/Smart-contract-Auditing-Methodology-mindmap

This repository contains a mindmap on smart contract auditing methodology and different steps in how to audit a smart contract.

Smart-contract-Auditing-Methodology-mindmap

Untitled

Mindmap Link: https://xmind.works/share/LoZXVn0y

1. Information Gathering:

  1. It involves reading Technical documentation about the project.
  2. Understanding What project wants to deliver
  3. Any undocumented features
  4. Whitepaper of Projects

2. Understanding the Code:

  1. Read the Code line by line
  2. Understand the core logic of Contracts.
  3. Detailed business logic review and smart contract architecture
  4. Access control map, Fund flow map

3. Static analysis by automated tools.

  1. Mythx
  2. Slither
  3. Mythril
  4. Manticore
  5. Manually Verify the result as these tools generate lots of false positives.

4. Test against the standard list of vulnerabilities.

  1. SWC Registry
  2. Solidity Attack Vectors
  3. List-of-Security-Vulnerabilities

5. Functional Testing:

  1. Running unit tests provided by Auditee.
  2. Functional Testing for various edge case scenarios.
  3. Writing POCs for the manual findings:
    1. Hardhat
    2. Foundry
    3. Brownie
    4. Truffle
  4. Remix Deployment [Optional]
  5. Gas Optimizations Test Reports

6. Fuzz Testing

  1. Echidna
  2. Foundry Fuzz-Testing

7. Provide Recommendations and Generating Reports

  1. Provide Recommendations and fixes for Bugs.
  2. Audit report preparation and Final submission.