Sales
Walk-through: A Journey With Us to Secure Your Hyperledger Fabric Project
QuillAudits WhiteLabel Partnership Program
Walk-through: A Journey With Us to Secure Your Sui Smart Contract
Walk-through: A Journey With Us to Secure Your Polkadot Smart Contract
Walk-through: A Journey With Us to Secure Your Wallet
Pre-Launch Security Checklist for web3 Projects
Walk-through: A Journey With Us to Secure Your Starknet Smart Contract
Walk-through: A Journey With Us to Secure Your ZKSync Smart Contracts
Walk-through: A Journey With Us to Secure Your L1 Blockchain
Walk-through: A Journey With Us to Secure Your Smart Contracts
Walk-through: A Journey With Us to Assure Your Users and Gain the Trust You Deserve
Walk-through: A Journey With Us to Build Secure and Scalable Dapp Architecture
Walk-through: a journey with us to secure your dApp
Walk-through: a journey with us to secure Solana Smart Contracts.
QuillAudits Periodic On-Chain Analysis of your web3 Project
Miscellaneous
<aside> π‘ StarkNet is a layer-2 scaling solution for Ethereum that aims to improve the scalability, privacy, and usability of Ethereum-based decentralised applications (dApps). StarkWare, a blockchain technology company that specialises in zero-knowledge proof (ZKP) systems, is developing it.
StarkNet uses a technology known as Validium, which enables dApps to run off-chain while maintaining the security of the Ethereum mainnet. This means that dApps can benefit from the scalability and transaction throughput of off-chain computation while maintaining the Ethereum network's security and trustworthiness. Furthermore, StarkNet supports privacy-preserving computations via the use of ZKPs, allowing dApps to protect sensitive user data while still providing a transparent and auditable system.
Cairo, a low-level programming language that can be used to write StarkNet-specific code, is provided by StarkNet as a development kit. Cairo is optimised for zero-knowledge proofs (ZKPs) and is intended to provide a high level of flexibility and efficiency for building complex StarkNet applications.
</aside>
<aside> π‘ Smart contracts, like any other software application, are vulnerable to a variety of security issues that can jeopardise their security, reliability, and performance.
Conducting a thorough security audit is one of the most important steps in developing secure and reliable smart contracts. Security audits are critical for identifying and mitigating potential vulnerabilities and ensuring that smart contracts written in Cairo for StarkNet function as intended.
</aside>
<aside> β οΈ Cairo Smart Contract Vulnerabilities:
To mitigate these vulnerabilities, performing thorough security audits on Cairo-written smart contracts before deploying them to production is critical.
</aside>
Things We Cover in the Audit Process :
We ensure your smart contract goes through all the stages, from manual code review to automated testing, before generating the Initial Audit Report. Once your team updates the code, we thoroughly scrutinise the smart contract to provide you with the Final Audit Report. Lets's dive deep into it and explore more.
<aside> β The first step is to gather all the necessary information and prepare for a security audit. This stage is crucial for the success of the audit, and here is how you can prepare for it:
<aside> π» Manual review is a critical step that involves looking for undefined, unexpected behaviour and a Wide Variety of security vulnerabilities. The following aims are considered during the manual review:
<aside> β The QuillAudits researches newly discovered attacks and tries to replicate them to ensure the project is safe from those attacks. Attack vectors could include:
<aside> π In this step, the smart contract will be manually deployed in a sandbox environment, and smart contract functions will be tested on multiple parameters and under multiple conditions.
This phase is intended to verify the intended behaviour of the smart contract and ensure that smart contract functions are not consuming unnecessary gas. Gas limits of functions will be verified in this stage.
</aside>
<aside> βοΈ Tool We Use
</aside>
<aside> π QuillAudits provide the project team with a comprehensive report called the Initial Audit Report (IAR). The report will contain details of the audit and Recommendations for any vulnerabilities in the smart contract.
The development team is expected to resolve the identified bugs & make suitable changes to the code. If necessary, the Quillaudits will connect with development partners for issues fixing.
</aside>
<aside> π¦ How can you help? You have to prepare an 'Updation Summary' or 'Comment Report' carrying details of the changes you've made after getting the IAR; this would help us identify the changes and test them rigorously.
</aside>
<aside> π₯ After initial audit fixes, the process is repeated, and the Final Audit Report is delivered. Even after your fixes, some issues are still unresolved, and/or those changes have led to a few more issues.
</aside>
Following the completion of the second audit review, the Fixed codebase, along with the comprehensive audit report, will be formally delivered to our dedicated Vigilant Squad. This elite team is comprised of world-class security researchers, each possessing extensive experience and expertise in identifying and analyzing vulnerabilities within complex systems. The Vigilant Squad will undertake a meticulous and in-depth review of both the codebase itself and the accompanying report. They will dedicate their full time and resources to this critical task, leveraging their specialized skills to proactively search for and uncover any potential security issues, however subtle they may be. In the event that the Vigilant Squad discovers any vulnerability, security flaw, or other issue, we will be notified immediately, ensuring swift action can be taken to mitigate any potential risks.
<aside> β After getting a green light from the previous step, we send the report to our designers. With their skills, they make a PDF version of the Audit Report and beautifully showcase everything.
</aside>
After the Final Audit report, we take your project in front of the masses through :
Social Media Announcements