Skip links

Analysis Categories in Smart Contract Audits

When looking for vulnerabilities and possible enhancements throughout our smart contract audits, we focus on the following analysis categories:

ArithmeticProper use of arithmetic and number representation.
Assembly UsageDetailed analysis of implementations using assembly.
AuthorizationVulnerabilities related to insufficient access control or incorrect authorization implementation.
Best practicesConventions and best practices for improved code quality and vulnerability prevention.
Block attributesAppropriate usage of block attributes. In particular, when used as a source of randomness.
CentralizationAnalysis of centralization and single points of failure.
DoSDenial of service attacks.
Gas UsagePerformance issues, enhancements and vulnerabilities related to use of gas.
MEVPatterns that could lead to the exploitation of Maximal Extractable Value.
PrivacyPatterns revealing sensible user or state data.
ReentrancyConsistency of contract state under recursive calls.
Unexpected transfersContract behavior under unexpected or forced transfers of tokens.
Upgradability Proxy patterns and upgradable smart contracts.
Validations and error handlingHandling of errors, exceptions and parameters.