The team behind Pessimistic Security is one of the first Ethereum security teams. They started working in the area in the beginning of 2017 under the brand SmartDec. Back then they developed one of the first Ethereum security tools called SmartCheck.Currently they provide security audits for smart contracts, DApps (front-end, back-end, and interactions between them), custom blockchains, 2nd layer scaling solutions and crypto wallets.
Smart contract audit process
The client provides access to the codebase (via the link to the repo, or simply by sending an archive). Team replies with the estimate on the costs and timeline. Team also provides the client with some pre-audit recommendations to increase the quality of the project before the audit has started.
Automated smart contract analysis
Team scans the smart contracts with both publicly available and proprietary security tools. Any issues found by the tools are then checked manually and rejected or confirmed.
Manual code review
The smart contracts are then fully and thoroughly analyzed manually by at least two auditors (this includes the checks for bugs, vulnerabilities, code quality, irrational gas consumption, etc.). The logic of the contracts is verified and compared with the logic described in the documentation. The smart contracts are then deployed to a Testnet to check tests coverage (if any). They are also checked for ERC20 compliance or a compliance with any other standard, if applicable.
Audit report delivery
The report is prepared by a separate analyst who verifies the results of the audit. The report includes comprehensive description of found issues along with recommendations on how to fix them. Optionally, a call can be scheduled with the client to further clarify any of the reported points.
Optionally, after the developer updates the code, they perform one free recheck to make sure everything is fixed. After this they prepare a final retrospective report. The final report reflects the interaction of Pessimistic and customer to achieve the secure code.