Format
Books, articles and papers
Domain
Blockchain and blockchain standardisation
Resource Link
Resource File
SecurityGuidance_SmartContracts.pdf (495.62 KB)

Written by Christophe André Ozcan (Crypto4All & Standard ISO/TC307 Expert from AFNOR)

Date: 2024-03-31

Auditing Smart Contract third party evaluate the security risks of deploying protocols using smart contracts. To review and verify the project specifications and source code with a detailed focus on weaknesses, potential vulnerabilities, and overall security the procedure of findings with solutions that may mitigate future attacks or loopholes must be provided by auditors.


The mission of this document is to define the different types of approaches and detections, ranging from manual, static, and dynamic analysis, as well as formal verification, to ensure that a protocol using smart contracts is checked against known attacks and common potential vulnerabilities. 

A smart contract audit involves security experts to scrutinize the source code created to underwrite the functions of the smart contract often called a decentralized protocol. 

Smart contract audits are usually conducted by a third-party company to ensure that the source code is reviewed as thoroughly as possible. Depending on the complexity of the smart contract, companies may choose to engage the services of a specialist smart contract team to conduct the audit without being sure that the auditing process is well conducted. 

The importance of getting the smart contract code correct and secure before it is deployed is very important even more due to the immutability of blockchain and distributed ledger system. The implications of activating a smart contract that has not been properly audited could be severe for any projects. 

The contribution helps to the emerging literature on audit data analytics (ADA) by proposing a new approach involving audit methodology, audit analytic tools and smart audit procedures which are enabled by blockchain technology. Besides, this contribution presents a discussion regarding the effect of smart audit procedures on audit quality and the public/private interest regarding the role of emerging technologies in the traditional system audit process bring by a new emerging cybersecurity market.