Experience with smart contract Audit's, anyone?

Solidity Programming
#1

Cheers from Norway to all Moralis builders.
What a great gang, of the finest ERC20 standard we got here :slight_smile:

So here is a few thoughts.
Where bright minds can fill in some gaps.

The situation is something like this: (In the near future)

Your set’s of hard core Smart Contracts have been finalised…
Everything looks and feels like long BTC candlesticks,
and your code repo say “Yeahhhh! Lets Go go go!” ( @ivan style) :laughing:

Where some common sense and doubt fills your mind.
Lets have this analysed and audited!
Lets get that report… This will give your project the “quality stamp” it deserves.

So you dig around, and find a few firms. That have a legit reputation, and kindly ask if they have time to do an Audit of your teams hard work.
Just to realise that you need a NASA budget, to pull that off.

How do you guys go about this Audit topic?

How do you rate a auditing team and their fair value for hire?

Do Moralis team have a preferred Audit firm or firms?

How much do you expect to pay, for your project?

The most expensive offer I got.
Was 2 people working half a week each + 1 person to write the report.
It was 30k USD for the gig, and it kind of blow my mind. :100:
As the offer was from low cost country.
Sure their reputation was heavy and among top 10 in the world.
Though accepting offers like that, feels like sending them for retirement. :laughing:

Would love to read your thought’s on this, if you have any opinions.

Thanks

#2

Hi Ken-Erik,

The most expensive audit of a single smart contract I’ve paid for was $17k, the cheapest was $250 but that was a while ago now and I am not convinced it was a real audit :rofl: (yes, we used safemath, tick. . .).

The $17k example was from an audit company with a very good reputation, possibly the best. My current position is to go for second tier who also have a good reputation for solid work. That can bring the cost down a lot while still giving confidence. The report was reasonable, also looking at long term performance as well as security.

I don’t think it’s an easy question to answer. At the end of the day with an audit you are looking to uncover issues that you can’t see, so it doesn’t feel like something to scrimp on, but then no one has an unlimited budget.

Good luck!

4 Likes
#3

Thanks @keyoke
And thanks for your reply.
I will digg some more on this.

#4

No problem @Ken-Erik_CTO. All the best :smiley:

1 Like