Extropy is a blockchain consultancy for DLT development and cryptography, including zero knowledge proofs. Extropy was founded in 2015 and offers a wealth of expertise to its customers. We provide security audits.
Smart contract audit process
Assessments of the overall architecture and design choices. Given the subjective nature of these assessments, it will be up to the development team to determine whether any changes should be made.
Establishing whether the code currently meets its intended purpose. This should be established with the client pre-audit so that there is some understanding of the project and therefore of the codes purpose. This can also be highlighted by pre-existing testing conducted on the contract.
Smart contract best practices
Checking to see whether the codebase follows the current established best practices for smart contract development.
Evaluating the code to check whether it has been written in a way that ensures readability and maintainability. Reducing highly complex or over-engineered code can help reduce the potential for exploits, reduces the amount of gas consumed and makes auditing the contract much easier.
Checking for exploitable security vulnerabilities, or other potential threats to the users. We categorise these into different security levels. Security Level Definition Critical Issue ranked as very serious and dangerous for users and the secure working of the system. It is likely to lead to risk of exposure of sensitive information and of serious financial ramifications for the client and user. Needs immediate improvements and further checking to ensure it has been remedied
Testing and Testability
Reviewing to see how rigorously the code has been tested and how easy it is for the code to be tested. A smart contract that has been tested with high coverage (as close to 100% as possible), provides some level of proof that the smart contract is working as intended. This also reduces the amount of time the auditor has to focus on checking functionality and more time analysing security issues.
Gas optimisation is an important part of an efficient smart contract. We check the current gas consumption of the smart contracts to ensure that they waste as little gas as possible to reduce operational costs.
"For the formal audit, we engaged Extropy.io’s Laurence Kirk. We wanted to go with an auditor we trusted immensely, someone who has worked with early-stage teams before, someone who we knew would go above and beyond the norm and, most importantly, someone who would work with us iteratively. Laurence and Extropy fit the bill perfectly and we are extremely grateful for their help and judgement."