/Sparkware-audit-portfolio

Smart contract auditing portfolio

Primary LanguagePython

Please Book smart contract audits by filling out this form

Feel free to schedule a meeting

https://calendly.com/crypto-jeff/30min

and please fill out this google form

https://forms.gle/qaAm88y9ieTiXw1Q6

Web3: land of opportunity and risk

The field of web3 holds great promise, providing numerous opportunities for users to reclaim ownership of their assets and data. However, it is imperative to address the security challenges that come with it. We have seen several high-profile hacks that have impacted the web3 ecosystem, including the Robinhood bridge hack, which resulted in a loss of $6 billion, the Wormhole cross-chain bridge hack, which cost $3 billion, and various other security breaches that have forced protocol shutdowns. These hacks not only render crypto projects financially incapable of operating, but they also severely damage user trust in the system.

To illustrate the significance of the security risks, this year, Euler Finance, a lending protocol, suffered a $200 million hack and is still struggling to recover the lost funds. These incidents underscore the need for robust security measures in web3. The potential financial losses and damage to user trust from these security breaches cannot be overstated. Therefore, it is crucial to engage the services of experienced professionals, who can secure your smart contract and prevent such incidents from occurring.

Auditing

By taking a proactive approach to security, you can establish a strong foundation for your web3 project and ensure its long-term success. Sparkware Auditing is a group of a blockchain security researchers and smart contract auditors whose expertise has been tested in securing some of the largest web3 protocols, such as The Graph and the Optimism Layer 2 blockchain. Sparkware Auditing is a group of respected security researchers lead by Jeff, a white-hat hacker in Immunefi, as well as a senior auditor in Sherlock, an auditing and DeFi insurance platform. The auditing services use a bug bounty-based model, which means you only pay for bugs that are found, not the time it takes to find them. This approach incentivizes auditors to find as many bugs as possible, ensuring that the code is secure before it goes live.

Introduction:

Sparkware smart contract security auditing offers a unique approach to projects that differs from traditional methods. Price is charged based on the number of bugs found in the codebase, rather than an hourly or fixed rate. This means that the clients only pay for the results they receive and not for the time it takes me to find them. In this document, I will outline my process for determining pricing, and payment policies.

Pricing:

DM for inquiry are also welcome! We can customize our price module depends on the codebase complexity for clients!

We also support subscription model.

We will first also offer a free threat model analysis consulting service prior to formal auditing

About us:

Sparkware Auditing provides a unique and effective approach to auditing services. By charging based on the number of bugs found, my clients only pay for the results they receive, and my bug classification system ensures that issues are addressed in order of severity. My payment policies are fair and transparent, ensuring that clients receive the best value for their investment. I have audited some of the big protocols in the space, such as the graph protocol and optimism. My mission to secure smart contracts and eliminate bugs before they hit production.

Contact us today to learn more about my services and to schedule an audit of your system.

Book a private audit by filling out this form https://forms.gle/qaAm88y9ieTiXw1Q6

or reach out to ladboy233 on twitter

Or ladboy233#0859 from discord, my DM are open!

Public bounty and audit report

Public Audit Contest Portfolio

Here is the updated table with the contest results:

Contest Date Keywords Rank Report
Chainlink July 2024 Bridge, Cross-chain 7 Link
Taiko March 2024 L1 / L2, Infra 6 Link
Init Capital January 2024 Defi Lending 2 Link
Superform December 2023 Bridge, yield vault 1 Link
Particle Leverage AMM December 2023 Leverage Trading 3 Link
Init Captial December 2023 Lending 3 Link
Beta finance November 2023 Lending 1 Link
Brahma October 2023 Wallet 3 Link
Delegate September 2023 NFT 1 Link
Canto veRWA August 2023 Defi, RWA 1 Link
[Confidential] August 2023 Independent Project N/A NA
Arcade July 2023 Governance, NFT 3 Link
Bond option July 2023 Option Trading 1 Link
Dinari July 2023 Defi, Stock Trading 1 Link
Base June 2023 Bridge 2 Link
Confidential April 2023 Immunefi N/A Link
Notional V3 March 2023 Lending 4th Link
Optimism bedrock fix March 2023 Bridge 4th Link
Optimism bedrock February 2023 Bridge 12th Link
OpenQ February 2023 Decentralized Bounty 5th Link
Ajna January 2023 Lending 5th Link
UXD Protocol January 2023 Bridge, Defi 3rd Link
Numoen January 2023 Defi 3rd Link
Lyra finance December 2022 Perpeutual Trading 4th Link
GoGo Pool December 2022 Liquid Staking 3rd Link
Dodo finance November 2022 AMM, Trading 1st Link
Sense finance November 2022 yield 2nd Link
Holograph October 2022 Bridge, Defi 5th Link
Mycelium October 2022 Defi 1st Link
Notional Finance October 2022 Lending 4th Link
Graph Protocol L2 Bridge October 2022 Bridge 2nd Link
Confidential September 2022 Immunefi N/A Link

Security review process guide

Questions to project

  1. What is the clear scope (.sol files) of the security review?
  2. Does the project have well written specifications & code documentation?
  3. What is the code coverage percentage?
  4. Are there any protocols that are similar to yours, which are they?
  5. Have you had any audits so far, are you planning to do other audits/security programs as well?
  6. Which chain the protocol will be deployed on?
  7. What kind of token the protocol is expected to support?
  8. Is the admin role privilege consider as trusted or restricted?
  9. Is the code/contract expected to comply with any EIPs?

Based on the answers we can discuss the effort needed, the payment amount, and the timeline.

Security review result & fixes review

After the agreed upon time has passed, the project will receive the security review report. The project has 14 days to apply fixes on issues found. Each issues should be fixed in a separate commit that has a message pointing to the issue being fixed. Then, a single iteration of a "fixes review" will be executed by me, free of additional charges, to verify your fixes are correct and secure.

Important notes for the fixes review

  • for any questions or clarifications on the vulnerabilities/recommendations in the report, you can reach out to me on the intended channel of communication
  • changes to be reviewed should not include anything else other than fixes for the reported issues, so no big refactorings, new features or architectural changes
  • in the case that fixes are too difficult to implement or more than one iteration of reviews is needed then this is a special case that can be discussed independently of this review

Disclaimer

A smart contract security review can never verify the complete absence of vulnerabilities. This is a time, resource and expertise bound effort where I try to find as many vulnerabilities as possible. I can not guarantee 100% security after the review or if even the review will find any problems with your smart contracts.