Key areas to focus on when auditing a smart contract:
Common errors including stack problems, compilation, and reentrance mistakes.
Smart contract host platform‘s known errors and security flaws
Break testing the smart contract (this includes simulating attacks on the contract)
Firstly, we check the smart contract code searching for technical coding problems, but on the other hand, we make sure that the smart contract logic makes sense with the documentation delivered by the client and that it is meaningful within the context. This is why we ask the customer to send us the documentation as detailed as possible, especially explaining the purpose of the code and its motivation behind. A clear documentation helps us in the whole security audit process and shortens unexpected delays.
Once we understand the code and its purpose, we start the code analysis:
A manual code review will involve the team examining each line of code in order to scrutinize it for compilation and re-entrance mistakes as well as security issues. Naturally, particular focus should be paid to identifying security issues as these are the biggest threat to the successful long-term implementation of your smart contract.
Automatic code analysis has the benefit of saving developers massive amounts of time when checking their code. Automatic analysis of code also allows for sophisticated penetration testing which helps find vulnerabilities extremely quickly.