Sales

Walk-through: A Journey With Us to Secure Your Hyperledger Fabric Project

QuillAudits WhiteLabel Partnership Program

Walk-through: A Journey With Us to Secure Your Sui Smart Contract

Walk-through: A Journey With Us to Secure Your Polkadot Smart Contract

Walk-through: A Journey With Us to Secure Your Wallet

Pre-Launch Security Checklist for web3 Projects

Development-Process Checklist

Walk-through: A Journey With Us to Secure Your Starknet Smart Contract

Walk-through: A Journey With Us to Secure Your ZKSync Smart Contracts

Walk-through: A Journey With Us to Secure Your L1 Blockchain

Walk-through: A Journey With Us to Secure Your Smart Contracts

Walk-through: A Journey With Us to Assure Your Users and Gain the Trust You Deserve

Walk-through: A Journey With Us to Build Secure and Scalable Dapp Architecture

Walk-through: a journey with us to secure your dApp

Walk-through: a journey with us to secure Solana Smart Contracts.

Audit Readiness Checklist

QuillAudits Periodic On-Chain Analysis of your web3 Project

Miscellaneous

← Back to home

Hi there! Welcome onboard with QuillAudits. We are glad you chose us; let's buckle up and begin.

About us

QuillAudits is a leading name in Web3 security, offering top-notch solutions to safeguard projects across DeFi, GameFi, NFT gaming, and all blockchain layers. With Seven years of expertise, we've secured over 1400+ projects globally, averting over $30 billion in losses. Our specialists rigorously audit smart contracts and ensure DApp safety on major platforms like Ethereum, BSC, Arbitrum, Algorand, Tron, Polygon, Polkadot, Fantom, NEAR, Solana, and others, guaranteeing your project's security with cutting-edge practices.

Stat.png

<aside> 💭 Connecting with you - By this time, you must have been added to a closed group with the Auditing Team. You would be connected with the Project Manager and the Auditors through this dedicated channel during the process for collaboration and instant resolution. At any point, if you face any query or find a need to discuss anything - we are just a message away!

</aside>

Multi-Layer Audit Process

Things We Cover in Audit Process :

We ensure your smart contract goes through all the stages, from manual code review to automated testing, before generating the Initial Audit Report. Once your team updates the code, we do a thorough scrutiny of the smart contract to provide you with the Final Audit Report. Lets's dive deep into it and explore more.

image (2).png

Step 1 - Specification Gathering / Prepare For a Security Audit

This is the most crucial stage because the detail is key for a successful smart contract Security audit. Here is how you can prepare for it:

Code quality • Remove dead code and comments • Consistent coding style. • Follow the Rust (Solana) style guide.

Use comments to document complex parts of the code but also make sure these are. consistent with the code

Test the code • Make sure the contracts can be compiled and fully tested. • Perform high coverage and high-quality unit tests.

This will maximize focus on the difficult parts of the code. Auditing should not be discovered that some functions are uncallable, or do not do what they are expected to do under entirely straightforward inputs. Optimal auditing should focus on unexpected, corner-case, possibly adversarial behavior.

Code freeze • Freeze the code and specify the commit hash. Or, deploy the code on testnet and share the link.

After freezing the code, we will gather the specifications from you to know the intended behavior of the smart contract through the 'Smart Contract Specification' document.

<aside> 🦋 How you can help - Please ask your developers to fill the specification doc - It would help us to understand & verify the business logic, and facilitate confirming everything thoroughly.

</aside>

Step 2 - Manual Code Review

Here we would look for undefined, unexpected behavior and common security vulnerabilities. The goal is to get to as many skilled eyes on contract code as possible. Aims of manual review:

Step 3 - Functionality Testing

Step 4 - Testing over Latest Attack Vectors

  1. Replay Vulnerability
  2. Re-entrancy
  3. Integer Overflow and Underflow Vulnerability
  4. Arithmetic Accuracy Deviation Audit
  5. Arbitrary signed program invocation