Experience with smart contract Audit's, anyone?

Solidity Programming
#1

Cheers from Norway to all Moralis builders.
What a great gang, of the finest ERC20 standard we got here :slight_smile:

So here is a few thoughts.
Where bright minds can fill in some gaps.

The situation is something like this: (In the near future)

Your setā€™s of hard core Smart Contracts have been finalisedā€¦
Everything looks and feels like long BTC candlesticks,
and your code repo say ā€œYeahhhh! Lets Go go go!ā€ ( @ivan style) :laughing:

Where some common sense and doubt fills your mind.
Lets have this analysed and audited!
Lets get that reportā€¦ This will give your project the ā€œquality stampā€ it deserves.

So you dig around, and find a few firms. That have a legit reputation, and kindly ask if they have time to do an Audit of your teams hard work.
Just to realise that you need a NASA budget, to pull that off.

How do you guys go about this Audit topic?

How do you rate a auditing team and their fair value for hire?

Do Moralis team have a preferred Audit firm or firms?

How much do you expect to pay, for your project?

The most expensive offer I got.
Was 2 people working half a week each + 1 person to write the report.
It was 30k USD for the gig, and it kind of blow my mind. :100:
As the offer was from low cost country.
Sure their reputation was heavy and among top 10 in the world.
Though accepting offers like that, feels like sending them for retirement. :laughing:

Would love to read your thoughtā€™s on this, if you have any opinions.

Thanks

#2

Hi Ken-Erik,

The most expensive audit of a single smart contract Iā€™ve paid for was $17k, the cheapest was $250 but that was a while ago now and I am not convinced it was a real audit :rofl: (yes, we used safemath, tick. . .).

The $17k example was from an audit company with a very good reputation, possibly the best. My current position is to go for second tier who also have a good reputation for solid work. That can bring the cost down a lot while still giving confidence. The report was reasonable, also looking at long term performance as well as security.

I donā€™t think itā€™s an easy question to answer. At the end of the day with an audit you are looking to uncover issues that you canā€™t see, so it doesnā€™t feel like something to scrimp on, but then no one has an unlimited budget.

Good luck!

4 Likes
#3

Thanks @keyoke
And thanks for your reply.
I will digg some more on this.

#4

No problem @Ken-Erik_CTO. All the best :smiley:

1 Like