Smart Contract Auditing
Methodology
Smart contract auditing requires systematic review of code, architecture, and economic incentives. This guide covers the audit process and tools.
Audit Process
1. Scoping
- • Define contracts in scope
- • Gather documentation
- • Understand business logic
- • Identify trust assumptions
2. Automated Analysis
- • Static analysis (Slither)
- • Symbolic execution (Mythril)
- • Fuzzing (Echidna)
- • Formal verification
3. Manual Review
- • Line-by-line review
- • Business logic analysis
- • Access control mapping
- • State machine verification
4. Reporting
- • Severity classification
- • Proof of concept
- • Remediation guidance
- • Final verification
Audit Toolkit
bash
# Full audit workflow
# 1. Setup
git clone <project>
cd project && npm install
# 2. Compile
npx hardhat compile
# or
forge build
# 3. Static analysis
slither . --print human-summary
slither . --print contract-summary
slither . --detect all
# 4. Symbolic execution
myth analyze contracts/Target.sol --solv 0.8.17
# 5. Fuzzing
# Write Echidna properties
echidna-test . --contract TestContract
# 6. Foundry tests
forge test -vvv
forge coverage
# 7. Gas analysis
forge test --gas-reportFinding Classification
| Severity | Criteria |
|---|---|
| Critical | Direct fund loss, contract destruction |
| High | Fund loss with conditions, privilege escalation |
| Medium | Limited impact, griefing, DoS |
| Low | Best practices, gas optimization |