
  them.
• 3. Delete any comments that indicate unfinished
  work (eg. TODOor FIXME).
• (This implies that this is the last audit you
  perform before deploying to the mainnet. If not,
  use judgment on what makes sense to leave in.)
• 4. Delete any code that has been commented out.
• 5. Delete any code you don't need.

5
Testing

• Publish tests! A test suite with 100 code
  coverage is an excellent objective.
• Check for errors in the list of test cases. Are
  the main goals of your testing to confirm the
  viability of the "happy path"? Create tests to
  ensure that undesirable activities are properly
  prevented from occurring and that the contract
  fails appropriately rather than entering an
  undesirable state.
• Automated Analysis
• To assist you uncover some of the most prevalent
  problems, Ethereum includes various effective
  security scanning tools. Some of these are used
  during our audits, but you may also run them
  beforehand, freeing up our time to focus on
  locating more difficult flaws.

6

• Start with our MythX, which simultaneously does
  several different sorts of analyses. Your
  contracts may be submitted in a number of
  methods, including through plugins for Remix and
  Truffle and CLI tools for Python and JavaScript.
  Our Smart Contract Audit Best Practices provide
  other security tools.
• Although not necessary, it does assist. One
  warning is that you'll frequently receive alerts
  regarding problems that aren't genuinely present.
  Let us know if you're not sure if something is
  off, and we'll check it out during the audit.
• Freeze Code
• You should finish creating your smart contracts
  before we conduct an audition, at the risk of
  stating the obvious.
• If a modification is made midway during an audit,
  the auditors have spent their time on the
  outdated code. The update, which may have
  significant effects on things like the threat
  model and other code that interacts with the
  altered code, should also be stopped and included
  by auditors.
• Please let us know if your code is not ready
  before the start date. Delaying is preferable to
  attempting to finish an audit while you are still
  developing.