When looking for vulnerabilities and possible enhancements throughout our smart contract audits, we focus on the following analysis categories:
|Proper use of arithmetic and number representation.
|Detailed analysis of implementations using assembly.
|Vulnerabilities related to insufficient access control or incorrect authorization implementation.
|Conventions and best practices for improved code quality and vulnerability prevention.
|Appropriate usage of block attributes. In particular, when used as a source of randomness.
|Analysis of centralization and single points of failure.
|Denial of service attacks.
|Performance issues, enhancements and vulnerabilities related to use of gas.
|Patterns that could lead to the exploitation of Maximal Extractable Value.
|Patterns revealing sensible user or state data.
|Consistency of contract state under recursive calls.
|Contract behavior under unexpected or forced transfers of tokens.
|Proxy patterns and upgradable smart contracts.
|Validations and error handling
|Handling of errors, exceptions and parameters.