Sales
Walk-through: A Journey With Us to Secure Your Hyperledger Fabric Project
QuillAudits WhiteLabel Partnership Program
Walk-through: A Journey With Us to Secure Your Sui Smart Contract
Walk-through: A Journey With Us to Secure Your Polkadot Smart Contract
Walk-through: A Journey With Us to Secure Your Wallet
Pre-Launch Security Checklist for web3 Projects
Walk-through: A Journey With Us to Secure Your Starknet Smart Contract
Walk-through: A Journey With Us to Secure Your ZKSync Smart Contracts
Walk-through: A Journey With Us to Secure Your L1 Blockchain
Walk-through: A Journey With Us to Secure Your Smart Contracts
Walk-through: A Journey With Us to Assure Your Users and Gain the Trust You Deserve
Walk-through: A Journey With Us to Build Secure and Scalable Dapp Architecture
Walk-through: a journey with us to secure your dApp
Walk-through: a journey with us to secure Solana Smart Contracts.
QuillAudits Periodic On-Chain Analysis of your web3 Project
Miscellaneous
Hi there! Welcome onboard with QuillAudits. We are glad you chose us; let's buckle up and begin.
QuillAudits is a leading name in Web3 security, offering top-notch solutions to safeguard projects across DeFi, GameFi, NFT gaming, and all blockchain layers. With Seven years of expertise, we've secured over 1400+ projects globally, averting over $30 billion in losses. Our specialists rigorously audit smart contracts and ensure DApp safety on major platforms like Ethereum, BSC, Arbitrum, Algorand, Tron, Polygon, Polkadot, Fantom, NEAR, Solana, and others, guaranteeing your project's security with cutting-edge practices.
<aside> <img src="https://s3-us-west-2.amazonaws.com/secure.notion-static.com/c4301f54-b719-49df-a559-33dee9895b84/zkSync_logo.jpg" alt="https://s3-us-west-2.amazonaws.com/secure.notion-static.com/c4301f54-b719-49df-a559-33dee9895b84/zkSync_logo.jpg" width="40px" /> ZkSync is a layer 2 scaling solution for Ethereum, which aims to improve the network's scalability and reduce transaction costs. It is based on zk-rollups, a technology that allows for bundling multiple transactions into a single transaction, reducing the amount of data that needs to be processed on the Ethereum blockchain.
ZkSync uses zero-knowledge proofs to enable fast and cheap transactions while maintaining the security and decentralization of the Ethereum network. Zero-knowledge proofs allow for the verification of transactions without revealing any information about the transactions themselves, ensuring users' privacy and security.
It supports Ethereum smart contracts, which can be executed off-chain to reduce gas costs and improve efficiency. Smart contracts on ZkSync are written in Solidity, the same programming language used for Ethereum smart contracts.
</aside>
ZkSync is based on the Ethereum blockchain, and its smart contracts are written in Solidity, the primary programming language for writing smart contracts on the Ethereum network.
In addition to Solidity, ZkSync uses other technologies, such as zk-rollups and zero-knowledge proofs, to achieve transaction scalability and privacy. These technologies work with Solidity smart contracts to enable fast and efficient transactions on the Ethereum network.
Over the past three years, the Web3 ecosystem has experienced significant financial losses due to security breaches, underscoring the critical need for robust smart contract security audits.
2022: Escalating Threats
In 2022, the Web3 space witnessed approximately $3.7 billion in losses across various security incidents. This surge in attacks highlighted vulnerabilities in decentralized finance (DeFi) platforms and cross-chain bridges, emphasizing the necessity for comprehensive security measures.
2023: A Decline with Persistent Risks
The following year saw a decline in total losses to about $1.84 billion from 751 incidents, representing a 51% decrease compared to 2022. Despite this reduction, the average loss per incident remained substantial at $2.45 million. Notably, private key compromises accounted for nearly half of the financial losses, totaling $880.9 million in just 47 incidents. This period underscored that while overall losses decreased, significant risks persisted, particularly concerning private key security.
2024: Resurgence of Attacks
In 2024, the trend reversed with losses escalating to approximately $2.36 billion across 760 on-chain security incidents, marking a 31.6% increase in value stolen compared to 2023. Phishing attacks emerged as the most costly vector, responsible for $1.05 billion in losses over 296 incidents, accounting for nearly half of the total value stolen. Additionally, private key compromises resulted in $855.4 million in losses across 65 incidents. Ethereum remained the most targeted blockchain, experiencing 403 incidents that led to $748.7 million in losses.
The Imperative for Smart Contract Security Audits
These statistics from 2022 to 2024 highlight the evolving and persistent threats within the Web3 ecosystem. The substantial financial losses, particularly from phishing and private key compromises, demonstrate that malicious actors continually adapt their strategies to exploit vulnerabilities. Implementing rigorous smart contract security audits is essential to identify and mitigate these vulnerabilities proactively. Regular audits not only enhance the resilience of smart contracts against known attack vectors but also bolster investor confidence, contributing to the sustainable growth of decentralized technologies.
Our auditing methodology is based on the best practices and guidelines of the industry. It involves a multi-layered approach which includes:
Things We Cover in the Audit Process :
We ensure your smart contract goes through all the stages, from manual code review to automated testing, before generating the Initial Audit Report. Once your team updates the code, we thoroughly scrutinise the smart contract to provide you with the Final Audit Report. Let's dive deep into it and explore more.
.png)
This is the most crucial stage because the detail is key for a successful smart contract security audit. Here is how you can prepare for it:
Code quality • Remove dead code and comments. • Consistent coding style. • Follow the Solidity / Rust (Solana) style guide.
Use comments to document complex parts of the code and ensure these are consistent with the code.
Test the code • Make sure the contracts can be compiled and fully tested. • Perform high coverage and high-quality unit tests.
This will maximize focus on the difficult parts of the code. Auditing should not discover that some functions are uncallable or do not perform their expected function under entirely straightforward inputs. Optimal auditing should focus on unexpected, corner-case, and adversarial behaviour.
Code freeze • Freeze the code and specify the commit hash. Or, deploy the code on testnet and share the link.
After freezing the code, we will gather the specifications from you to know the intended behaviour of the smart contract through the 'Smart Contract Specification' document.
<aside> 🦋 How can you help? Please ask your developers to fill out the specification doc - It would help us to understand & verify the business logic and facilitate confirming everything thoroughly.
</aside>
Here we would look for undefined, unexpected behaviour and common security vulnerabilities. The goal is to get as many skilled eyes on contract code as possible. Aims of manual review:
