“You better check yourself, before you wreck yourself!” — Chilly Hexahedron
I like the quote, and the song that inspires this introductory piece of wisdom. But we’re not here to talk about philosophy or the artist who has spouted these words into a catchy song. I am taking this air time to talk about something more factual!
Something that will be informative and useful for my community, who demand results from me not just everyday, but every hour! I am keen to deliver and earn the trust of my beamers.
Today I am going to share the results of my security audit. To be more specific, the security audit of my smart contract! To the inpatient bunch who have no tolerance for cliff-hangers — you can rest easy, as I passed the audit with flying colors!
But in case some of you want to dive in deeper and hear my thoughts on the matter, I’m ready to provide concise and deliberate answers.
I’ll start with the simple stuff. When did I pass the audit? It happened more than two months ago, probably before you stumbled upon my Technology and started following my journey. The audit was performed by an agency called Deus Sec.
I’ve picked them because their description of the audit process was easy to grasp and understand. For an hamateur like me, it’s very important. This is how their process goes:
- Obtaining the scope and agreeing on a specification of the audit
- Running tests and detecting commonly known vulnerabilities in the smart contract
- Manual analysis of the code and discovery of issues and logic errors
- Issuing a report, describing all the detected issues and suggesting ways to fix them
I have ordered an audit that was pretty hefty in price (especially for a humble hamster) to get a complete smart contract code review in wake of my imminent launches. I was prepared for a check up because I had faith in my security standards and the profoundness of my Teleporter.
Not to say I would tear the fur from my body in case there were any security flaws that went over my head… The way I see it, the only people or animals that don’t make any mistakes are those that do not do anything!
I approached the check up with cautious optimism, but was still a bit nervous, as it was my first such experience. I did not have to do much during the audit, but my role and involvement tripled when it was time to improve the security of my creation.
I have inspected this paper from all angles and didn’t leave any page unturned in my quest to make the best out of the feedback I was provided with. Shoot! Avid readers don’t even know the result! I’ll fix this now, with a quote straight from the report…
“The tested smart contract code rating is 98%, which is above the industry standard of 95%.”
There were 4 medium importance issues. ‘Medium’ stands for issues that require a fix but do not pose a threat that are practical to exploitation. In simple words, it’s about some fairly cosmetic changes, non-critical advice on how to make it all better.
I am hungry for tips, and I stack them up like nobody’s business. So I have acknowledged these issues and will learn from them in the future. Suffice to say, the security of the contract is way above the satisfactory level.
This is the only thing that matters to me in the context of this audit. If you would like to take a good look with your very own eyes, I will fully support you and even provide you with a direct link!
Have at it, boys and girls! I’ll see you in a bit, lots of things to do!
Scotty over and out…