Introduction to Auditing and Security

CTA: We encourage posts pointing to auditing practices, security findings (e.g., bugs, vulnerabilities, audit reports, post-mortems, etc), formal proofs, reusable models, etc. If you are a researcher in the need of inspiration, view our key problems post.

What is smart contract auditing and security?

Smart contract auditing is an independent review of a project’s code and supporting documentation to identify security issues. Auditing is part of security. Security is the process of guarding a blockchain’s different layers/components, as well as those interfacing with it, against malicious actors attempting to cause harm.

What are some practical applications today?

Practical applications of smart contract auditing include assessing token security as a prerequisite for listing in different exchanges, assessing underlying economic incentives in DeFi projects, providing a shared medium for stakeholders to evaluate the potential risks on a platform, etc. Security, in turn, has a broad range of applications, including safeguarding wallets and accounts, different parts of a layer-1 stack (e.g., preventing DoSing a P2P layer, consensus layer, etc), among others.