Sales
Walk-through: A Journey With Us to Secure Your Hyperledger Fabric Project
QuillAudits WhiteLabel Partnership Program
Walk-through: A Journey With Us to Secure Your Sui Smart Contract
Walk-through: A Journey With Us to Secure Your Polkadot Smart Contract
Walk-through: A Journey With Us to Secure Your Wallet
Pre-Launch Security Checklist for web3 Projects
Walk-through: A Journey With Us to Secure Your Starknet Smart Contract
Walk-through: A Journey With Us to Secure Your ZKSync Smart Contracts
Walk-through: A Journey With Us to Secure Your L1 Blockchain
Walk-through: A Journey With Us to Secure Your Smart Contracts
Walk-through: A Journey With Us to Assure Your Users and Gain the Trust You Deserve
Walk-through: A Journey With Us to Build Secure and Scalable Dapp Architecture
Walk-through: a journey with us to secure your dApp
Walk-through: a journey with us to secure Solana Smart Contracts.
QuillAudits Periodic On-Chain Analysis of your web3 Project
Miscellaneous
Hi there! Welcome onboard with QuillAudits. We are glad you chose us; let's buckle up and begin.
QuillAudits is a leading web3 cybersecurity firm committed to securing Blockchain projects with our cutting-edge Web3 security solutions.
We provide smart contracts auditing and DApps pen testing services for web3-based, DeFi and NFT-based gaming projects.
Sui Blockchain is a layer 1 blockchain designed to enable creators and developers to build experiences catering to the next billion users in web3. It is a permissionless, proof-of-stake blockchain with smart contract capabilities. Sui aspires to deliver Ethereum-style capabilities but with better design and tools for scaling. It has been designed to provide instant settlement and high throughput, making it suitable for on-chain use cases like DeFi and GameFi. Sui blockchain uses Move as its native programming language for writing smart contracts.
<aside> 📌
<aside> 💭 Connecting with you You must have been added to a closed group with the Auditing Team by this time. You would be connected with the Project Manager and the Auditors through this dedicated channel during the process for collaboration and instant resolution. At any point, if you face any query or find a need to discuss anything - we are just a message away!
</aside>
Things We Cover in Move Contract Audit Process but not limited to:
We ensure your smart contract goes through all the stages, from manual code review to automated testing, before generating the Initial Audit Report. Once your team updates the code, we thoroughly scrutinise the smart contract to provide you with the Final Audit Report. Let's dive deep into it and explore more.
This is the most crucial stage because the detail is key for a successful smart contract security audit. Here is how you can prepare for it:
Code quality • Remove dead code and comments. • Consistent coding style. • Follow the Move style guide.
Use comments to document complex parts of the code and ensure these are consistent with the code.
Test the code • Make sure the contracts can be compiled and fully tested. • Perform high coverage and high-quality unit tests.
This will maximize focus on the difficult parts of the code. Auditing should not discover that some functions are uncallable or do not do what they are expected to do under entirely straightforward inputs. Optimal auditing should focus on unexpected, corner-case, and possibly adversarial behaviour.
Code freeze • Freeze the code and specify the commit hash. Or, deploy the code on testnet and share the link.
After freezing the code, we will gather the specifications from you to know the intended behaviour of the smart contract through the 'Smart Contract Specification' document.
<aside> 🦋 How can you help? Please ask your developers to fill out the specification doc - It would help us to understand & verify the business logic and facilitate confirming everything thoroughly.
</aside>
Here we would look for undefined, unexpected behaviour and common security vulnerabilities. The goal is to get as many skilled eyes on contract code as possible. Aims of manual review:
Testing with automated tools is essential to catch those bugs that humans miss. Some of the tools we would use are (based on the requirement/auditor preference, we use specific tools) :
In the end, we will provide you with a comprehensive report, which we call an Initial Audit Report (IAR):