When looking for vulnerabilities and possible enhancements throughout our smart contract audits, we focus on the following analysis categories:
Category | Description |
---|---|
Arithmetic | Proper use of arithmetic and number representation. |
Assembly Usage | Detailed analysis of implementations using assembly. |
Authorization | Vulnerabilities related to insufficient access control or incorrect authorization implementation. |
Best practices | Conventions and best practices for improved code quality and vulnerability prevention. |
Block attributes | Appropriate usage of block attributes. In particular, when used as a source of randomness. |
Centralization | Analysis of centralization and single points of failure. |
DoS | Denial of service attacks. |
Gas Usage | Performance issues, enhancements and vulnerabilities related to use of gas. |
MEV | Patterns that could lead to the exploitation of Maximal Extractable Value. |
Privacy | Patterns revealing sensible user or state data. |
Reentrancy | Consistency of contract state under recursive calls. |
Unexpected transfers | Contract behavior under unexpected or forced transfers of tokens. |
Upgradability | Proxy patterns and upgradable smart contracts. |
Validations and error handling | Handling of errors, exceptions and parameters. |