When looking for vulnerabilities and possible enhancements throughout our smart contract audits, we focus on the following analysis categories:
| Category | Description |
|---|---|
| Arithmetic | Proper use of arithmetic and number representation. |
| Assembly Usage | Detailed analysis of implementations using assembly. |
| Authorization | Vulnerabilities related to insufficient access control or incorrect authorization implementation. |
| Best practices | Conventions and best practices for improved code quality and vulnerability prevention. |
| Block attributes | Appropriate usage of block attributes. In particular, when used as a source of randomness. |
| Centralization | Analysis of centralization and single points of failure. |
| DoS | Denial of service attacks. |
| Gas Usage | Performance issues, enhancements and vulnerabilities related to use of gas. |
| MEV | Patterns that could lead to the exploitation of Maximal Extractable Value. |
| Privacy | Patterns revealing sensible user or state data. |
| Reentrancy | Consistency of contract state under recursive calls. |
| Unexpected transfers | Contract behavior under unexpected or forced transfers of tokens. |
| Upgradability | Proxy patterns and upgradable smart contracts. |
| Validations and error handling | Handling of errors, exceptions and parameters. |
