How CodeProof Audit Smart Contracts
Smart contract auditing utilizes various techniques and tools to reduce risk points and make the protocol more robust.
Step 1. Gather Documents
Projects to be audited must first freeze the code and provide auditors with technical documentation, including code bases, white papers, architecture, and any other relevant materials. This documentation should provide auditors with detailed guidance on what the code is intended to achieve, its scope, and its implementation.
Step 2. Automated testing
Also known as a formal verification engine, automated tests examine every possible state of a smart contract and alert on issues that may attack the contract’s functionality or security. Auditors can also conduct integration tests, unit tests, and penetration tests to detect security vulnerabilities on individual functions.
Step 3. Manual review
A team of security experts scrutinizes every line of code for errors and vulnerabilities. While automated testing is good at identifying bugs in code, human engineers are more capable of detecting problems with contract logic or architecture, poorly coded implementations that are technically correct and pass automated testing, gas optimization, and common attack points (such as front-running ).
Step 4. Contract Misclassification
Each bug is categorized according to the severity of the vulnerability by which it could be exploited:
Severe – Affects the secure operation of the protocol.
Significant — centralization and logic errors that could lead to loss of user funds or control of the protocol.
Moderate — Affects platform performance or reliability.
Minor — Inefficient code that does not compromise the security of the application.
Informational — Errors related to coding style or industry best practices.
Step 5. Initial Report
The auditor draws up an initial report summarizing code deficiencies and other issues, along with feedback on how the project team resolved them. Some smart contract service providers have a team of experts who can help fix every bug found. By addressing all issues, projects can ensure that their smart contracts are secure and ready for deployment.
Step 6. Issuance of the final audit report
Auditors detail all issues found in the final report, and all issues are marked as resolved or unresolved. This report will be provided to the project team and will be made public at the same time to allow full transparency for users and other stakeholders of the protocol.
