What we do
Expert Code Analysis: In this, an expert in smart contract development and
security reviews the contract. They use their expertise to identify potential security
vulnerabilities, logic issues, and inefficiencies that might not be caught by automated tools.
This might include best practice violations, poorly implemented logic, gas usage inefficiencies,
Control Flow Analysis: This involves creating a graph that shows how the
program's control (i.e., the execution path) flows from one operation to another. This can help
to identify unusual or unexpected pathways, such as infinite loops or unreachable code segments,
which could indicate errors or vulnerabilities.
Dynamic Code Analysis: In contrast to static analysis which analyzes code
without executing it, dynamic analysis involves running the program and monitoring its behavior.
This can help identify issues that only arise during execution, such as runtime errors or state
Manual Code Analysis: A meticulous, line-by-line review of the code. This review
goes beyond mere syntax checking and includes looking for logical errors, misuse of language
features, non-idiomatic usage patterns, and potential security issues that could be missed by
Vulnerability-Based Scanning: This involves using automated tools to scan the
smart contract code for known vulnerabilities, such as re-entrancy attacks, arithmetic
overflows, and unchecked external calls. The tool will have a database of known vulnerabilities
and will scan the code to see if any of these vulnerabilities exist in the contract.
Symbolic Execution: This is a software testing technique where an abstract
machine (instead of the standard machine) is used to execute the program. This enables testing
of all possible execution paths and understanding which inputs will cause specific parts of the
code to execute. This is useful for identifying corner cases that may lead to vulnerabilities or
Taint Analysis: This involves checking which variables in the smart contract are
controllable by external entities. If a variable can be modified externally and it influences
the contract's state or flow of execution, it could potentially be a security risk, as a
malicious actor may be able to manipulate it.
Test Coverage: This refers to ensuring that all parts of the smart contract’s
code have been tested, often through unit tests. High test coverage reduces the chance of an
undetected bug or security vulnerability. Tools can be used to measure the percentage of the
codebase that is covered by tests.
Linting: This involves checking the code for programming and style errors.
Linters are tools that analyze source code to flag programming errors, bugs, stylistic errors,
and suspicious constructs. This helps to ensure code quality and can also enforce coding
standards and styles.