How to Audit a Smart Contract? – A Guide
“A smart contract is a computerized transaction protocol that executes the terms of a contract. The general objectives of smart contract design are to satisfy common contractual conditions (such as payment terms, liens, confidentiality, and even enforcement), minimize exceptions both malicious and accidental, and minimize the need for trusted intermediaries.” – Nick Szabo
Smart contracts are already being used to facilitate a huge range of agreements that include ICOs, electoral voting, and supply chain management, to name but a few. Given that organizations like the Ethereum Project allow developers low-cost access to their services, literally, anyone can now tap into the power of smart contracts.
It is for this reason that I regard smart contracts as the most exciting area of blockchain technology implementation. However, this new technology is not without its challenges. One such issue is the need to properly audit smart contracts to ensure that there are no security issues and that all contracts are fully performance-optimized.
If you have never audited a smart contract before then the process can certainly be a real test for your development team. As I will highlight later, the price of overlooking a single bug can and has cost companies $10’s of millions, not to mention staining a company’s brand and reputation.
In this article, I intend to outline exactly what is involved in auditing a smart contract. I will begin by explaining what we mean by a smart contract audit, before going on to cover the main ways that developers go about the process.
Being able to perform such an audit in-house stands to save companies large sums of money. However, taking this route can be fraught with danger, even for companies with experienced developers. It is for this reason that I intend to show why smart contract audits are best performed by outside parties. Finally, I will also detail the automated software that few smart contract developers even know about that can help companies quickly identify flaws in their code.
What is a smart contract audit?
A smart contract audit involves developers scrutinizing the code that is used to underwrite the terms of the smart contract. This audit also allows developers the chance to identify any potential bugs or vulnerabilities before the smart contract is deployed.
Smart contract audits are usually conducted by a third party or parties to ensure that the code is reviewed as thoroughly as possible. Depending on the complexity of the smart contract, companies may choose to engage the services of a specialist smart contract team to conduct the audit.
The importance of getting the smart contract code right before it is deployed is enormous. This is because once written to the blockchain the code cannot be changed. The implications of activating a smart contract that has not been properly audited could be severe since it may well result in the contract failing to operate in the desired manner or being susceptible to security breaches that could result in theft, loss of personal data, etc.
Structure of a Smart Contract Audit
Key areas to focus on when auditing a smart contract:
- Common errors including stack problems, compilation, and reentrance mistakes.
- Smart contract host platform‘s known errors and security flaws
- Break testing the smart contract (this includes simulating attacks on the contract)
Auditing a smart contract
There are two fundamental approaches to smart contract auditing – Manual and Automatic code analysis. Let‘s take a look at exactly what each one involves:
Manual vs. Automatic analysis of code
While there are few prizes for guessing what manual analysis of code involves, there are a number of advantages to this approach. If you have a good-sized development team, conducting a manual analysis of the smart contract code is the best way of identifying coding problems.
A manual code review will involve the team examining each line of code in order to scrutinize it for compilation and re-entrance mistakes as well as security issues. Naturally, a particular focus should be paid to identifying security issues as these are the biggest threat to the successful long-term implementation of your smart contract.
Automatic code analysis has the benefit of saving developers massive amounts of time when checking their code. Automatic analysis of code also allows for sophisticated penetration testing which helps find vulnerabilities extremely quickly.
The majority of developers who create Ethereum smart contracts use Truffle to conduct automatic code testing. Alternatively, other developers use programs like Populus, a python-based framework that allows for quick testing using TestRPC. When relying on automated code testing programs, developers need to remember that they do have a number of drawbacks.
The main problems that arise from automated code reviews include missed vulnerabilities and code being falsely identified as a problem when it isn‘t. While false positives can be a nuisance, the real danger is in missed vulnerabilities. It is for this reason that developers should always conduct a thorough manual analysis of code even if they have already conducted automated code testing.
Examples of the types of attacks to make on an Ethereum smart contract:
- Reentrancy attack
- Over and underflows
- Reordering attack
- Replay attack
- Short address attack
Smart Contract Performance Validation
It is vital to ensure that your smart contract is performance-optimized before rolling it out. The performance of any smart contract is directly linked to the quality of the code. It is for this reason that all smart contract audits should include performance validation. Poorly optimized contracts will also cost more to execute as I will explain later on.
Validation will include checking the code for any errors that might slow down or affect other aspects of the contract’s performance in some way. The easiest place to start when conducting a performance review is checking to see if the contract executes in a way that fulfills all the agreements that both parties decide upon when entering the contract.
In the case of a supply chain based smart contract, for example, this agreement could be something as simple as one party confirming the delivery of goods, something which would then trigger the release of payment in the form of crypto tokens or a cryptocurrency such as Ether or Bitcoin, etc. Checking that the contract is able to automatically initiate the payment after the delivery of goods is registered is the first step.
Next will be to test the contract for variables. Since there can be a wide range of contract “triggers” and resulting actions, it is important that the contract is tested to ascertain that it is able to handle all the possible variations that might be asked of it. Therefore, part of performance validation also includes pressure testing the smart contract for variables that might arise from how it is implemented in the real world.
Examples of this could be anything from a third party setting up the contract, changes in conditions of execution, changes to the completing action(s) of the contract after it is activated, and even how the contract reacts to disputes arising from one or both parties feeling that the terms of the contract have not been properly fulfilled.
Hire expert developers for your next project
1,200 top developers
us over the last 3 years
Believe it or not but one of the most recurring performance-related problems results from developers not understanding the full scope of the contract. A simple misunderstanding regarding the exact specifications of the contract will almost certainly lead to errors in its operation. By testing for as many of these potential errors or oversights as possible before activating the smart contract will help reduce the instances where contracts act inappropriately or don’t fulfill all the desired outcomes.
Smart Contract Optimization via Gas Analysis
In order to cover the costs of transacting smart contracts, platforms such as the Ethereum Project need to charge ’gas‘ in the form of Ether. Gas prices vary depending on the complexity of the smart contract. In this example, they vary specifically according to the number of operation codes that the Ethereum Virtual Machine has to execute. For a clearer picture of exactly how much your smart contract will cost to maintain you can see a complete listing of Ethereum‘s prices here.
Before even getting near coding your smart contract, you should already have a good idea of the gas costs associated with your particular contract’s operation. Using the Ethereum’s Yellow Paper price chart it is possible to build a fairly accurate estimate of your smart contract‘s gas costs.
Once you have this estimate then you can use this figure to see whether your smart contract needs optimizing. By executing a single smart contract transaction and then comparing the gas costs you have been charged with your original estimate, you will be able to gain a clear view of just how optimized your contract actually is.
Smart contract vulnerability identification
There has probably never been a piece of software that didn‘t contain either bugs or some kind of vulnerability. Smart contracts are unfortunately no different.
According to an article in Bleeping Computer, a group of researchers created a tool named Oyente and found 34,200 Vulnerable Ethereum Smart Contracts in 2016 alone. The article points out that the team created the tool after a hacker found a vulnerability in a smart contract launched by The DAO organization. This hacker was then able to steal a whopping $50 million from their ICO. This figure gives some idea of the enormity of the problem and highlights why conducting a thorough smart contract audit is so essential.
Fortunately, the research team released the source code of Oyente back in 2016. Since it is open-source, it is free for any developer to download. Though this tool is now largely out of date and so has problems detecting more recent vulnerability threats, it is still a valuable tool that can help developers identify many vulnerabilities. Another group of researchers recently developed an even more advanced tool called Maian. This tool is particularly useful in searching for vulnerabilities in contracts that would allow hackers to steal funds.
Sadly, the Maian team has chosen not to release the software due to the risk of attackers using it to identify vulnerable contracts to attack. While Maian has not yet been made available, developers can still use the equally effective Mythril, a program that has attempted to build on the work of both teams.
What does a smart contract audit cost?
The exact cost of conducting a smart contract audit really depends on a number of key factors. Firstly, a huge factor is whether a company uses their in-house team or a specialist outsource dev team. While the costs associated with outsourcing a smart contract audit are higher, the chance of identifying security vulnerabilities is likely to be much better due to their level of expertise and ability to look at the project from new angles.
Thanks to a growing group of passionate smart code experts it is now possible to submit your code for a “comprehensive quality review” through sites such as Solidified.io. Sites like these provide smart contract developers access to a pool of talented experts who will analyze the code to see if it will execute according to its intended behavior, as well as examining it for vulnerabilities, Solidity construct usage, and best practices, etc.
For this reason, it is certainly worth any company that is looking for the most cost-effective way to audit their smart contracts to consider this option. The only drawback to this approach is that some contracts might not interest the experts on these sites enough to audit them while waiting times can also be high.
For more information on alternative solutions to hiring a development team, you can read this great article.
My Final Thought
While there are many ways to approach a smart contract audit, the final goal is always the same. Any audit should ensure that the code is free from errors and is bug-free. Thanks to the development of more and more powerful tools to help automate the process of auditing smart contacts, the whole process is becoming easier by the day.
However, we are still some way off developing sophisticated enough smart contract solutions to replace good old-fashioned manual code reviews. Most developers recognize the value of having their code audited by an entirely separate group of experts. Whether this is a dedicated development team or a group of impassioned smart contract programmers who are willing to audit your code for free, the benefits of multilayered scrutiny of code cannot be overstated.