Smart Contract Audit

Full service smart contract audit solution

SmartHero Art

What is a smart contract?

Smart contracts have been one of the biggest terms used in crypto currency. What is a smart contract? The term smart contract is used for software code or a protocol that is used to contribute to, verify or implement the negotiation or performance of a contract. Smart contracts enable the performance of credible transactions without third parties, can be automatically initiated and are fully programmable. Smart contracts enable people to adopt and use or create Dapps or ICO’s.

Certain hacking incidents have been reported, such as the DAO hack ($50 million USD worth of Ether), the Parity Multi Sig Wallet Hack (approximately $300M), and the recent Parity Freeze where some random user “accidentally” froze at least 513,000 Ether.

There are dangers associated with the smart contract technology. With multi-million Dapps and ICO’s, some people intentionally do things that might harm the community. These things are only possible if there are flaws in the underlying smart contract code.

Smart Contract Security Audit

Smart contract programming is a relatively new field, lacking in security standards, documentation and best practices.

Smart contracts need to be programmed 100% accurately from the beginning, and be able to withstand years of hacking attempts.

Otherwise, it leads to disastrous consequences and losses of millions of dollars for your customers. Smart-contracts have to be thoroughly planned, must consider all logical permutations, accommodate all possible exceptions, and be meticulously implemented. If you get the order of code wrong (as in the case of The DAO hack), or forget to initialize something (as in the Parity Freeze) then you could have an ‘irreversible’ disaster on your hands, immortalized on the immutable blockchain. Blockchains evolve and newer smart-contract development platforms will come, but the problem with code security is an eternal issue in programming which will be always present. Security auditing of smart-contracts code is a necessary requirement for any project, be it an ICO or any other DApp, in order to be considered safe and ready to proceed with the exchange listing.

the Solution?

Smart Contract Audit Department. Callisto Network offers smart contract audits free of charge. Callisto Network is fully compatible with Ethereum and the Ethereum Classic environment (in the Solidity language and the EVM). Smart contract developers can also create smart contracts, hosted on the Callisto Network Blockchain.

Smart Contract Audit by the Callisto Security Department


What is the Callisto Security Department? Why does it matter? In short, the Callisto Network allocates treasury funds to pay for security auditors. As a result, security audits are free of charge for smart-contract developers and development teams. The benefit is that this reduces risk and smart contract vulnerabilities and increases the adoption of programmable blockchains for the whole crypto industry. So, how does it work?

How does one conduct a smart contract audit free of charge at Callisto Network?


Here is our workflow:

Customer submits the audit request
Grid Circle
Grid Line Down
The security manager verifies the request
Grid Triangle
Grid Circle
Auditors pickup the request
Grid Triangle
Grid Circle
Multiple auditors review the smart contract code
Grid Triangle
Grid Circle
The security manager collects and verifies the audit reports
Grid Triangle
Grid Circle
Grid Line Down
The customer is notified of the results
Grid Triangle
Grid Circle
The security manager collects and verifies the audit reports
Grid Circle
Grid Line Down

Smart contract audits on Callisto Network Platform are free of charge for developers. However, if you need to urgently prepare an audit or need the smart contract prioritized, the developer can make a deposit (minimal deposit amount is 10,000 CLO) into the special smart-contract, which will hold the funds during the audit. Upon completion of the audit, the developer receives the funds back and can sell the CLO, if desired.

After the audit request has been created it will be viewed by the security manager. If the request meets the requirements, then the security manager notifies the auditors that the audit request is available for them to pick it up.

What will be reviewed by our auditors?


Comprehensive smart contract security audits

Multiple independent auditors perform full service audits

Multiple independent auditors perform full service audits

Overall smart contract architecture

Overall smart contract architecture

Technical analysis of the interaction between the smart contract and the blockchain

Technical analysis of the interaction between the smart contract and the blockchain

Full service smart contract audit solution

Full service smart contract audit solution

Identify potential bugs in the smart contract code and label them with a severity classification of the issues found

Identify potential bugs in the smart contract code and label them with a severity classification of the issues found

Possible optimization of smart contract code

Possible optimization of smart contract code

What will the smart contracts auditors do?


The main task of each security auditor is to review the code for security-related issues and prepare a report on any errors encountered after the audit is complete.

1

All work is coordinated through Github. If an audit request (issue) appears in the list, the auditors will pick it up.

2

After the auditor has received the scope of work, he will estimate the time required to complete the smart-contract review. This depends on the complexity of the smart contract code.

3

the auditor will review the smart contract code, perform all necessary testing and detail their findings in an audit report. The auditor will send this report to the security manager using a gist link.

A minimum of three different auditors, community members and the security manager will review the smart contract, so that the auditors are dissuaded from concealing any errors found, or from trying to exploit them.

After the security manager has completed the code verification and supplemented the report with a description of their findings, the security manager comments on the corresponding Github issue that the report is complete.

Final report and completion of audit


After all responsible auditors have completed their reports, the security manager will compare the results of the reports.

If there are no significant discrepancies in the reports and no critical errors are detected, then the security manager will complete the audit by summarizing the reports and submitting the secret gist urls in the comments of the corresponding audit request issue. The audit is considered complete after all responsible auditors have submitted their reports, and the security manager has summarized the results of these reports and published the report via gist urls.

Disclosure policy


After the audit is complete, the security manager will relay the results to the customer, without disclosing the reports. After 15 days from the date of informing the customer of the results, the reports shall be published and the results summarized.

Callsito Badge