Smart Contract Auditing

Note: This section is a work in progress (WIP) and will be expanded in the near future.

Introduction to Web3 Auditing

Choices and Considerations

Preparation and Initialization

  • Audit Prerequisites : Essential elements and documentation required before starting an audit.
  • Audit Checklist : A comprehensive list to prepare projects for security audits.
  • Initial Code Walkthrough : The importance of a preliminary code review before the audit begins.
  • Communication Channels : Messaging Channels and regular meetings for updates via Video Conference are normal, there may be barriers due to languages and time zones. Ongoing communication is key to a successful audit.

Audit Reports

The Basics

Smart Contract Auditing Tools

  • Foundry Forge : A Rust based Development Framework that includes many useful tools for understanding and testing smart contract including a stateless and stateful (Invariant) fuzzer
  • Mythril : A security analysis tool for Ethereum smart contracts. It uses concolic analysis (dynamic symbolic execution), SMT Solving taint analysis, and control flow checking to detect a variety of security vulnerabilities.
  • Slither : A static analysis framework that can detect common issues such as re-entrancy, suicidal contracts, and incorrect visibility.
  • Echidna : A property-based fuzzer that can be used to find bugs in smart contracts.
  • Certora : Formal verification tool for smart contracts.
  • MythX : A SAAS security analysis platform for Ethereum smart contracts.

Smart Contract Testing

  • Unit Testing : Unit tests for auditors individual components of your contract function as expected.
  • Integration Testing : Testing multiple components of a contract together to ensure they work correctly in unison.
  • Creating POCs : Creating Proof of Concepts to demonstrate the vulnerabilities found in the audit.

Fuzzing

Formal Verification

Mastering the EVM and Low-Level Programming

Identifying Vulnerabilities

  • Understanding Business Logic : Understanding the business logic and the intended interactions within and between contracts is paramount.
  • Technical Review Process : The process of identifying vulnerabilities in smart contracts.
  • Developing Heuristics : Develop and utilize heuristics for auditing smart contracts.
  • Common Smart Contract Vulnerabilities
  • Timestamp Dependence : Smart contracts that use the block.timestamp variable may have this vulnerability.
  • Gas Limit and Loops : Loops that run for an indeterminate number of iterations can hit the gas limit, causing transactions to fail.
  • Denial of Service (DOS) Attacks : Exploiting design flaws or gas-related vulnerabilities to make contracts unusable.
  • Re-entrancy Attacks : This occurs when an external contract hijacks the control flow, and makes recursive calls to the original contract.
  • Delegatecall : delegatecall is a low-level function similar to a dynamic library call in other languages. If not used carefully, it can lead to serious vulnerabilities.
  • Math-Related Vulnerabilities : Integer overflow, underflow, and rounding errors are common in smart contracts due to the lack of native floating-point support in Solidity.
  • Unchecked Return Values : Failing to check the return values of low-level calls such as send, call, and delegatecall can lead to vulnerabilities where contract execution continues even after a failed external call.

These section are still in development and will be expanded in the near future.

Upgradeability Patterns and Vulnerabilities

  • Upgradeability and the security implications for smart contract development, incident response and maintenance
  • Upgrade Patterns Compares and contrasts different upgradeability patterns, such as proxy contracts, delegate calls, and eternal storage
  • Some common upgradeability vulnerabilities and how to avoid them, such as storage collisions, function clashes, and malicious upgrades

Front-running vectors

  • Define front-running as the act of exploiting the ordering of transactions in the mempool to gain an unfair advantage
  • Illustrates how front running can affect defi protocols, such as Uniswap, Curve, and Yearn
  • Discusses some possible solutions and mitigations, such as using commit-reveal schemes, batching transactions, or using layer 2 solutions

Ethereum cryptography and signature malleability

  • Cover the basics of cryptography and how it is used in Ethereum for signing and verifying transactions and messages
  • Explain the concept of signature malleability and how it can lead to replay attacks and double spending
  • Shows how to prevent signature malleability using EIP-712 and EIP-191 standards

Analyzing DeFi Security

  • The risks and vulnerabilities associated with perpetuals, such as funding rate manipulation, liquidation cascades, and oracle attacks
  • Types of DeFi products, such as decentralized exchanges, lending platforms, yield farming protocols, and derivatives like options and futures along with their associated risks and vulnerabilities
  • A look at Uniswap V2 & V3 and how it implements concentrated liquidity and range-bound pools to understand Front-running, Back-running and sandwich attacks.
  • A look at Perpetuals, which are synthetic assets that track the price of an underlying asset without expiration. The mechanics of perpetuals, such as funding rate, margin, leverage, liquidation, and settlement
  • Impermanent Loss : In automated market makers like Uniswap, liquidity providers can suffer losses due to price fluctuations.
  • Price Oracle Manipulation : DeFi protocols often rely on price oracles for asset prices. If these oracles are manipulated, it can lead to serious consequences.
  • Flash Loan Attacks : Flash loans allow users to borrow assets and return them within the same transaction. If not handled properly, they can be used to manipulate market prices and exploit DeFi protocols.
  • Exploring some advanced attacks that target specific defi protocols or features, such as ERC-4626 inflation attack, AMM arbitrage, and oracle manipulation

Case Studies and Examples

  • Detailed Analysis of notable Smart Contract Audit Findings
  • Forensics and Post-Mortem Analysis
  • A look at the subject of how to Analyzing Exploits
  • Analysis of notable audit cases and lessons learned.
  • Learning from Historical Audits: Successes and Failures
  • Analyzing Past Attacks : Analysis of several past attacks on DeFi protocols, understanding how they happened, what vulnerabilities were exploited, and how they could have been prevented.

Continuing Education and Resources

  • Advanced Courses and Certifications: Additional courses and certifications that can further knowledge and skills in smart contract auditing.
  • Online Channels, Communities, Newsletters and Forums : Connect with other auditors, ask questions, and stay up-to-date on the latest news and trends in the field.
  • Books and Publications : Key books and publications that every smart contract auditor should read.