|Project Name||Stars||Downloads||Repos Using This||Packages Using This||Most Recent Commit||Total Releases||Latest Release||Open Issues||License||Language|
|Audit Checklist||307||25 days ago||2|
|A Solidity smart contract auditing checklist|
|Security Checklist||34||7 years ago||mit|
|Web application security checklist|
|Drupal Performance Resources||30||7 years ago||4|
|A list of Drupal performance resources|
|🏔 Auditing templates used by Maintainer Mountaineer!|
In the last year, hundreds of millions of dollars worth of crypto have been lost by faulty smart contracts.
Beyond devastating those who lose funds, these blunders harm the ecosystem as a whole by signaling the immaturity of smart contracts and reinforcing people’s wariness. Better due diligence processes could’ve prevented many of the issues found, saving a ton of headaches, money, and stifled progress.
At CryptoFin, we’ve audited many production-ready Solidity contracts. We’ve compiled a list of common findings, and issues to watch out for when auditing a contract for a mainnet launch.
We hope this checklist is useful to the community and will raise the bar for contract quality!
These are basic checks to undertake with any contract. Our checklist reflects Solidity v0.4.24.
callcode, inline assembly)
We always check for code that will mitigate risk when (not if) a contract fails. When a contract doesn’t have this, it’s often a warning sign.
Auditing helps catch many bugs, but shouldn’t also be seen as a magic bullet. Your system still needs to handle failure gracefully.
When performing an audit, CryptoFin pays special attention to the these areas which require greater scrutiny, as they often add bugs.
Many of these checklist items are well-suited for a linter. We welcome any contributors who want to take a crack at it.