Security audits have cemented themselves as a necessary tool in the arsenal of every type of blockchain-based project when it comes to securing their protocol and, importantly, their user’s funds.
With the total value locked in DeFi alone exceeding $45 billion dollars in February of ’21 it’s no surprise that we’ve seen the demand for smart contract security audits and penetration tests rise in parallel.
To prepare for an efficient security audit there are a number of best practices the security team here at CertiK recommends.
Outlining the Scope of your Audit and your Goal(s)
First things first, let’s ask ourselves two questions:
What will be audited?
How will the audit be performed?
Your responses to these questions will serve as the foundation for your audit moving forward. If your smart contract is being audited, do the full set of files require an audit, or only essential and unique functions? When it comes to penetration testing; whitebox or blackbox?
During the initial scoping call with the CertiK auditing team we’ll be discussing the following with our client:
- Which module(s) is/are the most critical to your system?
- What is the primary goal of this security audit/pentest?
- Are there any particular attack scenarios you’re concerned with?
With your responses in hand, our dedicated team of security professionals will set to work designing a testing strategy and plan which targets the discussed areas, ensures optimization of resources, and, first and foremost, meets your needs.